Re: a record?

[Austin McKinley <amckinle () andrew cmu edu>]

Or OpenBSD with pf and authpf:

http://www.openbsd.org/faq/pf/authpf.html

Austin

Alexei Roudnev wrote:

> I said many times - just use non standard port. Number of hackerts who
> discover this port wil decrease approx 10,000 times, to
> almost 0 (number).
>
> (Of course, except if you are a bank).
>
> Other approach exists as well - SecureID on firewall. Login to firewall,
> authenticate, and have dynamic access list which opens ssh for you (and
> still keep ssh on port != 22).
>
>
> ----- Original Message ----- 
> From: "Patrick W. Gilmore" <patrick () ianai net>
> To: <nanog () nanog org>
> Cc: "Patrick W. Gilmore" <patrick () ianai net>
> Sent: Tuesday, November 15, 2005 11:02 AM
> Subject: Re: a record?
>
>
>  
>
> > On Nov 15, 2005, at 12:52 PM, Church, Chuck wrote:
> >
> >    
> >
> > > Isn't it just good security practice to limit telnet/SSH access to
> > > only
> > > a few choice hosts/subnets?  I know I'd never allow the 0/0 net access
> > > to a signon screen, even if it is SSH.  If you're on vacation and need
> > > to access something, call your NOC, and have them temporarily allow
> > > your
> > > dynamic address for SSH.  When a hacker finds an open SSH host, they
> > > think two things - This host is important to someone, and that they
> > > need
> > > more doughnuts...
> > >      
> > That is an excellent idea.  As soon as I hire a NOC for my personal
> > boxes, I'll get right on that.  But, since I Am Not An Isp, I doubt
> > that is going to happen soon.
> >
> > Remember, not every box on the Internet is supported by a whole
> > network of resources (physical and human).
> >
> > --
> > TTFN,
> > patrick
> >    
>
>
>