Thousands of ssh probes

Tim Judd tajudd at
Sat Mar 6 05:20:58 UTC 2010

On 3/5/10, Randal L. Schwartz <merlyn at> wrote:
>>>>>> "Tim" == Tim Judd <tajudd at> writes:
> Tim> I've been in that same boat.  I eventually came to the decision to:
> Tim>   Install PPTP server software, accepting connections from any IP.
> Whoa.  Here we are, talking about making it *more* secure, and
> you go the other direction....
> In short, you can't take anyone seriously who suggests PPTP when
> talking about security.


  It's not meant as the solution for remote access.  It's only a
stopgap so you can ssh into your router and add the remote IP.  Then
disconnect from the VPN you've configured, PPTP or not, and use SSH.

And the fact that I haven't (yet) seen random bots try vpn will keep
my logs clean.  I'm sorry, I respect Randal very much, but..

A) ..wikipedia?  that's informative and useful, but not authoritative
in any way.
B) It's connected for maybe 5 minutes at most.  While connected, your
ssh session is still encrypted while you add the current remote IP.  I
stand by my statements.

The other way (which requires a cron job) is to setup your roaming
laptop with a dyndns address (or similar service) and have your router
re-load it's firewall config periodically for any possible IPv4/IPv6
address changes to be picked up.  I haven't done this to finish yet.

More information about the freebsd-questions mailing list