On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte:
> I've build some swatch-rules that after two of these hits, I dump
> the host into ifpw-deny space.
>
Aye. I thought about writing a script, doing the same like yours, too.
Could you post this script somewhere, so that I could add some
functional
Hi there,
[EMAIL PROTECTED] wrote:
Also, if you have access to the router, it's handy to re-write traffic from a
higher public port down to port 22 on the server, since that will trip up anyone
doing scans looking for a connect on port 22 across a large number of IP's.
No. That's security by o
Hi there,
Peter Jeremy wrote:
On Mon, 2005-Nov-21 09:33:07 +0100, Marian Hettwer wrote:
[EMAIL PROTECTED] wrote:
Also, if you have access to the router, it's handy to re-write
traffic from a higher public port down to port 22 on the server,
since that will trip up anyone doing scans lo
Hej there,
Bitbucket wrote:
I agree that this is not good security. It does NOT make your system more
secure.
ack :)
But I stop should of saying it should not be done as I can see no
detremental effect to changing the port number. If it makes you sleep
better at night then do it. It canno
Hi Jeremie,
Jeremie Le Hen wrote:
Hi, Marian,
Security is not absolute, as you surely know considering the fact you
seem to be quite sensitive to it. I guess that most of running sshd(8)
are bound to port tcp/22. If a group of hackers find a hole in
OpenSSH's sshd(8) implementation in a ver
Hej Ray,
[EMAIL PROTECTED] wrote:
The point isn't to get more secure. You are correct by saying that moving the
Hu. I thought the point was to get more security. If it's more about
"stealth", okay, move the daemon to another port :)
port # doesn't make anything more secure. But why make
Hi Roger,
Roger Marquis wrote:
[EMAIL PROTECTED] wrote:
The point isn't to get more secure. You are correct by saying that
moving the port # doesn't make anything more secure.
Actually the point _is_ security and changing the port number _does_
improve it significantly though only from one
Hi there,
Hadi Maleki wrote:
Any BFD/AFP softwares available for FreeBSD 4.10?
If you would update to a recent FreeBSD Release, you could probably use
some nice pf(4) things...
Im getting flooded with ssh and ftp attempts.
I recently stumbled over quite a nice pf.conf (see man pfctl for
d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
Scott Long wrote:
> Brent Casavant wrote:
>
>> While I find ports to be the single most useful feature of the FreeBSD
>> experience, and can't thank contributors enough for the efforts, I on
>> the other hand find updating my installed por
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ion,
Ion-Mihai IOnut Tetcu wrote:
>>I have to agree on that statement. I would love to see branched ports.
>>This can get very important on servers, were you don't want to have
>>major upgrades, but only security updates.
>>I guess it's a question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hej Yann,
Yann Golanski wrote:
> Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700
>
>>Peter Jeremy wrote:
>>
>>>One of the major problems with unattended/automatic updating is
>>>that it is hard to filter them.
>>
>>It's hard to make a good
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Allen wrote:
>>
>
>
> Did you just tell him to get another computer for each arch to have as a
> build machine???
Yes I did...
>
> Being a broke college student I don't think that's something I'd ever do to
> install updates on my boxes.
> I c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Garance A Drosihn wrote:
> At 2:45 PM -0400 5/24/06, Allen wrote:
>> Did you just tell him to get another computer for each arch
>> to have as a build machine???
>>
>> Being a broke college student I don't think that's something
>> I'd ever do to in
Hi Chris,
Chris Palmer schrieb:
So I'm not too worried about the lack of urgency from the FreeBSD security
team on this particular issue. It's not news that DNS is insecure and that
BIND has a bug. Nobody should have been depending on the security of DNS or
on a bulletproof BIND.
True words
Hi Oliver,
On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme
<[EMAIL PROTECTED]> wrote:
> Andrew Thompson wrote:
> > Pete French wrote:
> > > > The bce driver is not properly generating link state events.
> > >
> > > OK, that explains why it doesnt failover - but why does looking at
it
>
Hej All,
olli hauer schrieb:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
provides a
reasonably useful list of ports NOT to choose for an obscure ssh
port.
In practice, you have no choice but to use someting like 443 or 8080,
because corporate firewalls often block eve
On Fri, 27 Aug 2010 15:02:43 +0200, Andy Kosela
wrote:
>
> If you care about security I would definetly dump sudo(8) in the
> first place...
>
Why is that? I'd like to hear some good reasons why one should not use
sudo(8) if one's interested in security.
Quite the opposite is true, imo.
So...
On Fri, 27 Aug 2010 15:27:07 +0100, István wrote:
> Well to be honest i don't see any case when i want to give sudo+tcpdump
> access to any user on my box. And those who are admins/roots anyway the "su
> -" just works perfectly and they can run tcpdump.
>
Well, that wasn't an answer to my questi
On Fri, 27 Aug 2010 19:20:57 +0300, "Aldis Berjoza"
wrote:
> On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer wrote:
>
>> On Fri, 27 Aug 2010 15:27:07 +0100, István wrote:
>>
>>> Well to be honest i don't see any case when i want to give sudo+tcp
19 matches
Mail list logo
