[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Port Knocking on openBSD?
Scenario: I need to be able to SSH into a box from anywhere in the world but not very often, a new exploit of SSH comes out. What's the better solution than port knocking to protect yourself from the exploit?
Just curious as it's interesting to think this stuff through and I'm not very knowledgable here.
Adam Skutt <email@example.com> wrote:
Magnus Bodin wrote:
> On Thu, Feb 05, 2004 at 05:58:09PM -0500, Rick Wash wrote:
> But if you don't want to expose any tcp-ports at all, that includes port 22 as
> well. And if you are on the move and cannot guarantee that ah/esp et al is even
> transported then one alternative is to hide.
Why should I care about exposed ports? Security arises not out of how
many ports are being shown or not shown, but rather how secure the
servicse behind them are. It doesn't matter if all my ports are open if
the services running them have no security flaws ( a pipe dream, but
illustrates the point).