Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPChains question (SOLVED)

Mike Bilow wrote:
> I would not want to say that anything is completely safe, but I would
> expect that ssh is among the least likely services to be compromised in
> this way.  Once the channel is opened, all of the data is handled using a
> cryptographic exchange that would guarantee authentication.  Even if the
> circuit could be intercepted, ssh would not allow a third party to conduct
> a man-in-the-middle attack.  Also, ssh has some protection against an
> attack being conducted during the negotiation of the inital exchange, if
> the hosts have ever exchanged keys before.

I would agree that SSH is designed and engineered to be "safe", but my
original point was that by changing the firewall's IPCHAIN timeouts, you
are setting global values, not just those for SSH.  This could make
other port services masquaraded on the FW more vulnerable (T/F)?

- Christoph

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /