Re: dyndns and the last hop - trying to set up ssh access to amachine on my LAN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Gene Heskett" <gene.heskett@xxxxxxxxxxx>

On Saturday 25 November 2006 02:38, Claude Jones wrote:
My scenario:
I'm on Verizon DSL using a Westell DSL modem which is configured in
'bridge' mode
Behind that is a Linksys WRT54G which is getting a dynamically assigned
IP address from Verizon
Behind the Linksys is my home LAN

I want to have ssh access to my Linux box from the outside

I went to dyndns and set up an account, and that seems to be working
If I ping the address I gave myself, it resolves to the correct IP
address which is the dynamic IP assigned to my Linksys router. I
discovered the ddns feature in the Linksys configuration and set that
up - it successfully contacted dyndns and dynamically updated my
correct IP address.

Now, I'm stuck. How to get that last hop from my Linksys to my machine
inside?

Presumably, there's some setting in the Linksys to allow SSH, and then,
I have to somehow route requests for SSH to my local machine. Can
someone help me on this? I noticed  when setting up my host in dyndns
that there was a wildcard setting, so I could set up a host, say
'claudejones.dyndns.org' and then, if wildcars were allowed, then
'computer1.claudejones.dns.org' could be resolved. Is this part of the
puzzle? Do I use my computer name in front of the host name I set up,
and allow wildcards in the dyndns configuration? Or is this all wrong?

See your linksys menu for port forwarding Claude, it s/b self explanatory from there. I'd also see how long it takes john the ripper to find your passwords. Make them difficult just for peace of mind. However I have no experience with dyndns so I won't advise on that.

Several thousand millennia good enough for you?

$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
 --rcheck --seconds 180 --hitcount 2 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
 --rcheck --seconds 180 --hitcount 2 -j REJECT --reject-with tcp-reset

Adapt it to your own firewall script for the machine receiving the
port 22 attacks. They get ONE chance every three minutes. A simple
eight character password is at least 64^8th possible passwords, if
you use eight characters. Figure it's a bit weak and only lower case
alphanumerics. That's still more than 10^12th possible passwords.
Suppose they get it in the first tenth of all tries. That's still
3 times 10^11th seconds, or over 9.5 millennia of guessing. They can
cut it down a little by using a large number of sites to attack
simultaneously. But that still leaves it at over a century to find
your password. Use that trick, relax, then go find your next
security hole.

{^_^}

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux