Date: Tue, 4 Mar 2003 11:52:43 -0700 (MST) From: YOU <trodat@server1.ultratrends.com> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> Cc: "Phillip Smith (mailing list)" <lists@3bags.com>, freebsd-questions@FreeBSD.ORG Subject: Re: hacking attempts? Message-ID: <Pine.BSF.4.21.0303041147480.40517-100000@server1.ultratrends.com> In-Reply-To: <03b901c2e273$2e51bba0$0100a8c0@DaleCoportable>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Mar 2003, Kevin Kinsey, DaleCo, S.P. wrote: > > him/her/it access to your sshd daemon. NOTE: It is 'normally not a > good > > idea' to do this, but if you don't want to rebuild with a firewall > > configured kernel it will suffice. > > > And the reason it's not a "good idea"? I've always > assumed it was because you didn't want to be > on vacation, at a friends house, or suddenly have > your ISP switch subnets on you and lock you out > of your box... > > Absolutely nothing wrong with denying the > supposed "cracker's" IP; AAMOF, go over > to ARIN or APNIC or such and ditch entire > Class A nets that you'll never touch...I'll never > be in SE Asia, for example... > > I use a dual strategy here. One machine only > trusts a second; on the second box I deny > the known bad guyz and let most others try... > ...Needless to say, the really important stuff > is on the first box... > I was only quoting the default hosts.allow line for sshd which states: # Wrapping sshd(8) is not normally a good idea... This is no reason not to use it since in the man for sshd it states: /etc/hosts.allow, /etc/hosts.deny Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in hosts_access(5). R. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0303041147480.40517-100000>