Re: Port forwarding OpenSSH: firewalled box open to non-ssh exploits?
On Fri, Feb 16, 2001 at 12:19:49PM -0600, Robert Guthrie wrote:
> My question is simple: will forwarding that one port...
> 1. Work at all? sshd should respond to the incomming connection on a port
> above 1023, right?
Yup.
> 2. Open up my server to exploits of other services running on it (samba, nfs,
> apache, etc...)? Since the packets are going to be allowed on to my private
> network, will that expose me attacks that somehow ride in over the forwarded
> sshd port?
No -- unless there is some kind of weird TCP/IP stack vulnerability
found in the OS OR there is a hole found in sshd you should be ok.
I wouldn't want to bet my life that neither of those will happen though. :P
My first choice would be to upgrade that firewall to a Pentium, in which
case you would probably be OK without doing any port forwarding. (In
fact you might be ok with the 486... I'd try that out first before
taking other measures.)
--
Jim B.
vader@conflict.net
Reply to: