[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Custom Reload command/signal in upstart



On Aug 23, 2013, at 8:45 PM, James McCoy <jamessan@debian.org> wrote:
> 
>> On Fri, Aug 23, 2013 at 04:42:15PM -0400, John Paul Adrian Glaubitz wrote:
>> Imagine there is a vulnerability in SSH which has not been fixed
>> yet for whatever reason. Having SSH run in this situation all the
>> time would make the machine a target for possible attacks.
> 
> If all I have to do is make a connection to port 22 to start the
> service, which would happen as part of an attack anyway, then there's no
> added security provided by socket activation.

True. But you could have SSH listen on a different port to avoid such an attack, couldn't you?

Also, I remember there was a 'knockd', which would open the port for SSH when you send a certain sequence of packets to the host.

Cheers,

Adrian

Reply to: