From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L8GTK-0001CO-Lb for garchives@archives.gentoo.org; Thu, 04 Dec 2008 15:50:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9589CE04E7; Thu, 4 Dec 2008 15:50:31 +0000 (UTC) Received: from smtp.athabascau.ca (smtp.athabascau.ca [131.232.10.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 6DA0CE04E7 for ; Thu, 4 Dec 2008 15:50:31 +0000 (UTC) Received: from CONVERSION-DAEMON.local.athabascau.ca by local.athabascau.ca (PMDF V6.2-1x12 #31425) id <0KBD0CZ01005ZB@local.athabascau.ca> for gentoo-user@lists.gentoo.org; Thu, 04 Dec 2008 08:50:29 -0700 (MST) Received: from dimon.pc.athabascau.ca ([131.232.4.135]) by local.athabascau.ca (PMDF V6.2-1x12 #31425) with ESMTP id <0KBD0CSHV005HA@local.athabascau.ca>; Thu, 04 Dec 2008 08:50:29 -0700 (MST) Date: Thu, 04 Dec 2008 08:50:27 -0700 From: "Dmitry S. Makovey" Subject: Re: [gentoo-user] Curious pattern in log files from ssh... In-reply-to: <493726CA.8080207@shic.co.uk> To: gentoo-user@lists.gentoo.org Cc: Steve Message-id: <200812040850.31069.dmitry@athabascau.ca> Organization: Athabasca University X-Envelope-from: dmitry@athabascau.ca Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-version: 1.0 Content-type: multipart/signed; boundary=nextPart1644368.gi6B01jVCf; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-transfer-encoding: 7BIT User-Agent: KMail/1.9.9 References: <4936E5E3.1040606@shic.co.uk> <200812031707.23306.dmitry@athabascau.ca> <493726CA.8080207@shic.co.uk> X-Archives-Salt: dbac9053-3bc0-4446-8a54-600f1e357ae5 X-Archives-Hash: 1170b5366082b13baeb3652436159f7b --nextPart1644368.gi6B01jVCf Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On December 3, 2008, Steve wrote: > Dmitry S. Makovey wrote: > >> Erm - surely I either need to set up my client to port-knock... which > >> is a faff I'd rather avoid... in order to use the technique. > > > > nope. just start connection. wait a minute. cancel. start another one. > > wait a minute. cancel. start new one - voila! :) > > Eeew... especially as this would apply to all connections - even the > ones where I have a DSA key. I might be able to cope with this if it > only applied to my initial connection, from which I could grab a copy of > the DSA key. Ok, let's theoreticise some more. My paranoia feels particularly frisky tod= ay,=20 so here it is: remember, I've mentioned origianlly that once you authenticate successfully= =20 once with DSA key - your IP is whitelisted. So subsequent connections go=20 right through. > > well. Nobody but you knows your requiremens and specifics - we're just > > listing options. It's up to you to either take 'em or leave 'em ;) > > Fair enough - but I've still not found an option for sharing/using > shared block lists for bot-nets. Open a Wiki page on Wikipedia, update it every so often and provide simple= =20 parser for it so others can recycle same IPs. Since it's a Wiki page - othe= rs=20 can update it as well (including botnet owners, but then they'd have to=20 reveal themselves - tricky situation) :) P.S. I think I'd better stop with my mad science projects here before I go too f= ar=20 and invent brand new theory on host protection ;) =2D-=20 Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --nextPart1644368.gi6B01jVCf Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBJN/xHyDrVuGfS98QRAkkuAJ0TTcijhvQoQ3xXXUhpuDDMnYzfrQCffI6x +LYV+loA6+3tZluORMTVIdU= =HBql -----END PGP SIGNATURE----- --nextPart1644368.gi6B01jVCf--