Firewall security: Problems with simple Samba file share 3614

I said it is not.

Then what do you think? That somebody in china has a secret method of breaking into ssh and they are going shortly to choose you to be the first to suffer this kind of unknown-to-the-world intrusion. WHoooohooooo! Can I say "elvis has left the building"? Can I say "more paranoid than the CIA"? Can I say "weapons of mbutt destruction WILL be found - you can count on that"?

Any more nutty paranoias? Do you suspect that you are being tailed by chinese counteragents? Have you been leaving the cinema queue in a hurry when you notice a mainland chinese emigree selling pirate cds outside?

Maybe they will try it on the White House first. Naaaaaah. Too easy. Not worthwhile. They'd go for your secrets first. Sure they will.

Good. I like examples. We can argue about them concretely. Let's stick to ssh.

Aha! I'm getting good at guessing your secret fears. And could it be that your skill set includes knowledge of C buffer-overflow exploits (but try that on C++ - you'll find a huge problem connected with locating where the "self" object is on the stack), but no knowledge of the ssh protocol, indeed no knowledge of the mathematics of cryptography (beyond the knowledge that RSA keys come in pairs)?

That's it, is it not? Cryptography is probability theory and other mathematic, and you've already said that you don't care about probabilities, so I'd guess you don't understand the cryptography in any way.

Well, take it from me, ssh uses secure encryptions. Whether the protocol used is secure or not is another matter (at times it has been a bit leaky by design, but that's all relative, and leaves the ecryption still way beyond your reach). One used to be able to try and fool it into using weaker keys or eak authentication by various methods, but you aren't going to kno about that, and you aren't going to be using such a generous sshd. I bet you don't have sshd configured to accept "none" as an encryption method! And you probably won't allow it to use rhosts authentication alone. Etc.

But whatever - there is no chinese method of breaking ssh.

No? Just the chinese?

In six months, or however long.

I quote the bogosities above because even their deliberate falsehoods reveal the truth, accidentally.

Epidemic means "persists at at least a constant percentage in the population for an appreciable time ... say 3000 generations of the lifeform" (3000 being my estimate of when running the sim gets boring). The common cold rhinoviruses are an example. They each cycle in a couple of hours. In terms of software, a cycle would be an infection cycle.

I don't think any one on the bogosities page got to 10.

Yes they do. That's what risk is.

You did - oh, I see, you don't understand what I mean. I mean a port that is not normally exposed on a standard machine (ssh is an example of a port that is normally exposed) but is exposed on yours, with a server behind it.

How many? Tens, if you like!

They do. Ask the insurance people. It's your evaluation of cost that you need to look at!

Who is it against, then? This mythical chinaman who has a crack for ssh and chooses to use it on you instead of aiming for the White HOuse? Ha hhhaaa. Mpph.

You don't get it.

Of course I do! What do you think the science of cryptography is ABOUT, fer crying out loud.

The answer is "you don't know".

Absolutely - a crack for ssh would be such huge news that you would hear about it on the daily breakfast news, before the news of elvis being found alive on mars. Instantly, all the banks in the world would be vulnerable to fraud (I wrote the secure encryption used by the Iberian peninsula internet banks), and govts and spy agencies would discover they have no secure communications.

The fix would be out there like a rocket. There can't possibly be a generic hole because cracking ssh is in one of the clbutt of problems non to be maximally hard, and a crack for it would break other problems of equal complexity clbutt - which we are sure from decades of work cannot be done.

This proves that you do not understand cryptography.

Unfortunately, it only shows that you have confused your ignorance with mine.

Peter