off topic: reporting attempts to access computers
Steve Bertrand
steve at ibctech.ca
Sun Feb 22 17:04:12 PST 2009
Andrew Gould wrote:
> Yes, it's probably time to move to certificates. Thanks for the suggestion.
If you realize this, then you also want to look at devising an
allow-allow-deny_by_default approach for other critical protocols that
you can't employ certificates for...
Instead of blocking huge netblocks with your firewall (possibly causing
a denial of service on legitimate hosts), it's easier and more resource
friendly to create access rules that deny by default in ANY case. (Those
who provide transit or hosting services can obviously ignore this).
Steve
More information about the freebsd-questions
mailing list