Loading ...
Sorry, an error occurred while loading the content.

Re: [linuxham] A tool to stop hackers

Expand Messages
  • Holger Schurig
    I m not suggesting it. I described that I use it. And I have to use it because sometimes I need to access my computer from a customers site. Some corporate
    Message 1 of 20 , Oct 1, 2012
    • 0 Attachment
      I'm not "suggesting" it. I described that I use it. And I have to use it because sometimes I need to access my computer from a customers site. Some corporate customers have strict requirements, e.g. I cannot attach my own laptop to their network. And in some warehouses I can't use GSM.

      So I need to use what it's there. Putty is already there, but no way would I install my private key onto a customers desktop. So for me the answer is port-knocking to hide SSH, and SSH with normal password encryption to access it.

      Simply changing the port number of SSH is in my opinion silly. Standard port detection tools like nmap don't get fooled by this.

      Your mileage (usage scenario) may vary. And then your solution varies.



      (Internal I use ssh-keyfile-login, so that I don't have to type in the password all the time).
    • sonick55
      every bit of obfuscation can help. security has no panacea, it is layered. I would never change the port number in an enterprise access situation, but for
      Message 2 of 20 , Oct 1, 2012
      • 0 Attachment
        every bit of obfuscation can help. security has no panacea, it is layered.

        I would never change the port number in an enterprise access situation, but for coming in via the front door, it couldn't hurt.

        Sure, nmap will recognize it, but most people still don't scan higher than port 1024.

        layers layers layers, every little bit helps a little bit

        --- In linuxham@yahoogroups.com, Holger Schurig <holgerschurig@...> wrote:
        >
        > I'm not "suggesting" it. I described that I use it. And I have to use it
        > because sometimes I need to access my computer from a customers site. Some
        > corporate customers have strict requirements, e.g. I cannot attach my own
        > laptop to their network. And in some warehouses I can't use GSM.
        >
        > So I need to use what it's there. Putty is already there, but no way would
        > I install my private key onto a customers desktop. So for me the answer is
        > port-knocking to hide SSH, and SSH with normal password encryption to
        > access it.
        >
        > Simply changing the port number of SSH is in my opinion silly. Standard
        > port detection tools like nmap don't get fooled by this.
        >
        > Your mileage (usage scenario) may vary. And then your solution varies.
        >
        >
        >
        > (Internal I use ssh-keyfile-login, so that I don't have to type in the
        > password all the time).
        >
      • Dave B
        Hi. I knew the info was available... Take a look here. http://www.grc.com/nat/nat.htm and... http://www.grc.com/nat/nats.htm If you have family etc using your
        Message 3 of 20 , Oct 3, 2012
        • 0 Attachment
          Hi.

          I knew the info was available...

          Take a look here.

          http://www.grc.com/nat/nat.htm

          and...

          http://www.grc.com/nat/nats.htm

          If you have family etc using your home LAN, but wish to isolate yourself
          from their machines. That last second NAT router, could in essance be
          your "high value" machine's own internal firewall, at a pinch, if you
          have such a tool installed, or provided with the OS.

          73.

          Dave G0WBX.
        Your message has been successfully submitted and would be delivered to recipients shortly.