Does accessing a port on a remote server via ssh tunnel improve security?

The idea is the following:

I have a port open (P) on a remote machine (R) with a service application running which is listening on (P). I would like to connect from a client machine to the service application on the remote machine.

Possibility 1:

I leave the port open so I can connect directly from my client via the ip and the port to the service application on the remote machine.

Possibility 2:

I restrict the service application via firewall to localhost and forward (P) with an ssh tunnel to my client machine.

My own conclusion:

If I open the port of the service application across the internet, then I have to trust that it cannot be exploited for remote code execution on (R).

If I use an ssh tunnel, then I only have to trust that the listening ssh port cannot be exploited. The number of open ports is reduced and hence the attack surface (from my point of view). I would still be vulnerable if my client machine was compromised, but I’m accepting that risk anyway when using ssh.


So my question is, is my conclusion correct? Is it more secure to use an ssh tunnel and forward a port instead of exposing that port directly?

ISP Email Issue on Port 25

My ISP, a small, local “mom & pop” outfit, provides my email services. For the last six months or so, my main email account frequently fails to update with the following message, “Could not connect to server; the connection was refused.” Sometimes it works, sometimes it doesn’t. Interestingly, my other two email accounts on this server almost always update without error. These two “working” email accounts have very low volume.

The ISP tech guy insist that the problem is likely due to malware on my side. Scans by MSCERT, Malwarebytes and Norton virus software reveal no malware on the PC. The PC is not networked with other PC’s. It is a standalone workstation connected to a Netgear switch that resides on a home, uVerse router.

How can I determine if I have a spam bot or some other malware on my workstation spewing out email on port 25 causing the ISP to reject a connection? Are there tools available that would allow me to monitor this and identify then delete the offending software? If this is indeed the problem, why doesn’t the standard scanners pick this up? Or does the ISP have some parameters set improperly limiting my main email account’s connection to their mail server when volumes are high?

Is this Monkey Grip port balanced as a 5e feat?

There is a feat in D&D 3.5e called Monkey Grip. I am considering this 5e feat inspired by that:

Monkey Grip

Wielding a weapon made for a creature one size larger than you doesn’t impose disadvantage on your attacks.

This means, assuming you are Medium and you wield a Large weapon, the base damage die of the weapon is doubled. At best—a Large greatsword or maul—this adds +2d6 damage, or on average +7, to each attack.

Great Weapon Master offers +10 damage at a −5 attack penalty—but you can also choose not to use it if you need the accuracy, and Great Weapon Master also offers the option for a bonus-action attack on a crit or kill. I strongly suspect that a +3 relative bonus in damage is not (remotely) worth a −5 penalty to attack, and I have doubts that the bonus-action attack, as limited as its triggers are, is going to make up the difference. Is this version of Monkey Grip clearly superior to Great Weapon Master? Is there any case in which Great Weapon Mastery would be the optimal choice when this Monkey Grip is available?

The comparison with Sharpshooter, it seems to me, is a little better—the same −5 attack for +10 damage, but the other effects of Sharpshooter seem far more valuable. How does that stack up?

The other consideration is that Monkey Grip and Great Weapon Master could be combined, for a possible +17 damage—unprecedented so far as I know, since most of the direct combat feats are incompatible with one another, unless there’s some way to make a “melee attack” with a “ranged weapon” in order to qualify for both Great Weapon Mastery and Sharpshooter. Still, we could just add a clause to Monkey Grip barring it from being used in combination with Great Weapon Mastery, if necessary, as I suspect it is.

The 3.5e Monkey Grip feat came with a −2 penalty to attack rolls. In that system, that penalty was not worth the benefit, but the benefit was only +1 damage, on average, not up to +7 (unless you really worked at it, but that took much more than just picking the right type of weapon). And, of course, 3.5e math and 5e math are quite different. So I have, for the initial version of the feat, left that out—but the comparison to Great Weapon Mastery leads me to suspect that Monkey Grip needs something. Is a −2 penalty the answer? Comparing Great Weapon Mastery and Monkey Grip, you’d be looking at a −3 relative attack penalty for a +3 relative damage bonus—is that better-balanced? Does it expand the situations in which Great Weapon Mastery is the optimal choice? Does it leave other cases where Monkey Grip is the optimal choice?

Most 5e feats do more than one thing, too. Great Weapon Mastery has the bonus-action attack, Sharpshooter mitigates the difficulties of long range and/or cover. Monkey Grip should probably have something too—I’m kind of leaning towards an Intimidate-based effect, since the whole concept of Monkey Grip is the badass image of someone with a huge freakin’ sword—be nice to see that image have mechanical effect. But I have left that out, too, on the basis that Monkey Grip already looks too good compared to Great Weapon Mastery and GWM’s bonus-action attack or Sharpshooter’s range/cover mitigation might make up the difference. So it would be nice if answers also addressed how large a consideration the bonus-action attack or range/cover mitigation is in determining whether or not Monkey Grip is balanced—if, for example, the lack of an add-on feature makes the difference between the −2 penalty being “enough” for balance, I would want to know that.

How to Troubleshoot an Error Occurred During Port Configuration

An error occurred during port configuration is one of the most common error on Windows 10 while using a printer. This error message shows up when the user presses the Configure Ports button while tweaking port settings. The error can prevent you from making changes to the Ports settings of your printer. If you are also facing the same error message on your device, then you come to the right place.
Source: https://mcafeecomactivate334980539.wordp…iguration/

Read Previous blog: How to Fix Netflix Error NW-2-5? |

With a USB Type-C port, can you switch DisplayPort or HDMI Alternate Mode back to USB after using an adapter? [on hold]

USB Type-C itself is just a connector, and it supports DisplayPort Alternate Mode, as well as HDMI Alternate Mode, depending on the manufacturer.

Does this at all mean that if you’re using a DisplayPort or HDMI adapter in your USB Type-C, e.g., on a MacBook Air, then the monitor’s side itself could switch back from the Alternate Mode of DisplayPort or HDMI back to the plain-old USB?

Port fowarding on a guest network for server hosting [on hold]

I’ve heard about the dangers of port forwarding/server hosting. So I enable the guest network on my Netgear wifi router. The guest wifi network should be separate from the normal network, correct? If so, how would I use it to port forward to host a game server so that it’s on this guest network? So that if anything happens to the server (say it somehow got infected with a virus) it would be contained and wouldn’t affect the main network.

Port 8080 not listening

I have EC2 hosting and it’s configured with Ubuntu OS. I have installed Jenkins and to access it, I added port 8080 into Inbound rules. But I am unable to access URL using port 8080. It says “This site can’t be reached”.

When I run command “sudo netstat -plnt”, I see the listening port 22, 80 etc, but it does not have 8080 listed.

When I run command “curl -v -I localhost:8080”, I get “Failed to connect to localhost port 8080”

I attached all the necessary screens shots for review. I will look forward for the help.

enter image description here

enter image description here

enter image description here

enter image description here

Port Scanning: Question about next steps after Zenmap port scan

I am very new to offensive security

I have done a nmap scan on a public IP, its showing 4 ports open and the OS is undetectable, I have no idea how to proceed further, I appreciate any next steps further in this case. Below is a snippet from nmap output:

Not shown: 995 closed ports PORT     STATE    SERVICE      VERSION 25/tcp   filtered smtp 135/tcp  filtered msrpc 139/tcp  filtered netbios-ssn 445/tcp  filtered microsoft-ds 6009/tcp filtered X11:9  Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: ISS Proventia GX3002 firewall (Linux 2.4.18) (97%), Linux 2.6.22 (Debian 4.0) (97%), CMI Genus NEMA terminal (95%), D-Link DGS-1210 switch (95%), D-Link DI-604 wireless broadband router (95%), Efficient Networks SpeedStream 4100 ADSL router (95%), FreeBSD 6.1-RELEASE (95%), IBM i 6.1 (95%), Cobalt Qube 2700WG (Linux 2.0.34) (95%), Linux 2.4.20 (95%) No exact OS matches for host (test conditions non-ideal).