[clug-talk] How do I block/ban IPs with IPCop?
Jarrod Major
jmajor at nucleus.com
Mon Apr 18 09:09:54 PDT 2005
> -----Original Message-----
> From: clug-talk-bounces at clug.ca [mailto:clug-talk-bounces at clug.ca] On
> Behalf Of Trever Miller
> Sent: Monday, April 18, 2005 9:55 AM
> To: Travis Rousseau; CLUG General
> Subject: Re: [clug-talk] How do I block/ban IPs with IPCop?
>
> Security by obscurity only works in the short term. This might stop a
> few of the automated worms/script kiddies out there, but not all of
> them. Something using nmap would find that in short order.
>
> Turn password auth off and use certificates only for starters.
>
> Then maybe look at using port knocking.
Somebody should demonstrate the whole locking down SSH thing, including
denying root login and the use of certificates. This would make a good
mini-presentation.
I would also love to see someone demonstrate the whole port knocking thing.
Marcel talked about this a while back it sounds totally cool. For those that
do not know about this you can Google it but the short description is that
you open a service to the internet but in order to access it, the client
must 'knock' or hit a pre-defined series of ports in order to access the
correct one. I may be misleading you, I don't really know much about it
beyond this but it sounds wicked cool... hence my desire for a practical
demonstration.
The best analogy I can come up with is the alarm systems people have on
their cars where you have to turn on the radio, turn off the radio, open the
windows, turn the heat to medium, etc, etc, to disarm the alarm system.
Any takers? FYI, I am not offering... I am requesting.
Jarrod
More information about the clug-talk
mailing list