[mschempp]

I think what rmholt means is that ruroco does not improve security in the sense, that it has stronger and safer encryption/algorithms/... but that it merely "hides" existing services.

I would argue that it does improve security in the way that it reduces the attack surface of potential vulnerable services, because they are simply not accessible for adversaries.

On the other hand, having another tool running increases the attack surface, but imho that's very small.

[rmholt]

Yup that's what I meant! And I am worried that a replay attack would be able to bypass ruroco. Thus ruruco is not a replacement for good SSH security, which you have to do anyway.

But like I wanna stress that I like ruroco and I might end up using it to decrease the internet noise on my home lab, but I'm just worried that someone might end up relying on ruroco instead of proper SSH security

[mschempp]

a replay attack won't work, because every UDP packet data has deadline in nanoseconds.

Once this UDP packet reaches the server the deadline will be added to the blocklist.

If an attacker sends the same packet again, the server will check its blocklist for the deadline. It does not matter if the deadline has been reached or not. once the packet reaches the server, the deadline of that packet will be added to the blocklist.

[rmholt]

I see i see good to know, thanks!