HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rafpin

no profile record

comments

rafpin
·2 years ago·discuss
> Such things can always be automatically discovered.

Wouldn't fail2ban + reasonably sized (10+ ports using a mix of udp and tcp) knock sequence prevent brute force attacks like these?
rafpin
·2 years ago·discuss
Would ssh servers with port knocking set up be safe from this backdoor?

I'm not sure I got it correctly, but seems the RCE can only be performed after connecting to the ssh server, but if the port is hidden behind a reasonable sequence of tcp/udp knocks, then it won't happen?

I've been using port knocking on ssh servers, and it definitely does not replace proper ssh configuration, but so far seems like a cheap extra layer of defense that might either prevent or give extra time to respond when these ssh vulnerabilities appear.