Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 3 Oct 2009 14:18:30 +0200
From:      olli hauer <ohauer@gmx.de>
To:        des@des.no, smithi@nimnet.asn.au
Cc:        freebsd-security@freebsd.org
Subject:   Re: openssh concerns
Message-ID:  <20091003121830.GA15170@sorry.mine.nu>

next in thread | raw e-mail | index | archive | help
>> http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
>> provides a 
>> reasonably useful list of ports NOT to choose for an obscure ssh
>> port.
>
> In practice, you have no choice but to use someting like 443 or 8080,
> because corporate firewalls often block everything but a small number
> of
> ports (usually 20, 22, 80, 443, 8080, and odds are that 20, 80 and
> 8080
> go through a transparent proxy)

This may work if the firewall does only port and no additional protocol
filtering. For many products used in corporate envirion it is even
possible to filter ssh v1, skype, stunnel, openvpn with a verry high
success rate within the first packet's on the wire.

In case for the ssh server take a look into this parameters
- LoginGraceTime
- MaxAuthTries
- MaxSessions
- MaxStartups


--
olli




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091003121830.GA15170>