[clug] secure remote access method [SEC=PERSONAL]
jm
jeffm at ghostgun.com
Sat Jun 20 00:45:24 GMT 2009
Daniel Pittman wrote:
>> Another good idea. I also missed the idea by Geoff Swan on the fact that
>> because 443 is used by SSL it's considered opaque and so ssh also works
>> there.
>>
>
> Actually, SSL and SSH are infinitely identifiable traffic streams. The
> *content* is protected, but the fact that you are (or are not) running SSL or
> SSH is visible to an attacker who is looking for it.
>
> (Heck, the SSH banner is plain-text. ;)
>
>
Of course. your correct. I've see the ssh banner many times myself when
testing and should have thought of it. It's possible that the reason
this works as described is that it is, for some unknown reason,
considered opaque to the firewall manufacturer, that the manufacturers
got lazy (had better things to do), or that Geoff simply hasn't
encounted a firewall that can tell the difference yet a simple case of
YMMV. :-)
Jeff.
More information about the linux
mailing list