IPChains question (SOLVED)

Christoph Doerbeck A242369 cdoerbec at cso.fmr.com
Mon May 15 09:43:03 EDT 2000


Mike Bilow wrote:
> Actually, ssh usually exchanges periodic "keepalive" packets to detect if
> the other end has gone away.  If the ipchains timeout is set long enough,
> the ssh keepalive packets should prevent a timeout even if nothing happens
> in the tail or top windows.
> 

Perhaps someone else can elaborate even further on this, but I've been reading
up on "port hijacking".  Apparently, after a TCP connection completes, the
port remains open for a timeout-period during which, an intruder can exploit
various attacks to gain access or execute DOS (Denial of Service).

At any rate, to my understanding one of the DNS exploits is based on this.

I would think that making your gloabal timeouts larger is counter productive
and it might be wiser to shorten the SSH keep-alive heartbeats...

Comments?  Or am I completely off base...

- Christoph


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list