[H-GEN] Re: Blocking SSH exploits

Nick Kwiatkowski nickolas at au1.ibm.com
Sun Aug 22 19:40:35 EDT 2004

Troy Piggins <troy at piggo.com> wrote on 23/08/2004 09:16:03 AM:

> If you want ssh available to the outside world, I guess you just
> have to ensure good username and password policies, and hope that
> openssh has no security leaks or exploits ...  and keep it up to
> date.

Interesting option is "port knocking" [1],[2], basically like the covert
spy, a series of knocks tells the computer to open a port. Benefit is that
the port is closed when it is not required, but you need to
implement/install the scripts to do at both end and ensure that they are
correctly done.


[1]  http://www.portknocking.org/
[2]  Article for and against.

Nickolas Kwiatkowski
IT Architect
Systems Engineering and Architecture (SEA)
Application Management Services
IBM Global Services
phone:  07 3887 6041,  mobile:  0412 121 276,  email:  nickolas at au1.ibm.com
"In the middle of difficulty lies opportunity" - Albert Einstein

More information about the General mailing list