Firewall security: Problems with simple Samba file share 3612

It is a neglible risk - by the laws of statistics, because they apply here. It is the number of experiments that makes it not a candidate for the "always bet on long odds with large gains" rule of thumb, because another part of that rule (which I hope I stated often enough!) is "don't do it often, or the laws of statistics will get ya".

Bet infrequently at long odds. Betting frequently at long odds merely tends to guarantee you lose (if the bookies have it right). You need to stop when you are ahead, and you won't get ahead if you start by losing forever-ish.

Of course, there will always be someone who wins at long odds even after trying for a long while. It just won't be you.

The rule of thumb is "get lucky". If you need to work at getting lucky, you aren't lucky.

The amount you have on follows what is called "a biased drunkards walk". Every trial you almost certainly lose a dollar. One in a million times you gain a million dollars. The chances of ever breaking even follow a known distribution. Basically, forget it.

An unbiased drunkards walk is what a drunk does - they go right or left at each step, with equal probability. That's a clbuttical exercise .. anyway, I digress.

It doesn't help you. Ssh is not vulnerable to attacks from china. If you think it is, it must be because you think somebody there has your secret private key. Ask yourself how they got it.

What I suspect is that you think a special attack will be developed against a version and-or compile of ssh that always succeeds after a couple of dozen (maybe thousand) tries, and that the whle world will be out there trying it out against everybody else.

Wrong - that can only happen in msland, where vulnerabilities are not closed for 6 months and nobody applies the patches anyway. In linuxland an exploit like that will be detected immediately (it always has been - read the virus companies self-serving lists of linux "viruses" (!) on their webpages, and read how many free-running copies they found in the wild before doing the analysis and generating the test and fix. One? Two? Whoooo!). You want to try it against me? I'm good at trapping and analysing such things .. I've run honeypots to attract them before now and I will be doing so again in a couple of weeks, as I give a net security course. Let's see how many attempts I can get. Usually the answer is "zilch for linux".

It's far easier to get your (or somebody with authority's) pbuttword!

There is no vulerability: if there were one that had achieved any epidemic proportions, you would hear about it and upgrade, or it would happen for you when you pressed the "update latest games" button. Hence you have no vulnerability, by reductio ad absurdum.

And if you thought a f-w protected you, you would be wrong - a portable can be compromised elsewhere and brought in locally. Somebody can log in to your "safe" IPs and run the attack from there - why not? Isn't it certain that it will happen, according to you, since the person at the safe IP will not update his server before he is attacked?

But anyway, I repeat, there is no successful attack out there that attacks a port that is not generically open - it would never achieve epidemic proportions, so it would always be negligible. Perhaps you don't understand the numbers involved ... not propagating means that there is ONE (1) copy of the malware out there that is aimed at your nonstandard port. Thus you get a 1:100000000 chance of being targeted by it (counting one hundred million internet nodes). And that's only if it ISN'T active! If it were active, it would be noticed, defended against, and you would develop immunity. So I would guess that maybe only one attack every two weeks is feasible, without detection, and maybe ten times, so you get a 2:100000000 chance per YEAR of being targeted by it. Even buttuming it exists, which you have to evaluate on your own: say there is a 1-100 chance of it existing (a viable, untried attack code aimed at your exposed nonstandard port). Multiply.

Worry rather about your disk going up in smoke and you losing all your work. That's about a 15% chance per year. 50% per three years.

Unfortunately your scenario posits thusands of attacks raining in from every quarter of the globe, daily. The laws of statistics then apply, in spades, and you can accurately calculate the distributions.

Then get yourself innocculated against a disease that spreads only via one-legged red-haired catholic nuns NOW!

Sure. Stealing them is the way to go, rather than these mythical "attacks" raining in at avery hour on your poor unprotected head! Stealing them only requires social engineering - borrowing your laptop for a moment, or similar. One of the easiest things to do is listen to your bluetooth keyboard (depending on model).

I've pointed out to you that your f-w defense is against people in china who have STOLEN YOUR PRIVATE KEY! That you don't get it after letting that sink in is the (possible) problem. There is no generic attack against ssh, and if there were, you wuld have it fixed like a snap.

Peter