[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Port forwarding OpenSSH: firewalled box open to non-ssh exploits?

On Fri, Feb 16, 2001 at 12:19:49PM -0600, Robert Guthrie wrote:
> My question is simple: will forwarding that one port...
> 1. Work at all?  sshd should respond to the incomming connection on a port 
> above 1023, right?

Yup.


> 2. Open up my server to exploits of other services running on it (samba, nfs, 
> apache, etc...)?  Since the packets are going to be allowed on to my private 
> network, will that expose me attacks that somehow ride in over the forwarded 
> sshd port?

No -- unless there is some kind of weird TCP/IP stack vulnerability
found in the OS OR there is a hole found in sshd you should be ok.

I wouldn't want to bet my life that neither of those will happen though.  :P

My first choice would be to upgrade that firewall to a Pentium, in which
case you would probably be OK without doing any port forwarding.  (In
fact you might be ok with the 486... I'd try that out first before
taking other measures.)

-- 

Jim B.
vader@conflict.net
Reply to: