Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:FYI: iptables tutorial (Score 1) 349

And that is a spiffy, powerful way to block all ports but 22 (ssh), 80 (http) and 443 (https) by using iptables.

This isn't solving the problem. Actually, there are two problems. One is that a multi-user machine might have users that use weak passwords the probers can eventually guess. The other is all those probes. Before I used alternate ports, I've seen as many as half a million probes in just one day. Though no attempt ever got in, it flooded my logs. So it is still to be avoided. For now I'm using port 9173 (not really that one, but similarly obscure).

And you are leaving port 22 open. But even if you do close it and use an alternate port, the concept in this article is that the probers are trying other ports, now. As soon as they starts scanning ports for an SSH banner, they will know where to probe. This isn't solving the problem.

Something more sophisticated is needed. A knock-knock protocol, such as sending a UDP datagram to an obscure port that never responds to anything, but acts on a properly encrypted message by opening another TCP port to the sender or coded IP address (only) for SSH access, would be one good way to do this. Another is pre-shared IPsec in tunnel-mode (no response for packets that fail to decrypt because the inner checksum will fail).

Comment Re:Yes (Score 1) 218

It would be simple enough to just make sure all the parts in the desktop, laptop, notebook, and tablet offerings can run a stock Linux. If some company trying to sell you parts won't make it work in a stock Linux, then it's crap and you should not use it because in the end it will break even under Windows. Then have options for the OS: (1) Windows 8 with full support, (2) Windows 7 with full support, (3) Linux Mint 14.1 with hardware support (labeled "geek special" ... they are going to replace it with Arch or Debian or Gentoo or Slackware, so don't worry about it).

Profit!

Comment Re:A real-name policy is GOOD for privacy (Score 1) 85

My 6 year old niece has been surfing the net, and knows how to do things like set up Admin privileges for users in Windows ... and that was over a year ago. To kids born recently, they know of no life without computers or the internet. It isn't just an essential to them ... it's the way life is. I've warned my brother that if she encounters the content filter, she would probably just remove it, and may have already.

Comment Re:But there are so many fake accounts. (Score 2) 85

Yeah, I can see it makes things easier if they want to market to me OFFLINE, to know my OFFLINE identity and location. But they offer NO VALUE to me to use an ONLINE service unless I am using my ONLINE identity. There are plenty of others that do, and they are not so full of spammers and other idios, so I see no benefit to me to bother with Facebook unless they allow my REAL identity.

Slashdot Top Deals

To the systems programmer, users and applications serve only to provide a test load.

Working...