Re: ssh keyscanning!?

To: debian-security@lists.debian.org
Subject: Re: ssh keyscanning!?
From: Daniel Kobras <kobras@tat.physik.uni-tuebingen.de>
Date: Thu, 21 Mar 2002 13:00:51 +0100
Message-id: <[🔎] 20020321120050.GC5229@antares.tat.physik.uni-tuebingen.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20020321103102.GA7261@e-jorgensen.freeserve.co.uk>
References: <[🔎] 20020321103102.GA7261@e-jorgensen.freeserve.co.uk>

On Thu, Mar 21, 2002 at 10:31:02AM +0000, Karl E. Jorgensen wrote:
> The firewalling I have in place only allows incoming connections for
> ssh. UDP is locked down so only DNS works there. And by mistake (fixed now), 
> it also allowed incoming DHCP requests from the internet.

Careful here.  The first DHCP request from a freshly booted machine
doesn't carry a local IP address (but either 0.0.0.0 or random crap).
So make sure you don't filter by IP address, but by interface at most.

Daniel.

Reply to:

Follow-Ups:
- Re: ssh keyscanning!?
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>

References:
- ssh keyscanning!?
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>

Prev by Date: ssh keyscanning!?
Next by Date: Re: ssh keyscanning!?
Previous by thread: ssh keyscanning!?
Next by thread: Re: ssh keyscanning!?
Index(es):
- Date
- Thread