[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh to NATed box fails

On Thu, Jan 01, 2004 at 09:42:09PM +0000, Adam Barton wrote:
> What would do in this case, is, rather than forwarding port 22 to port 
> 22 on an internal host, do say forward 10001 to internalhost1, 10002 to 
> internalhost2 etc. as required instead. Then leave 22 open for 
> connections to the box itself or block it off completely with an 
> iptables rule.
> At least then a script kiddy won't simply find port 22 open and start to 
> bruteforce your ssh password. He has to scan higher than normal to find 
> your SSH which he/she is less likely to do.

This is a ``security by obscurity''; a naive approach that works by
giving you a warm fuzzy feeling that you've done your homework, which
lessens your alertness, so you won't ever notice the intruders.

Jan Minar                      "Please don't CC me, I'm subscribed." x 4

Attachment: pgpdd5xoGBCRS.pgp
Description: PGP signature

Reply to: