A friend is looking to remotely administer a UNIX box from anywhere in
the world. Webmin attracts him, but I'm not over keen on the idea of
having a program like that which runs as root open to the whole world.
It must be quite atractive to hackers if they find webmin running.
After thinking about it, I had this idea; How about making a stealth
firewall with ipfilter, that ignores all attempts to connect. The
firewall logs denied packets to a log file. The log file is parsed by a
program which will open the port used by webmin (say 54321) if and only if:
a) Someone tries to connect to port 1000
b) From the same IP next tried to connect to port 13233
c) From the same IP next tries to connect to port 3244
(or any other random combination of ports). Then and only then the
firewall is opened to the port with webmin running (54321).
So in order to access webmin, you would from your browser try:
http://www.somsite.com:1000 // ignored
http://www.somsite.com:13233 //ignored
http://www.somsite.com:3244 // now causes port 54321 to be opened
(telnet, https or similar at those ports would all work too).
and finally having detected the access to ports 1000, 13233, 3244 (in
that order), with the firewall now opening port 54321, one would
administer the site with:
https://www.somsite.com:54321
The probability of a hacker randomly scanning ports 1000, 13233, 3244
(in that order), then trying to connect to port 54321 must be very small
indeed.
Thoughts?
--
David Kirkby,
G8WRB
Please check out http://www.g8wrb.org/
of if you live in Essex http://www.southminster-branch-line.org.uk/
