Re: [Fwd: security]

To: debian-security@lists.debian.org
Subject: Re: [Fwd: security]
From: Gerrit Pape <pape@smarden.org>
Date: Sun, 30 Jan 2005 13:50:40 +0000
Message-id: <[🔎] 20050130134938.19774.qmail@f2ed63be1e31c9.315fe32.mid.smarden.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20050130124954.GC14261@khazad-dum.debian.net>
References: <[🔎] 1107011135.20873.2.camel@localhost.localdomain> <[🔎] 20050129194843.GA23004@littleprojects.org> <[🔎] 20050130124954.GC14261@khazad-dum.debian.net>

On Sun, Jan 30, 2005 at 10:49:54AM -0200, Henrique de Moraes Holschuh wrote:
> On Sat, 29 Jan 2005, smj@littleprojects.org wrote:
> > There are a lot of SSH brute force attacking scripts out there right
> > now.  I see them here at home and I see them try to get into the work
> > machines all of the time.  A firewall will help you, but you will want
> > to ensure that SSH is secured as well.
> 
> Yes. If you know the range of IPs you're likely to use, even something as
> simple as tcpwrappers (/etc/hosts.allow, /etc/hosts.deny) will avoid a lot
> of trouble for ssh.

I personally use a dyndns service to pre-authenticate access to a (not
only) ssh service.  This is implemented by the tinydyndns project, and
the ipsvd package, which can check a client's IP address against IPs one
or more dns names resolve to at the time the client tries to connect.

Regards, Gerrit.
-- 
Open projects at http://smarden.org/pape/.

Reply to:

References:
- [Fwd: security]
  - From: michael <linux@networkingnewsletter.org.uk>
- Re: [Fwd: security]
  - From: smj@littleprojects.org
- Re: [Fwd: security]
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: woody kernel image
Next by Date: Re: [Fwd: security]
Previous by thread: Re: [Fwd: security]
Next by thread: Re: [Fwd: security]
Index(es):
- Date
- Thread