Date: Mon, 3 May 2010 11:48:12 -0500 From: Adam Vande More <amvandemore@gmail.com> To: John <john@starfire.mn.org> Cc: freebsd-questions@freebsd.org Subject: Re: pf suggestions for paced attack Message-ID: <q2s6201873e1005030948lf2141e55tc6322dcaca6417d1@mail.gmail.com> In-Reply-To: <20100503163933.GA15599@elwood.starfire.mn.org> References: <20100503144110.GA14402@elwood.starfire.mn.org> <4BDEF9E4.9020806@infracaninophile.co.uk> <20100503163933.GA15599@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 3, 2010 at 11:39 AM, John <john@starfire.mn.org> wrote: > Hi, Matthew. Indeed, yes, you may not recall, but my rules are > based on a set that I originally got from you, and I do, in fact, > have a white list, which I should have mentioned, but some of my > users are "road warriors" and could be coming from virtually anywhere. > You're right, though - it's time to look into alternatives to > password-based authenticaion. I think I've taken password-based > protection and rate adaptive rules to their logical limit. > > What's wrong with denyhosts? Key-based authentication has it's own set pitfalls. I'm far more likely to lose my usb stick than my password. I imagine there are other like me. -- Adam Vande More
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?q2s6201873e1005030948lf2141e55tc6322dcaca6417d1>