From owner-freebsd-security Mon Sep 3 20:54: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from tandem.milestonerdl.com (tandem.milestonerdl.com [204.107.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 67DF737B409 for ; Mon, 3 Sep 2001 20:54:06 -0700 (PDT) Received: from tandem (tandem [204.107.138.1]) by tandem.milestonerdl.com (8.11.2/8.10.0) with ESMTP id f844g6Z44314; Mon, 3 Sep 2001 23:42:06 -0500 (CDT) Date: Mon, 3 Sep 2001 23:42:05 -0500 (CDT) From: Marc Rassbach To: Kevin Way Cc: Not Going to Tell You , freebsd-security@freebsd.org Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. In-Reply-To: <20010904033955.A52291@bean.overtone.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 4 Sep 2001, Kevin Way wrote: > > But by hidding the sshd port, maybe, just maybe, we can reduce the > > number of script kiddies from trying sshd scripts. > just a note that nobody has directly mentioned. You're also exposing > yourself to additional risks. No one seems to have mentioned creating a SKIP gateway. SKIP lost out to IPSEC, but would add another layer of encryption, and most of the script kiddies wouldn't know SKIP VPN if it bit 'em on the linux box. Security via obsecurity (that is what the poke the port IDS is) isn't a good solution. SKIP has white papers about its drawbacks and andvantages. And it will go thru firewalls. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message