Hi,
ssh will encrypt all your communication with a remote computer.
For instance it takes off on rlogin,telnet etc.. and adds security,
by encrypting everything just before the data is pushed into the
tcp/ip stack and decrypting it when it is popped off the recipients
stack.
Now if you want to block somebody's ip add off , you can
use a firewall like squid etc..., in case any port scanning software
is used nothing will show up ,the firewall will block out the reply.
&&) If you have a permanent ip address, only then does it make
sense to take a lot of precautions( the servers are the focal points of lots
of things). If it's a dialup connection,
John Wiley (hack) will have no clue to your ip address. As for
capturing packets, there's no garuntee that any two packets will
take the same route in a packet switched network.
As a peer ,you have the same potential to receive requests for
information as any other machine. Usually you'll have to be
running some kind of server software(old ver sendmail perhaps!)
but under the right set of circumstances your machine is
vulnerable
Bye
Kaushik
"What's money? A man is a success if he gets up in the morning and goes to
bed at night and in between does what he wants to do."
-- Bob Dylan
From: Ankur Agrawal <[EMAIL PROTECTED]>
Date: Thursday, August 10, 2000 12:51 AM
>If I understand it correctly, the only way this Wiley guy can break in is
by
>cracking the encryption, right ?
>And he can't expect to do it in less than a couple of days,if not weeks or
>months, with the curent key lengths and processing power.
>But are there other holes opened up because the firewall has a port open
for
>ssh ?
>I mean, while that port is not being used by ssh, can somebody use this
port
>to try and get access to a machine inside the firewall ?
>
>dialling in is not really an option for me, as I use DSL at home.
>
>Ankur
>
>> -----Original Message-----
>> From: Sudhakar Chandra [mailto:[EMAIL PROTECTED]]
>> Sent: Wednesday, August 09, 2000 11:29 AM
>> To: [EMAIL PROTECTED]
>> Subject: Re: [LIH] need ssh info
>>
>>
>> Ankur Agrawal proclaimed:
>> > my company's sysadmin is reluctant to give me ssh access to
>> the LAN from
>> > outside.
>> > I read somewhere that ssh is safer compared to dial-in, for
>> accessing
>> > machines inside a firewall from the outside world.
>> > Would anyone know of any specific site/article that talks about it ?
>>
>> Actually, IMO, the safest way to access machines behind the
>> firewall is by
>> dialling into a modem rack behind the firewall. That way, you have a
>> dedicated connection between your machine and the machine you
>> are dialling
>> into. Someone would have to have physical access to the
>> phone loop between
>> you and the remote machine to break in.
>>
>> ssh is pretty safe. But the problem is when you ssh into a
>> machine behind
>> the firewall (or the actual firewall itself), the packets flow through
>> various machines on the open internet. J. Wiley Cracker could,
>> theoretically, sniff your packets passing through his machine
>> and break
>> in. It is possible, but IMO, rare at the moment.
>>
>> Thaths
>> --
>> Homer: Mel Gibson is just a guy Marge, no different than me or Lenny.
>> Marge: Were you or Lenny ever named Sexiest Man Alive?
>> Homer: Hmmm, I'm not certain about Lenny ...
>> Sudhakar C13n http://www.aunet.org/thaths/ Lead Indentured Slave
>>
>> ----------------------------------------------
>> An alpha version of a web based tool to manage
>> your subscription with this mailing list is at
>> http://lists.linux-india.org/cgi-bin/mj_wwwusr
>>
>
>----------------------------------------------
>Find out more about this and other Linux India
>mailing lists at http://lists.linux-india.org/
>
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
