[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh to NATed box fails



On Thursday January  1 at 11:47pm
Jan Minar <Jan.Minar@seznam.cz> wrote:

> On Thu, Jan 01, 2004 at 09:42:09PM +0000, Adam Barton wrote:
> > What would do in this case, is, rather than forwarding port 22 to
> > port 22 on an internal host, do say forward 10001 to internalhost1,
> > 10002 to internalhost2 etc. as required instead. Then leave 22 open
> > for connections to the box itself or block it off completely with an
> > 
> > iptables rule.
> > 
> > At least then a script kiddy won't simply find port 22 open and
> > start to bruteforce your ssh password. He has to scan higher than
> > normal to find your SSH which he/she is less likely to do.
> 
> This is a ``security by obscurity''; a naive approach that works by
> giving you a warm fuzzy feeling that you've done your homework, which
> lessens your alertness, so you won't ever notice the intruders.

Plus, a quick nmap scan will discover the open ports pretty quickly.
-- 
-johann koenig
Now Playing: Goldfinger - The End Of The Day : Stomping Ground
Today is Sweetmorn, the 1st day of Chaos in the YOLD 3170
My public pgp key: http://mental-graffiti.com/pgp/johannkoenig.pgp

Attachment: pgp816yv4hAqK.pgp
Description: PGP signature


Reply to: