[mdlug] home hosting
Dave Arbogast
mdlug3 at arb.net
Tue Apr 8 00:52:28 EDT 2008
Aaron Kulkis wrote:
>Dave Arbogast wrote:
>
>
>>Ingles, Raymond wrote:
>>
>>
>>
>>>>From: Dave Arbogast
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>>Be sure in any case ssh is block for root - use su to get to root when
>>>>you need it.
>>>>
>>>>
>>>>
>>>>
>>>Move SSH to a nonstandard port. This will drastically limit your exposure to
>>>automated hack attempts. You could also use my "Ostiary" program to selectively
>>>allow SSH access, but depending on what you're doing that may be overkill.
>>>
>>>Sincerely,
>>>
>>>Ray Ingles (313) 227-2317
>>>
>>>
>>>
>>Great catch Ray - I moved mine to 443 years ago so I could access it
>>through every corporate firewall I've been proxied through. (plus no
>>root directly)
>>
>>
>
>Was 443 random, or was there a particular reason for putting
>it on that port?
>
>
>
Not random at all. I wanted to be able to tunnel my own traffic through
corp FW in order to do my job of security work. It give me an outside
host with a view of their network from the outside w/o filters. The port
was picked because I have yet to see any fortune 50 company block port
443 ( https ) for users with internet WEB access. Since the traffic is
encrypted, their IPS / IDS devices can't see it is ssh rather than https
- at least so far ;-)
-dave
More information about the mdlug
mailing list