[86763] in North American Network Operators' Group
Re: a record?
daemon@ATHENA.MIT.EDU (Patrick Lynchehaun)
Wed Nov 16 07:52:21 2005
Date: Wed, 16 Nov 2005 12:52:36 -0000
From: "Patrick Lynchehaun" <plynchehaun@servecentric.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format.
------_=_NextPart_001_01C5EAAC.9E73DAB6
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
> In Iptables you can keep port 22 closed until needed, opening it first =
by telneting to a higher port say 5500 and Iptables just giving access =
to this ip. If you want to close it again you can telnet back in on =
another assigned port say 5501, thus closing ssh port to that ip.
>=20
>=20
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 =
-m recent --rcheck --name SSH -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5500 =
-m recent --name SSH --set -j DROP
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5501 =
-m recent --name SSH --remove -j DROP
>=20
> Thanks,
> Patrick.
>=20
> >> Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
> >
> >don't do that! Lots of (access) isps around the world (esp here in
> >Europe) block those ports
>=20
> If you're going to move sshd somewhere else, port 443 is a fine
> choice. Rarely blocked, rarely probed by ssh kiddies. It's probed
> all the time by malicious web spiders, but since you're not a web
> server, you don't care.
>=20
> R's,
> John
This e-mail contains confidential information or information belonging
to Servecentric Ltd and is intended solely for the addressee(s). The
unauthorized disclosure, use, dissemination or copy (either in whole or
in part) of this e-mail, or any information it contains, is prohibited.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of Servecentric Ltd. E-mails are
susceptible to alteration and their integrity cannot be guaranteed.
Servecentric shall not be liable for the contents of this e-mail if
modified or falsified. If you are not the intended recipient of this
e-mail, please delete it immediately from your system and notify the
sender of the wrong delivery and of the email's deletion.
------_=_NextPart_001_01C5EAAC.9E73DAB6
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.6944.0">
<TITLE>Re: a record?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>
<UL>
<P><FONT SIZE=3D2 FACE=3D"Courier New">In Iptables you can keep port 22 =
closed until needed, opening it first by telneting to a higher port say =
5500 and Iptables just giving access to this ip. If you want to close it =
again you can telnet back in on another assigned port say 5501, thus =
closing ssh port to that ip.</FONT></P>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Courier New">-A RH-Firewall-1-INPUT -m state =
--state NEW -m tcp -p tcp --dport 22 -m recent --rcheck --name SSH -j =
ACCEPT</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">-A RH-Firewall-1-INPUT -m state =
--state NEW -m tcp -p tcp --dport 5500 -m recent --name SSH --set -j =
DROP</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">-A RH-Firewall-1-INPUT -m state =
--state NEW -m tcp -p tcp --dport 5501 -m recent --name SSH --remove -j =
DROP</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">Thanks,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New"> =
Patrick.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">>> Moving sshd from port 22 =
to port 137, 138 or 139. Nasty eh?</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">></FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">>don't do that! Lots of =
(access) isps around the world (esp here in</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">>Europe) block those =
ports</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">If you're going to move sshd =
somewhere else, port 443 is a fine</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">choice. Rarely blocked, =
rarely probed by ssh kiddies. It's probed</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">all the time by malicious web =
spiders, but since you're not a web</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">server, you don't care.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">R's,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">John</FONT>
</P>
</UL>
</BODY>
<!--[object_id=3D#servecentric.com#]--><P align=3Dleft><FONT =
face=3DTahoma color=3D#0000ff size=3D1>This e-mail contains confidential =
information or information belonging<BR>to Servecentric Ltd and is =
intended solely for the addressee(s). The<BR>unauthorized disclosure, =
use, dissemination or copy (either in whole or<BR>in part) of this =
e-mail, or any information it contains, is prohibited.<BR>Any views or =
opinions presented are solely those of the author and do<BR>not =
necessarily represent those of Servecentric Ltd. E-mails =
are<BR>susceptible to alteration and their integrity cannot be =
guaranteed.<BR>Servecentric shall not be liable for the contents of this =
e-mail if<BR>modified or falsified. If you are not the intended =
recipient of this<BR>e-mail, please delete it immediately from your =
system and notify the<BR>sender of the wrong delivery and of the email's =
deletion.</FONT></P></HTML>
------_=_NextPart_001_01C5EAAC.9E73DAB6--
