Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Router Hacked?
- Randy Yates
September 14, 2006, 1:33 am
rate this thread
After reading the Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
I was feeling smug that I was safe since I locked up ssh.
HOWEVER, I'm now much more nervous. I don't understand why I'm able to
ssh to an outside host on the standard port 22 when my router is
configured to block port 22. Could it be that my router has been
By the way, is there a way to configure the router so that only
outgoing connections on port 22 should be allowed? That is, can
I configure the router so that only SSH connectsion FROM my internal
machine TO an outside machine are allowed through, while any
INCOMING connections on port 22 remain blocked?
% Randy Yates % "So now it's getting late,
%% Fuquay-Varina, NC % and those who hesitate
%%% 919-577-9882 % got no one..."
Re: Router Hacked?
Outbound or inbound?
Typically consumer routers (Linksys, et al) block the establishment of
incoming connections from the internet, but allow TCP flows that
originate from inside (LAN) to the outside (WAN/Internet). That'd be
a simple explanation of a stateful packet inspection (SPI) firewall,
which understands and tracks TCP connections as a whole.
A packet filtering firewall doesn't have a notion of "connections" per
se, but just individual packets. The older packet filtering firwalls
would block inbound TCP SYN requests, but wouldn't block inbound TCP
ACKs or FINs.
Always possible, but the symptoms you describe are normal near as I
can tell. Egress filtering (i.e. filtering of what's outbound)
isn't common in consumer routers.
Sure, with a router of sufficient flexibility could allow you to
construct such a tightly defined filtering policy. "Block connections
from the LAN destined for any external host, with protocol TCP,
destination port 22" would be the complete thought of such a block.
But if that's your only rule, you'd break all other internet traffic
to/from your LAN (i.e. web surfing, IM, updates, etc). tcp/80 and
tcp/443 outbound requests would be blocked, so you wouldn't get any
web requests out, for instance.
Your router is likely already configured as such, with the exception
that in addition to alowing outbound connections with a destination
port of tcp/22, it's allowing arbitrary outbound connections.
Re: Router Hacked?
Thanks for allaying my fears and resolving my quandary - all in
Man, I feel good about ssh now! I just LOVE it!
% Randy Yates % "I met someone who looks alot like you,
%% Fuquay-Varina, NC % she does the things you do,
%%% 919-577-9882 % but she is an IBM."
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum