[arch-general] Iptables
Karol Babioch
karol at babioch.de
Thu Feb 13 21:35:55 UTC 2020
Hi,
Am 11.02.20 um 16:15 schrieb NTS:
> - The ssh port is fixed as TCP port 12500. Since 12500 >1024 this
> is a non-priviledged port which is a security risk. Ports < 1024
> can only be opened (here: state LISTEN) by root, others by everyone.
While technically this is true, I'm not convinced that this matters in
practice in most environments.
> If a user manages to crash your sshd then they can start their own
> service at that port.
This requires local users/attackers with shell access. Not necessarily a
concern in every environment.
Best regards,
Karol Babioch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200213/bd48425d/attachment.sig>
More information about the arch-general
mailing list