[nflug] ssh time/warner
David J. Andruczyk
djandruczyk at yahoo.com
Wed Nov 14 19:16:34 EST 2007
use dynamic DNS and implement port-knocking.
Basicaly to a regular portscan ssh will appear closed,
but when you "knock" the right port/ports in sequence
the ssh port is opened for a short window to the IP
that "knocked" correctly.
It cuts down on ssh brute force attacks by 99.9995%
and you can use anything from a simple 1 port knock,
to exhorbitantly complex if you're the super paranoid
tin-foil-hat type.
google "port-knocking". there's integration for it as
well into shorewall, which makes it a snap to setup.
--- eric <eric at bootz.us> wrote:
> I'd like to cut down the possible network
> connections over the internet
> for access to a ssh server.
> I can't afford a static ip so I was wondering if
> anyone new the range of
> internet ip's handed out to users from time/warner
> ...I'm pretty sure my
> DNS servers are coming from Lackawana?
>
> Thanks in advance,
> Eric
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
-- David J. Andruczyk
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the nflug
mailing list