Topic: IP Assignment Best Practices (Read 14886 times)

snarked · « **Reply #15 on:** January 26, 2010, 08:12:30 PM »

Re - Reply 11:

The point to hiding the SSH listening port (whatever it's assigned to) is to make it difficult for hackers to find it - especially when the default action for ports not used is a TCP tarpit. The point is that to the casual user, it looks as if the service isn't even there.

Such doesn't give "control" of the firewall to unknowns. In fact, it is implemented in a way where the firewall rules themselves (other than their hit counters) never change.

Nowhere did I suggest that normal SSH security precautions should be lowered.

bombcar · « **Reply #16 on:** January 26, 2010, 08:21:56 PM »

Quote from: snarked on January 26, 2010, 08:12:30 PM

Such doesn't give "control" of the firewall to unknowns. In fact, it is implemented in a way where the firewall rules themselves (other than their hit counters) never change.

Yes - port knocking is not harmful - but fail2ban can be.

One of the best things about moving to IPv6 is that the standard portscan tools will simply no longer work - even at 4 billion IP addresses a second it would take them 2.512 trillion billion years to scan the available range - 136 years just to scan a single /64!

News:

Author Topic: IP Assignment Best Practices (Read 14886 times)

snarked

Re: IP Assignment Best Practices

bombcar

Re: IP Assignment Best Practices