can't run sshd on 23456 in Fedora 19

Reindl Harald h.reindl at thelounge.net
Mon Jul 8 16:24:45 UTC 2013



Am 08.07.2013 17:13, schrieb Michael Cronenworth:
> On 07/08/2013 10:01 AM, Tim wrote:
>> And I'd certainly avoid putting anything exploitable, ever, on port
>> 23456.  Maybe that was just a made up example by the original poster,
>> but consecutive numbers like that, and other common number sequences,
>> are just the sort of thing that wannabes hackers are going to type in to
>> play with.
> 
> Since there are only 65,535 ports to scan, anyone at any time can easily
> scan for an open port in seconds. 

not on properly configured servers where you have rate-controls
and additionally to the setting below you have on any of my machines
rules which are catching connections on unused default ports and
directly before open ones resulting in get a REJECT for the next 2
seconds on avery port with your IP

have fun doing a port-scan, hence i have seen security scans on
some of my machines where the report of a 3rd parity auditor
said the server is a "Sony Playstation" - honestly!

iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m recent --set
iptables -I INPUT -p tcp -m conntrack --ctstate NEW -m recent --update --seconds 2 --hitcount 150 -j DROP
iptables -A INPUT -p tcp -m multiport --destination-port 80 --syn -m connlimit --connlimit-above 60 -j DROP


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130708/0d13b6b0/attachment-0001.sig>


More information about the users mailing list