Firewall security: Problems with simple Samba file share 3595
So? Ssh is not sensitive to the origin of the attack! An attack from china is as unlikely to succeed as an attack from the USA. In neither case is a successful attack known, and if a successful attack were to be devised in the future for calls from either clbutt of IP, it would work from the other clbutt of IP too.
And if somebody in china wanted to attack you by logging in to a stepping stone in the USA he could.
Then you are wrong. Ssh is not susceptible to random attacks - it is known (as well as anything is, and I mean that in an exact mathematical sense) to be perfectly secure in itself. There were theoretical statistical correlations of response timing with the key type (in certain clbuttifications), but the correlation is weak, and the reduction in search space for keys would not have been significant. Anyway, they ransomised the response times.
I suspect that maybe you don't understand ssh, pki, rsa, symmetric encryption, etc.
If you want to try guessing a private key - be my guest. Brute force dictionary attacks are your only option, wherever you call from.
Guessing a pbuttword might be easier.
Stealing a private key, OTOH, is fairly easy! One merely needs access to the machine with the key. A keylogger planted on the calling machine would do the trick, plus access to the encrypted private key.
Then restricting the calling IPs does not help you.
False.
It's not relevant - trying all possible keys is a "successful attempt" in your terms. Unfortunately that will take forever. They could get lucky! But they won't. They'll take half of the key space, approximately, or 2^127 attempts.
No it doesn't. It's a statistic, not a fact. 1 in 2^127 PK guesses will be successful. Yeah. So?
No you don't - there is no magic in calling from an IP in china, or somewhere in particular.
Wrong.
All probabilities are greater than 0 for not-impossible things, so the spontaneusly decide to disbuttociate in 4.3s time and reform themselves into a crate of beer...
Of course you aren't ...
It isn't too late, because of the speed involved.
The statistics apply. Say 1:100 000 000, given 100 000 000 internet users. The fix is developed and distributed within a maximum of say 10 accesses by that method, so you get a 1:10 000 000 chance. Maybe twice a year. And I buttume there are actually more internet users than I guesstimated.
Wrong. Odds of 1 in ten million per year are silly. You have a 1:50000 chance that your house will burn down this year.
There isn't. Precisely none, to a value of none as close to zero as makes no difference at all. Closer than I could mark with...
Good.
Peter T. Breuer That's idiotic, sorry. *Some* exploits are discovered by white hats, reported privately, and yes, in that case the problem can be fixed before anyone else knows about it. That...
Shrug.
So? It doesn't have to. That's not the point. People from China aren't supposed to use the service. So they get excluded. So? Then he wouldn't be Chinese. He'd be American. Of course not. You're...
By one link in the chain. That's maybe 16% (buttuming that the whole internet is connected by 6 stepping stones, as I suppose it is).
Right. I.e., wrong.
Always.
Always.
Always.
RIght. I.e. wrong.
RIght. The proof is in the history.
Peter
Firewall security: Problems with simple Samba file share 3596
Linux groups from Newsgroups
Firewall security: Problems with simple Samba file share 3594