Date: Fri, 05 Mar 2010 19:35:50 -0500 From: Jon Radel <jon@radel.com> To: "Randal L. Schwartz" <merlyn@stonehenge.com> Cc: Tim Judd <tajudd@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <4B91A366.1080805@radel.com> In-Reply-To: <86lje6z4ul.fsf@blue.stonehenge.com> References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B910139.1080908@joseph-a-nagy-jr.us> <20100305132604.GC14774@elwood.starfire.mn.org> <ade45ae91003051243g631542c0td756cb09db97157e@mail.gmail.com> <86lje6z4ul.fsf@blue.stonehenge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Randal L. Schwartz wrote: >>>>>> "Tim" == Tim Judd <tajudd@gmail.com> writes: > > Tim> I've been in that same boat. I eventually came to the decision to: > Tim> Install PPTP server software, accepting connections from any IP. > > Whoa. Here we are, talking about making it *more* secure, and > you go the other direction.... > > > http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol > > > In short, you can't take anyone seriously who suggests PPTP when > talking about security. Especially since rolling out OpenVPN and your own little CA to issue yourself and your 10 best friends certificates is pretty easy. I find it easier to wrap my head around than something like IPSEC for supporting a "trusted server on trusted network attached to by laptops that wander around in sometimes sleazy parts of the Internet" model. Just make sure you've kept up to date with your SSL libraries. :-) --Jon Radel jon@radel.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B91A366.1080805>