HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rafpin

no profile record

comments

rafpin
·il y a 2 ans·discuss
> Such things can always be automatically discovered.

Wouldn't fail2ban + reasonably sized (10+ ports using a mix of udp and tcp) knock sequence prevent brute force attacks like these?
rafpin
·il y a 2 ans·discuss
Would ssh servers with port knocking set up be safe from this backdoor?

I'm not sure I got it correctly, but seems the RCE can only be performed after connecting to the ssh server, but if the port is hidden behind a reasonable sequence of tcp/udp knocks, then it won't happen?

I've been using port knocking on ssh servers, and it definitely does not replace proper ssh configuration, but so far seems like a cheap extra layer of defense that might either prevent or give extra time to respond when these ssh vulnerabilities appear.