Erik Osterholm wrote:
On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
There was some discussion on this list not too long ago, and someone
asked if I was willing to make my pf config and the associated scripts
I wrote for it public. I would have posted on the original thread,
but I can't find it now.
Here is the information:
http://www.potentialtech.com/cms/node/16
First: I'm not sure if the group got to it and I'm posting to a very
stale thread here but I've found that the best way to defeat these
password scanning ssh bots is to disallow passwords allowing
public/private key authentication in their stead. Unfortunately this
isn't always possible. Bill's method is a very close second.
Second: I love the simplicity of the stateless firewall rules in Bill's
pf.conf. I may have to look at implementing that here.
-- Chris
--
__o "All I was doing was trying to get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)___________________________________________________________
Christopher Sean Hilton <chris | at | vindaloo.com>
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
