Onpening and Closing ports
Ted Mittelstaedt
tedm at toybox.placo.com
Tue Feb 13 06:06:04 UTC 2007
----- Original Message -----
From: "Robert C Wittig" <wittig.robert at sbcglobal.net>
To: <freebsd-questions at freebsd.org>
Sent: Monday, February 12, 2007 1:53 PM
Subject: Re: Onpening and Closing ports
> Dave Carrera wrote:
> > Hi All,
> >
> > Had a little nasty person trying to break my sshd on port 22.
> >
> > I need to change and open a new port for sshd but i do not know how.
> >
> > Can one of you kind people help me with this please
> >
> > Many kind regards
> >
>
> Instead of changing the sshd port, I set a PF rule that only permits
> port 22 logins from a specific list of IP addresses, where I expect ssh
> logins from.
>
> This would definitely not work on a production machine, with a lot of
> people logging in from random IP's,
Au-contraire!
We are finding with production systems that the cracking attacks are getting
so bad that we are starting to recommend to corporate customers that
they do exactly that!
These days when we setup a new corporate network there's only ONE port on
the firewall that is open to the outside - the VPN port, whatever that may
be.
(usually IPSec vpns but MS PPTP is also still quite popular)
Everything else is restricted to specificed source IP number. Any road
warriors
out there either have to VPN in then go to where they want, or they have to
be coming from a static IP number.
Their websites are never hosted on inside servers. Either they are hosted
at
our NOC or they are on a DMZ network that is outside their LAN, and the
website carries nothing of value on it - because the expectation is that
ultimately it
will be broken into and destroyed by a cracker.
Ted
More information about the freebsd-questions
mailing list