Date: Fri, 5 Mar 2010 22:20:53 -0700 From: Tim Judd <tajudd@gmail.com> To: "Randal L. Schwartz" <merlyn@stonehenge.com> Cc: freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <ade45ae91003052120k1074c095u7d138a9cc35b9712@mail.gmail.com> In-Reply-To: <86lje6z4ul.fsf@blue.stonehenge.com> References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B910139.1080908@joseph-a-nagy-jr.us> <20100305132604.GC14774@elwood.starfire.mn.org> <ade45ae91003051243g631542c0td756cb09db97157e@mail.gmail.com> <86lje6z4ul.fsf@blue.stonehenge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/5/10, Randal L. Schwartz <merlyn@stonehenge.com> wrote: >>>>>> "Tim" == Tim Judd <tajudd@gmail.com> writes: > > Tim> I've been in that same boat. I eventually came to the decision to: > Tim> Install PPTP server software, accepting connections from any IP. > > Whoa. Here we are, talking about making it *more* secure, and > you go the other direction.... > > > http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol > > > In short, you can't take anyone seriously who suggests PPTP when > talking about security. > Randal, It's not meant as the solution for remote access. It's only a stopgap so you can ssh into your router and add the remote IP. Then disconnect from the VPN you've configured, PPTP or not, and use SSH. And the fact that I haven't (yet) seen random bots try vpn will keep my logs clean. I'm sorry, I respect Randal very much, but.. A) ..wikipedia? that's informative and useful, but not authoritative in any way. B) It's connected for maybe 5 minutes at most. While connected, your ssh session is still encrypted while you add the current remote IP. I stand by my statements. The other way (which requires a cron job) is to setup your roaming laptop with a dyndns address (or similar service) and have your router re-load it's firewall config periodically for any possible IPv4/IPv6 address changes to be picked up. I haven't done this to finish yet.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ade45ae91003052120k1074c095u7d138a9cc35b9712>