break-in attempt in my machine
Kevin O'Gorman
kogorman at gmail.com
Sun Aug 28 21:06:45 UTC 2016
On Sat, Aug 27, 2016 at 10:35 PM, Karl Auer <kauer at biplane.com.au> wrote:
> On Sat, 2016-08-27 at 21:15 -0700, Kevin O'Gorman wrote:
> > I should add that I don't use the Linux configs to change the
> > port. I do that in my router. It does NAT (network address
> > translation) and sends particular incoming ports to different hosts,
> > with a port change.
>
> Defence in depth: Each system should protect itself first, and any
> others downstream if it can. So by all means implement what you can in
> your router. However, most people will not have routers that are able
> to do much.
>
> But also configure your internal systems to resist attack. Change the
> ports on them, allow publickey access only etc. That way they resist
> internal attacks, do not rely on the router, and will not be
> defenceless if one day you make a mistake configuring your router.
>
Of course. That's why I disable password logins, which would be enough by
itself in a perfect world.
> Also, for IPv6, the router will probably NOT be doing NAT or port
> forwarding, so your systems will not be getting even that meagre
> "protection".
>
> > Come to think of it, if I do port knocking
> > I'll have to get the router involved in that
> > as well or the knocks will never be seen.
>
> With IPv6 they sure will... and those ssh script kiddies will have
> DIRECT access to ssh unless you take steps. With IPv4 and port
> forwarding, they effectively already do, so once again: Configure each
> system to protect itself. It's not hard.
>
>
I wasn't going to worry about IPv6 until my ISP starts handling IPv6
packets. Come to think of it, I don't think my router handles them either.
> Regards, K.
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
>
> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/ubuntu-users
>
--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb)) /* Shakespeare */
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160828/c3754a42/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 441 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160828/c3754a42/attachment.gif>
More information about the ubuntu-users
mailing list