Re: Remote administration of a machine behind NAT - VM for support
Am Freitag, 19. September 2008 16:24:32 schrieb Andrei Popescu:
> On Fri,19.Sep.08, 16:17:11, Dexter Filmore wrote:
> > Extra paranoia: forward a different port than 22, lets say 2222(inet) to
> > 22 (lan/vm) and conf the client script to connect to that port. reduces
> > port 22 attacks a great deal.
>
> Security by obscurity, but what the heck... (I was already doing this)
Well.. it's still an ssh port... but employing security by obscurity knowing
it will only fence of those dumb enough to fall for mechanisms as simple as
obfusction is justified in my opinion.
If that doesn't feel right enough, regard it a "unwanted incoming traffic
reduction measure" which it sure it ;)
>
> > Port knocking perhaps?
>
> Investigating. Seems very good for my purpose.
I'm still searching for a way to knock ports from any mobile so I don't need
to have a computer with my favorite knocking client around...
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d--(+)@ s-:+ a C++++ UL++ P+>++ L+++>++++ E-- W++ N o? K-
w--(---) !O M+ V- PS+ PE Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@
b++(+++) DI+++ D- G++ e* h>++ r* y?
------END GEEK CODE BLOCK------
http://www.vorratsdatenspeicherung.de
Reply to: