Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Austin McKinley
  • Date: Sat Nov 19 19:02:54 2005

Or OpenBSD with pf and authpf:

http://www.openbsd.org/faq/pf/authpf.html

Austin

Alexei Roudnev wrote:

I said many times - just use non standard port. Number of hackerts who
discover this port wil decrease approx 10,000 times, to
almost 0 (number).

(Of course, except if you are a bank).

Other approach exists as well - SecureID on firewall. Login to firewall,
authenticate, and have dynamic access list which opens ssh for you (and
still keep ssh on port != 22).


----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net>
To: <nanog@nanog.org>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
Sent: Tuesday, November 15, 2005 11:02 AM
Subject: Re: a record?



On Nov 15, 2005, at 12:52 PM, Church, Chuck wrote:


Isn't it just good security practice to limit telnet/SSH access to
only
a few choice hosts/subnets? I know I'd never allow the 0/0 net access
to a signon screen, even if it is SSH. If you're on vacation and need
to access something, call your NOC, and have them temporarily allow
your
dynamic address for SSH. When a hacker finds an open SSH host, they
think two things - This host is important to someone, and that they
need
more doughnuts...

That is an excellent idea. As soon as I hire a NOC for my personal
boxes, I'll get right on that. But, since I Am Not An Isp, I doubt
that is going to happen soon.

Remember, not every box on the Internet is supported by a whole
network of resources (physical and human).

--
TTFN,
patrick







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.