From owner-freebsd-questions@FreeBSD.ORG  Sat Mar  6 00:35:48 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7D52A1065672
	for <freebsd-questions@freebsd.org>;
	Sat,  6 Mar 2010 00:35:48 +0000 (UTC) (envelope-from jon@radel.com)
Received: from wave.radel.com (wave.radel.com [216.143.151.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 38C788FC47
	for <freebsd-questions@freebsd.org>;
	Sat,  6 Mar 2010 00:35:47 +0000 (UTC)
Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6)
	with PIPE id 9504402; Fri, 05 Mar 2010 19:35:47 -0500
Received: from [216.143.146.251] (account laura@radel.com HELO
	222.sub-75-199-113.myvzw.com)
	by wave.radel.com (CommuniGate Pro SMTP 4.1.6)
	with ESMTP id 9504400; Fri, 05 Mar 2010 19:35:30 -0500
Message-ID: <4B91A366.1080805@radel.com>
Date: Fri, 05 Mar 2010 19:35:50 -0500
From: Jon Radel <jon@radel.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: "Randal L. Schwartz" <merlyn@stonehenge.com>
References: <20100305125446.GA14774@elwood.starfire.mn.org>	<4B910139.1080908@joseph-a-nagy-jr.us>	<20100305132604.GC14774@elwood.starfire.mn.org>	<ade45ae91003051243g631542c0td756cb09db97157e@mail.gmail.com>
	<86lje6z4ul.fsf@blue.stonehenge.com>
In-Reply-To: <86lje6z4ul.fsf@blue.stonehenge.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Radel.com-MailScanner-Information: Please contact Jon for more information
X-Radel.com-MailScanner: Found to be clean
X-Mailer: CommuniGate Pro CLI mailer
Cc: Tim Judd <tajudd@gmail.com>, freebsd-questions@freebsd.org
Subject: Re: Thousands of ssh probes
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2010 00:35:48 -0000


Randal L. Schwartz wrote:
>>>>>> "Tim" == Tim Judd <tajudd@gmail.com> writes:
> 
> Tim> I've been in that same boat.  I eventually came to the decision to:
> Tim>   Install PPTP server software, accepting connections from any IP.
> 
> Whoa.  Here we are, talking about making it *more* secure, and
> you go the other direction....
> 
> 
> http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol
> 
> 
> In short, you can't take anyone seriously who suggests PPTP when
> talking about security.

Especially since rolling out OpenVPN and your own little CA to issue 
yourself and your 10 best friends certificates is pretty easy.  I find 
it easier to wrap my head around than something like IPSEC for 
supporting a "trusted server on trusted network attached to by laptops 
that wander around in sometimes sleazy parts of the Internet" model.

Just make sure you've kept up to date with your SSL libraries.  :-)

--Jon Radel
jon@radel.com