[NTLUG:Discuss] Strange iptables problem on CentOS 4.4
Leroy Tennison
leroy_tennison at prodigy.net
Sun Feb 18 22:23:58 CST 2007
Chris Cox wrote:
> . Daniel wrote:
>
>> That's an interesting question. I had seen something like that not too
>> long ago. It too was CentOS 4.4 in fact. I think when I saw the error, I
>> hadn't yes corrected a router configuration mistake I had made. I was
>> attempting to forward all data for a given IP address to a specific machine
>> within the firewall. What I failed to do was make the machines responses
>> MASQ through the same IP address. Once I made the Masq correction, it
>> worked just fine.
>>
>> My first impression was that "hey, this must be the 'secure' part of ssh."
>> I still don't understand why ssh is better than telnet... other than the
>> plain text thing, but then again, who will be sniffing in average
>> situations?
>>
>
> You would be surprised. Think of the poor folks on cable (a giant
> neighborhood ethernet hub).... very easy to sniff out passwords
> and such.
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
>
A couple of other things to consider: Maybe the question shouldn't be
"Who will be sniffing?" but "What damage could be done if they do?"
Another way to view this is to ask "What is the cost/benefit?" The
"cost" for using ssh seems to be pretty low - a little setup and some
performance hit for the encryption (which may not matter depending on
what you are doing). The benefit is in greatly reduced worry about
"what if". If you are sniffed how much damage could be done by gaining
the user name and password? Another consideration may be your
reputation. Depending on the context, using an insecure protocol,
regardless if anything happens, may be perceived negatively.
Not knowing your situation I can't answer any of these questions. I do
believe that they should be given serious consideration though.
More information about the Discuss
mailing list