[Gllug] [Fwd: SSH Security Advisory: Centos (and other distros)]
Bruce Richardson
itsbruce at workshy.org
Wed Jul 8 09:23:45 UTC 2009
On Wed, Jul 08, 2009 at 10:11:07AM +0100, tid wrote:
> 2009/7/8 Hari Sekhon <hpsekhon at googlemail.com>:
>
> > Or port knocking or similar may be a better choice for the random src problem.
>
> I'm interested in port knocking: does anyone use it in anger? I've heard of a
> few people with home setups, but haven't ever seen it in a larger environment.
In the past I've put in port knocking solutions using knockd or the
iptables "recent" module (sometimes both, in a belt-and-braces
approach). Both work reliably; as long as you have something you can
point at arbitrary ports, that will connect in a predictable and
reliable manner (rather than launching multiple parallel connections in
an unpredictable order) and that you can kill reliably, then you're
fine.
--
Bruce
Explota!: miles de lemmings no pueden estar equivocados.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090708/a60fa576/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list