[arch-general] Iptables

Karol Babioch karol at babioch.de
Thu Feb 13 21:35:55 UTC 2020


Am 11.02.20 um 16:15 schrieb NTS:
> - The ssh port is fixed as TCP port 12500.  Since 12500 >1024 this
> is a non-priviledged port which is a security risk.  Ports < 1024
> can only be opened (here: state LISTEN) by root, others by everyone.

While technically this is true, I'm not convinced that this matters in
practice in most environments.

> If a user manages to crash your sshd then they can start their own
> service at that port.

This requires local users/attackers with shell access. Not necessarily a
concern in every environment.

Best regards,
Karol Babioch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200213/bd48425d/attachment.sig>

More information about the arch-general mailing list