Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] DNS question about DNSENUM.PL



--On Wednesday, March 27, 2013 3:28 PM -0400 Bill Horne <bill at horne.net> 
wrote:

> When combined with port-knocking, having a non-standard port for a
> service like ssh
> is an effective means of preventing port-scanning attacks. It doesn't
> prevent an

It also makes you vulnerable to denial of service.

> in Exim4, but it
> _IS_ an effective tool when properly deployed.

I claim that obfuscation cannot be properly deployed. Obfuscation is 
wrapping a towel around your head and pretending that if you can't see the 
service then neither can anyone else.

Changing the port isn't giving your neighbor the key to your home. Keys are 
authentication tokens. The port is analogous to the keyway. Changing the 
port is the same as moving the keyway. The lock is still there and you 
still need the correct key; you've just moved it up or down from where it 
is normally located which is usually a convenient waist/elbow height.

The only security that you've added is that blind thieves are going to have 
a slightly harder time finding the keyway.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org