Instead of leaving port 22 open to the world, wouldn't it be better to add a layer that would require a secret "knock" before you could even connect to port 22?
I know that after the last remote OpenSSH vulnerability, there were a few worms out and about. Port knocking would protect you from those worms and possibly some zero-day vulnerabilities.
I do realize that if someone really wants to get into YOUR system, they will probably be able to find a way. But if they are just looking for any system running SSH to exploit and you require a "knock" before you can connect through SSH, they will pass yours by looking for an easier target (one that appears to be running SSH.)
If you are using portknocking as your only defense, then you are as smart as dirt and deserve what's coming to you.
I think it fits in great as a layer of defense. Is there an easier way to weed out the attempts from all of those script kiddies and worms to get into certain services on your network?
...by using Eric Raymond's comparitor.
It would allow for disclosure of the "signature" of infringing code without disclosing the actualy code. Then kernel developers could look for similar signatures in the kernel tree.
Ever since I moved my parents over to Linux from Windows, the only tech support I give is for StarOffice functionality - instead of the OS crashing. It's great!!!
Remote admin'ing is very nice.
Now I just need to get my in-laws switched over. I finally got them off of AOL and Linux is the next step. For the time being, I had them install VNC so I don't have to do anything over the phone (unless they have a network problem)
I'm not trying to shift blame from the CEO, but I think it would be more likely to pin this one on some guy high up in the marketing dept. trying to kiss up to the CEO
Since most safes are designed to keep the temperature below that which will damage paper, I just uuencode all of my data and print it all up. Now I just need some more $$$ for a few more safes. (that paper really takes up a lot of space, maybe I should use BOTH sides of it.)
Come on, it's easy! Use a PKI certificate. Sure, PKI still has a ways to go, but it works great for encrypting e-mail. You and your friends can get free certificates here.
Netscape (on all platforms) and Outlook/outlook express already support PKI certificates for e-mail signing/encryption.
No special software, and it's easy to use for e-mail encryption!!!
I totally agree with the "Bullying doesn't cause killer kids" comment. When is it that people (especially parents) are going to start taking responsibility for their actions? It really irks me when people blame stuff like this on videogames, music, movies, etc...
There are many contributors to violence, bullying may be one of them, but true parenting can be a solution to all of them. Parents need to be involved in their childrens lives so that they can see the warning signs!
Slashdot Mirror
Does it work with lynx?
Instead of leaving port 22 open to the world, wouldn't it be better to add a layer that would require a secret "knock" before you could even connect to port 22?
I know that after the last remote OpenSSH vulnerability, there were a few worms out and about. Port knocking would protect you from those worms and possibly some zero-day vulnerabilities.
I do realize that if someone really wants to get into YOUR system, they will probably be able to find a way. But if they are just looking for any system running SSH to exploit and you require a "knock" before you can connect through SSH, they will pass yours by looking for an easier target (one that appears to be running SSH.)
If you are using portknocking as your only defense, then you are as smart as dirt and deserve what's coming to you.
I think it fits in great as a layer of defense.
Is there an easier way to weed out the attempts from all of those script kiddies and worms to get into certain services on your network?
In other news....
Microsoft has released a set of new updates.
...by using Eric Raymond's comparitor. It would allow for disclosure of the "signature" of infringing code without disclosing the actualy code. Then kernel developers could look for similar signatures in the kernel tree.
Yes, from the article:
...only about one-10,750th of the original carbon in ancient plant material actually ends up as oil...
Even better...
/dev/null 2> /dev/null`;
#!/usr/bin/perl
srand();
my @alpha = (a..z);
my @suffix = qw( com net );
$|=1;
my $i = 0;
while(1) {
my $length = int(rand(12)+4);
my $n = "";
$i++;
for (0..$length) {
$n.=$alpha[int(rand(26))];
}
my $s = $suffix[int(rand(2))];
$l = `lynx -useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" --source http://www.$n.$s >
print $l;
print "$i\twww.$n.$s\n";
}
I think he means that a lot of people WANT ocean-front homes, but few are SOLD. He's just trying to apply his logic in a wierd way.
Ahoy Matey! Let us go get some ocean-front homes!
....your life are belong to us.
Ever since I moved my parents over to Linux from Windows, the only tech support I give is for StarOffice functionality - instead of the OS crashing. It's great!!!
Remote admin'ing is very nice.
Now I just need to get my in-laws switched over. I finally got them off of AOL and Linux is the next step. For the time being, I had them install VNC so I don't have to do anything over the phone (unless they have a network problem)
anybody with this much time to waste on a project HAS to be an emacs user...
what good is the keyboard if you can't backapspce? the user must be a bpretyt damn good typist.
(or maybe I'm just a really poor typist)
I'm not trying to shift blame from the CEO, but I think it would be more likely to pin this one on some guy high up in the marketing dept. trying to kiss up to the CEO
Since most safes are designed to keep the temperature below that which will damage paper, I just uuencode all of my data and print it all up. Now I just need some more $$$ for a few more safes. (that paper really takes up a lot of space, maybe I should use BOTH sides of it.)
hmmmm....I thought that it's all ball bearings nowadays.
There was also a URL in there:
www.qwest.com/cpni
Come on, it's easy! Use a PKI certificate. Sure, PKI still has a ways to go, but it works great for encrypting e-mail. You and your friends can get free certificates here.
Netscape (on all platforms) and Outlook/outlook express already support PKI certificates for e-mail signing/encryption.
No special software, and it's easy to use for e-mail encryption!!!I totally agree with the "Bullying doesn't cause killer kids" comment. When is it that people (especially parents) are going to start taking responsibility for their actions? It really irks me when people blame stuff like this on videogames, music, movies, etc... There are many contributors to violence, bullying may be one of them, but true parenting can be a solution to all of them. Parents need to be involved in their childrens lives so that they can see the warning signs!