non-static IP tolerant whitelisting for SSH/FTP/etc

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

I don't want the overhead of managing "bad" addresses with iptables, so I'm thinking have iptables DROP all SSH/FTP/etc traffic except for mine. Problem with doing that though, is when my IP changes I'm locked out, if I want to login from anywhere else I'm locked out.

So, I figured I can setup a page on the server that when accessed will log my IP address to a file, then have cron look at the file every 5 minutes and inject any IP found in that file into the INPUT chain of iptables with an ACCEPT rule for SSH.

Problem with that though, is sooner or later I'll probably have a lapse of judgement and someone will stumble onto that special IP logging page. So, I figured instead of having that page log my IP, have the page send me an email with a random URL I can visit to log my IP.

Problem with that though is, sooner or later I'll probably have a lapse of judgement and share the code that handles it with someone else and they'll have access to my random number generator, which sooner or later will get passed along.

So, I figure if I set it up to generate a random string by searching Google for results of a random word in the dictionary and hash the response, HTTP headers and all, I should get a pretty unpredictable random string.

Anyway, just thought I'd toss this out there, see if I missed anything, other than my obvious lapse of judgement here even talking about it. ;)
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9088
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Have you considered port knocking?
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

I hadn't, but I like the sounds of it.

Kinda funny, I was just watching a documentary about a gambling regulator that rigged slot machines to pay jackpots when specific sequences of coins were entered.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9088
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Interesting, did he walk away with alot of money before being caught?

Let me know if port knocking ends up working for you :)

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 1 guest
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.