Rob0 thanks for the notes. First goes first... I have seen a version of ssh somewhere couple years ago that used some kind of FTP over udp on port 22. I do not remember the details but it was there and worked for good and bad. Mosh works on other ports then 22 so this rules is not for mosh. Probably the version I have seen was self compiled one which was never released to the public or to anyone except a specific group of sys admins. I believe that it shouldn't be allowed(22 udp) on systems since it's an open port waiting for smugglers to smuggle things in and out of the network pretending to be 22 by the naked admin eyes And... it's not such a big issue to write an sftp service or an nrpe like service that will utilize this port for smuggling things. Leaving ssh the main subject aside, most of the Bittorent world is utilizing UTP which is a protocol over udp which uses couple very nice FW holes or piercing like the one that was mentioned. The most used one is ESTABLISHED,RELATED which the bittorrent users use to "open" a fake connection from the inside out and using aa coordinator both peers are 'piercing' the FW each of them from his side. I can demonstrate if required but I believe it's a known enough issue in this area of the Internet so I wouldn't be needed to dirty my hands coding such a thing. Eliezer * let me know if I missed something. ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of /dev/rob0 Sent: Saturday, December 10, 2016 5:12 PM To: netfilter@xxxxxxxxxxxxxxx Subject: Re: basic understanding of iptables - some questions [ top-posting fixed ] > Pascal Hambourg: > Le 20/11/2016 à 21:45, Lentes, Bernd a écrit : > > > > Chain ufw-user-input (1 references) > > pkts bytes target prot opt in out source destination > > 41587 1849K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 > > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 > > Silly. SSH does not use UDP. On Sat, Dec 10, 2016 at 10:43:47AM +0200, Eliezer Croitoru wrote: > It's not silly that ssh uses UDP since there are implementations of > SSH which utilizes UDP.... This post made me curious. Clearly in the case of the OP, Pascal is correct; we can see the counters on the udp/22 rule above. I did a bit of searching and the only "ssh using udp" implementation found was Mosh, <https://mosh.org/>, but Mosh != ssh. Of what ssh implementation do you speak? More to the point of this thread, is it using udp/22? Is it available for GNU/Linux? -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
