Date: Sun, 22 Feb 2009 20:04:08 -0500 From: Steve Bertrand <steve@ibctech.ca> To: Andrew Gould <andrewlylegould@gmail.com> Cc: FreeBSD Users Questions <freebsd-questions@freebsd.org> Subject: Re: off topic: reporting attempts to access computers Message-ID: <49A1F608.9040009@ibctech.ca> In-Reply-To: <d356c5630902191236s744621e5m1bc846ad4e01edcf@mail.gmail.com> References: <d356c5630902191000n16c3d3a0md98c4246a5ff2c79@mail.gmail.com> <428745.19949.qm@web32102.mail.mud.yahoo.com> <d356c5630902191236s744621e5m1bc846ad4e01edcf@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Gould wrote: > Yes, it's probably time to move to certificates. Thanks for the suggestion. If you realize this, then you also want to look at devising an allow-allow-deny_by_default approach for other critical protocols that you can't employ certificates for... Instead of blocking huge netblocks with your firewall (possibly causing a denial of service on legitimate hosts), it's easier and more resource friendly to create access rules that deny by default in ANY case. (Those who provide transit or hosting services can obviously ignore this). Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49A1F608.9040009>