From owner-freebsd-questions Tue Mar 4 10:52:57 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51BE037B401 for ; Tue, 4 Mar 2003 10:52:56 -0800 (PST) Received: from server1.ultratrends.com (biik894y288a.ab.hsia.telus.net [66.222.129.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9930543FCB for ; Tue, 4 Mar 2003 10:52:55 -0800 (PST) (envelope-from trodat@server1.ultratrends.com) Received: from server1.ultratrends.com (localhost [127.0.0.1]) by server1.ultratrends.com (8.12.8/8.12.8) with ESMTP id h24IqhrG040768; Tue, 4 Mar 2003 11:52:43 -0700 (MST) Received: from localhost (trodat@localhost) by server1.ultratrends.com (8.12.8/8.12.8/Submit) with ESMTP id h24IqhGr040765; Tue, 4 Mar 2003 11:52:43 -0700 (MST) Date: Tue, 4 Mar 2003 11:52:43 -0700 (MST) From: YOU To: "Kevin Kinsey, DaleCo, S.P." Cc: "Phillip Smith (mailing list)" , freebsd-questions@FreeBSD.ORG Subject: Re: hacking attempts? In-Reply-To: <03b901c2e273$2e51bba0$0100a8c0@DaleCoportable> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 4 Mar 2003, Kevin Kinsey, DaleCo, S.P. wrote: > > him/her/it access to your sshd daemon. NOTE: It is 'normally not a > good > > idea' to do this, but if you don't want to rebuild with a firewall > > configured kernel it will suffice. > > > And the reason it's not a "good idea"? I've always > assumed it was because you didn't want to be > on vacation, at a friends house, or suddenly have > your ISP switch subnets on you and lock you out > of your box... > > Absolutely nothing wrong with denying the > supposed "cracker's" IP; AAMOF, go over > to ARIN or APNIC or such and ditch entire > Class A nets that you'll never touch...I'll never > be in SE Asia, for example... > > I use a dual strategy here. One machine only > trusts a second; on the second box I deny > the known bad guyz and let most others try... > ...Needless to say, the really important stuff > is on the first box... > I was only quoting the default hosts.allow line for sshd which states: # Wrapping sshd(8) is not normally a good idea... This is no reason not to use it since in the man for sshd it states: /etc/hosts.allow, /etc/hosts.deny Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in hosts_access(5). R. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message