Firewall Wizards mailing list archives
Re: Looking for "lease based popper access"
From: kwooding () codetalker com
Date: Mon, 13 Dec 1999 14:03:18 -0700
The purpose of limiting access based on IP address is NOT authentication. Imagine that a new "sploit" for POP (or SSH) is unleashed at 5:15pm, after most of my competitors have gone home for the weekend. While they are being decimated all weekend long, I'll be resting peacefully because most of the hackers can't even connect to my server. In physical terms, the "border router" is the moat, "dynamic" tcp wrappers is the drawbridge, and the "secret pass phrase" is the key.
True, but Crispin's suggestion of using SSH for this purpose is just as valid. That way you can limit access to localhost. No need to futz with IP addresses at all... And, as suggested before, and SSL approach would work, too. Just give each of your road warriors a valid certificate and authenticate on that. -kj
Current thread:
- VPN solution needed (linux<->win32) or (nt<->win32) Mailing Lists (Dec 08)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Shaun Moran (Dec 10)
- Looking for "lease based popper access" sedwards (Dec 12)
- Re: Looking for "lease based popper access" Crispin Cowan (Dec 13)
- Re: Looking for "lease based popper access" sedwards (Dec 13)
- Re: Looking for "lease based popper access" Crispin Cowan (Dec 13)
- Re: Looking for "lease based popper access" kwooding (Dec 14)
- Looking for "lease based popper access" sedwards (Dec 12)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Shaun Moran (Dec 10)
- <Possible follow-ups>
- RE: VPN solution needed (linux<->win32) or (nt<->win32) sean . kelly (Dec 10)
- Re: VPN solution needed (linux<->win32) or (nt<->win32) Steven M. Bellovin (Dec 12)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Predrag Zivic (Dec 13)
- RE: VPN solution needed (linux<->win32) or (nt<->win32) Tina Bird (Dec 14)