 |
 |
|
|
|
|
Welcome to the { mindfrost82.com } forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
07-27-2008, 05:14 PM
|
|||
|
|||
|
Re: SSHD: Limit login attempt rate
On Fri, 25 Jul 2008 05:45:08 -0700, bmearns wrote:
> This is > also my main reason for not moving the server to another port: I need to > be able to access it from a handful of networks that lock down all but > standard ports (i.e., from within these networks, you can't connect to > remote hosts on ports other than, say, 80, 8080, 22, and maybe a few > others), so I'm not clear on how port knocking would be any different in > this aspect? There are some fun variations on port knocking. For example, what about a login-protected https:// URL? A connection there causes the iptables entry that opens the port to the transmitting URL. The down side is that a forced web proxy can mess with this, esp. if the sender is in RFC1918 address space. Another is eavesdropping (via logging to syslog which is directed to a pipe that a daemon is reading) on the query stream of a DNS server. The proper query from a given IP opens SSH access to that IP. This only works if the sending computer is permitted to make DNS requests directly (as opposed to via separate resolvers). - Andrew 
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
