Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.raspberry-pi > #9226
| From | druck <news@druck.org.uk> |
|---|---|
| Newsgroups | comp.sys.raspberry-pi |
| Subject | Re: Changing network ports from closed to stealthed |
| Date | 2015-07-31 09:46 +0100 |
| Organization | A noiseless patient Spider |
| Message-ID | <mpfchg$s6g$1@dont-email.me> (permalink) |
| References | <d1vc4jFj3hiU7@mid.individual.net> |
On 30/07/2015 20:27, David wrote: > When I DMZ to my Pi (running a VPN server as a test) I can see all the > ports as "closed" apart from the VPN port. As I understand it the Pi is > sending a negative response to a request to open the port. This tells the > far end that there is a device there managing the ports, which is an > invitation to try again and expand the range of ports probed. > > I would like to tell the Pi to ignore all connection requests and stealth > the ports. I wouldn't use the DMZ feature, as this exposes all the services you have running on the Pi to the internet, and you need to be absolutely sure you've configured tem all securely. Instead set the router up to forward just ssh to the Pi, and set up your ssh client to tunnel all the ports your are interested in via the Pi. Make sure you configure ssh securely on the Pi, so only authorised non-root users can get on, there is plenty of information on the internet about how to do this. I have mine set up to only allow a special restricted gateway user to be logged on to using a 2048bit RSA key and not a password. If forwarding ports this is all that is required, if you want to get to a user account, you do an su from there. If you forward the ssh port 22 on the router to port 22 on the Pi, you instantly see attempts to gain access in the /var/log/auth.log If instead you pick some random high number above 1000 on the router and forward that to port 22 on the Pi, you'll see far less attempts. Make sure you use this new port number with any ssh clients. ---druck
Back to comp.sys.raspberry-pi | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-30 19:27 +0000
Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-30 20:53 +0000
Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:52 +0000
Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-08-02 16:20 +0000
Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 18:42 +0000
Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-08-02 19:23 +0000
Re: Changing network ports from closed to stealthed mm0fmf <none@mailinator.com> - 2015-08-02 20:26 +0100
Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 20:08 +0000
Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-08-03 08:34 +0100
Re: Changing network ports from closed to stealthed Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-08-02 19:45 -0400
Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 21:13 +0000
Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 17:12 -0500
Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 22:22 +0000
Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 19:15 -0500
Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:19 +0100
Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 09:33 +0000
Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 11:23 +0100
Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:57 +0000
Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 11:07 +0000
Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 11:15 +0000
Re: Changing network ports from closed to stealthed Roger Bell_West <roger+csrp201507@nospam.firedrake.org> - 2015-07-31 11:22 +0000
Re: Changing network ports from closed to stealthed Graham. <me@privicy.net> - 2015-08-01 17:03 +0100
Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-08-01 23:30 +0100
Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-07-31 09:46 +0100
Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:13 +0100
Re: Changing network ports from closed to stealthed I R A Darth Aggie <n0b0dy@invalid.invalid> - 2015-08-02 16:24 +0000
Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:51 +0000
csiph-web