HackerTrans
トップ新着トレンドコメント過去質問紹介求人

rafpin

no profile record

コメント

rafpin
·2 年前·議論
> Such things can always be automatically discovered.

Wouldn't fail2ban + reasonably sized (10+ ports using a mix of udp and tcp) knock sequence prevent brute force attacks like these?
rafpin
·2 年前·議論
Would ssh servers with port knocking set up be safe from this backdoor?

I'm not sure I got it correctly, but seems the RCE can only be performed after connecting to the ssh server, but if the port is hidden behind a reasonable sequence of tcp/udp knocks, then it won't happen?

I've been using port knocking on ssh servers, and it definitely does not replace proper ssh configuration, but so far seems like a cheap extra layer of defense that might either prevent or give extra time to respond when these ssh vulnerabilities appear.