• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IP Assignment Best Practices

Started by mrballcb, January 04, 2010, 07:31:53 PM

Previous topic - Next topic

snarked

Re - Reply 11:

The point to hiding the SSH listening port (whatever it's assigned to) is to make it difficult for hackers to find it - especially when the default action for ports not used is a TCP tarpit.  The point is that to the casual user, it looks as if the service isn't even there.

Such doesn't give "control" of the firewall to unknowns.  In fact, it is implemented in a way where the firewall rules themselves (other than their hit counters) never change.

Nowhere did I suggest that normal SSH security precautions should be lowered.

bombcar

Quote from: snarked on January 26, 2010, 08:12:30 PM
Such doesn't give "control" of the firewall to unknowns.  In fact, it is implemented in a way where the firewall rules themselves (other than their hit counters) never change.

Yes - port knocking is not harmful - but fail2ban can be.

One of the best things about moving to IPv6 is that the standard portscan tools will simply no longer work - even at 4 billion IP addresses a second it would take them 2.512 trillion billion years to scan the available range - 136 years just to scan a single /64! ;D