break-in attempt in my machine
Karl Auer
kauer at biplane.com.au
Sun Aug 28 05:35:13 UTC 2016
On Sat, 2016-08-27 at 21:15 -0700, Kevin O'Gorman wrote:
> I should add that I don't use the Linux configs to change the
> port. I do that in my router. It does NAT (network address
> translation) and sends particular incoming ports to different hosts,
> with a port change.
Defence in depth: Each system should protect itself first, and any
others downstream if it can. So by all means implement what you can in
your router. However, most people will not have routers that are able
to do much.
But also configure your internal systems to resist attack. Change the
ports on them, allow publickey access only etc. That way they resist
internal attacks, do not rely on the router, and will not be
defenceless if one day you make a mistake configuring your router.
Also, for IPv6, the router will probably NOT be doing NAT or port
forwarding, so your systems will not be getting even that meagre
"protection".
> Come to think of it, if I do port knocking
> I'll have to get the router involved in that
> as well or the knocks will never be seen.
With IPv6 they sure will... and those ssh script kiddies will have
DIRECT access to ssh unless you take steps. With IPv4 and port
forwarding, they effectively already do, so once again: Configure each
system to protect itself. It's not hard.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list