From owner-freebsd-questions@FreeBSD.ORG Sat Mar 6 00:35:48 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D52A1065672 for ; Sat, 6 Mar 2010 00:35:48 +0000 (UTC) (envelope-from jon@radel.com) Received: from wave.radel.com (wave.radel.com [216.143.151.4]) by mx1.freebsd.org (Postfix) with ESMTP id 38C788FC47 for ; Sat, 6 Mar 2010 00:35:47 +0000 (UTC) Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6) with PIPE id 9504402; Fri, 05 Mar 2010 19:35:47 -0500 Received: from [216.143.146.251] (account laura@radel.com HELO 222.sub-75-199-113.myvzw.com) by wave.radel.com (CommuniGate Pro SMTP 4.1.6) with ESMTP id 9504400; Fri, 05 Mar 2010 19:35:30 -0500 Message-ID: <4B91A366.1080805@radel.com> Date: Fri, 05 Mar 2010 19:35:50 -0500 From: Jon Radel User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Randal L. Schwartz" References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B910139.1080908@joseph-a-nagy-jr.us> <20100305132604.GC14774@elwood.starfire.mn.org> <86lje6z4ul.fsf@blue.stonehenge.com> In-Reply-To: <86lje6z4ul.fsf@blue.stonehenge.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Radel.com-MailScanner-Information: Please contact Jon for more information X-Radel.com-MailScanner: Found to be clean X-Mailer: CommuniGate Pro CLI mailer Cc: Tim Judd , freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2010 00:35:48 -0000 Randal L. Schwartz wrote: >>>>>> "Tim" == Tim Judd writes: > > Tim> I've been in that same boat. I eventually came to the decision to: > Tim> Install PPTP server software, accepting connections from any IP. > > Whoa. Here we are, talking about making it *more* secure, and > you go the other direction.... > > > http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol > > > In short, you can't take anyone seriously who suggests PPTP when > talking about security. Especially since rolling out OpenVPN and your own little CA to issue yourself and your 10 best friends certificates is pretty easy. I find it easier to wrap my head around than something like IPSEC for supporting a "trusted server on trusted network attached to by laptops that wander around in sometimes sleazy parts of the Internet" model. Just make sure you've kept up to date with your SSL libraries. :-) --Jon Radel jon@radel.com