Find the answer to your Linux question:
Results 1 to 9 of 9
Like Tree2Likes
  • 1 Post By unspawn
  • 1 Post By Lazydog
Hi all, I have an ssh server on FreeBSD, and on the firewall i have this rule: Code: block all in pass in log proto tcp from any port 3333 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    26

    How do I specify the source port in the ssh client?


    Hi all,

    I have an ssh server on FreeBSD, and on the firewall i have this rule:

    Code:
    block all in
    pass in log proto tcp from any port 3333 to port 1000
    When I chack the firewall with hping, it looks OK :

    Code:
    # hping -c 1 -S 192.168.43.128 -p 1000
    HPING 192.168.43.128 (vmnet8 192.168.43.128): S set, 40 headers + 0 data bytes
    
    --- 192.168.43.128 hping statistic ---
    1 packets transmitted, 0 packets received, 100% packet loss
    round-trip min/avg/max = 0.0/0.0/0.0 ms
    #
    Code:
    # hping -c 1 -S 192.168.43.128 -p 1000 -s 3333
    HPING 192.168.43.128 (vmnet8 192.168.43.128): S set, 40 headers + 0 data bytes
    len=44 ip=192.168.43.128 ttl=64 id=32548 sport=1000 flags=SA seq=0 win=16384 rtt=1.7 ms
    
    --- 192.168.43.128 hping statistic ---
    1 packets transmitted, 1 packets received, 0% packet loss
    round-trip min/avg/max = 1.7/1.7/1.7 ms
    #
    but I tried on my debian computer to connect using :

    Code:
    ssh -D 3333 192.168.43.128 -p 1000
    but the source port is chosen randomly. is ther another way?

  2. #2
    Just Joined!
    Join Date
    Aug 2009
    Posts
    83
    Quote Originally Posted by Barakat View Post
    the source port is chosen randomly. is ther another way?
    Maybe a SSH tunnel with a specific local port?
    Barakat likes this.

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Question: Why do you want to limit the source port? Is there a good reason for this?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. #4
    Just Joined!
    Join Date
    Jul 2010
    Posts
    26
    Thank you guys for replay,

    @ unspawn : The port will still be chosen randomly. Maybe this picture will explain :



    @ Lazydog : There are zombie networks that are used to scan a wide range of IP addresses. If they detect an SSH server, many computers will try to brute force that server and they will not stop untill a long time. I just want to make the SSH server invisible from the random scans since I don't have a static IP.

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    @ Lazydog : There are zombie networks that are used to scan a wide range of IP addresses. If they detect an SSH server, many computers will try to brute force that server and they will not stop untill a long time. I just want to make the SSH server invisible from the random scans since I don't have a static IP.
    Forcing a sort port will not stop this either. Attacher could get lucky and his system use the same source port. What you need to be looking at is SSH-Keys and Fail2ban.

    With SSH-Keys there is no password, unless you lock your key with a password (which is what I do here), and no one can log in without the correct key.

    Fail2ban you can setup to block incoming attach when x amount of failed attempts are made to login.

    If you are really worried about someone hacking your system then the above combination would be your best bet.
    Barakat likes this.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Just Joined!
    Join Date
    Jul 2010
    Posts
    26
    @ lazydog: Thank you for this great information, I'm realy not afraid that someone succeed login to the system but I'm a afraid of losing lots of bandwidth because of that huge networks. I manged to solve this problem via ncat (that comes with namp):

    Code:
    ncat -l 2222 --sh-exec "ncat 192.168.43.128 3333 -p 1000"
    Code:
    ssh root@localhost -p 2222
    The connection will be redirected to the host with the source port that I want.

    Thank you all for help

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Please enlighten me on how this is going to protect your bandwidth?
    Are you talking about protecting it from the inside or the outside?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #8
    Just Joined!
    Join Date
    Jul 2010
    Posts
    26
    These networks are huge, if they detect an open SSH/FTP server, thay will start brute forcing these service. They will not succeed login but they would cost me lots of bandwidth and for nothing. Instead of fight these machines, I think it would be better to not attract them in the first.

  9. #9
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    So we are talking external then. OK, you are going about this sdrawkcabssa. If you are really worried about SSH then change the port it listens on from 22 to something in the high range 1025+. It really doesn't help you at all to stop someone from blasting your system by making a source port as the only one accepted. An attacker could get lucky and just happen to use that port. Now what? Your system is once again open to him. You are giving yourself a false sense of security. Once you are figured out it is game on for the hackers. The above is a lot better angle to stop the attackers with. Even if they figure you out after X amount of failed logins they are blocked by Fail2ban.

    Anyone can still fill up your bandwidth with a attach to port 1. Your firewall still needs to process the packets it receives before dropping them........

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •