Ruminations on an SSH attack
Ben Scott
dragonhawk at gmail.com
Mon Dec 19 14:49:01 EST 2005
On 12/19/05, Tom Buskey <tom at buskey.name> wrote:
>> Also, you need to beware of ISPs who use proxy servers - like AOL,
>> Yahoo, PowerNet, ... Blocking one of those can block a lot of
>> legitimate users.
>
> Proxy ssh servers? I can't imagine too many ISPs proxying ssh.
Proxy IP servers. They don't proxy SSH in particular, they proxy
*all* IP traffic. Masquerading/NAT fall into this category. So do
systems that force everything out via an HTTP proxy. Be aware that
"HTTP proxies" can carry arbitrary TCP traffic, via the CONNECT
method. It's one way to bolt something like per-user accounting onto
IP.
The end result is that a single IP address is used by tens or
hundreds of users. Thus, blocking a single address to block an
attacker may block wanted traffic as well.
-- Ben
More information about the gnhlug-discuss
mailing list