Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: 1 [2]

Author Topic: IP Assignment Best Practices  (Read 11855 times)

snarked

  • Hero Member
  • *****
  • Posts: 757
Re: IP Assignment Best Practices
« Reply #15 on: January 26, 2010, 08:12:30 PM »

Re - Reply 11:

The point to hiding the SSH listening port (whatever it's assigned to) is to make it difficult for hackers to find it - especially when the default action for ports not used is a TCP tarpit.  The point is that to the casual user, it looks as if the service isn't even there.

Such doesn't give "control" of the firewall to unknowns.  In fact, it is implemented in a way where the firewall rules themselves (other than their hit counters) never change.

Nowhere did I suggest that normal SSH security precautions should be lowered.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: IP Assignment Best Practices
« Reply #16 on: January 26, 2010, 08:21:56 PM »

Such doesn't give "control" of the firewall to unknowns.  In fact, it is implemented in a way where the firewall rules themselves (other than their hit counters) never change.

Yes - port knocking is not harmful - but fail2ban can be.

One of the best things about moving to IPv6 is that the standard portscan tools will simply no longer work - even at 4 billion IP addresses a second it would take them 2.512 trillion billion years to scan the available range - 136 years just to scan a single /64! ;D
Logged
Pages: 1 [2]