Thousands of ssh probes
Tim Judd
tajudd at gmail.com
Sat Mar 6 05:20:58 UTC 2010
On 3/5/10, Randal L. Schwartz <merlyn at stonehenge.com> wrote:
>>>>>> "Tim" == Tim Judd <tajudd at gmail.com> writes:
>
> Tim> I've been in that same boat. I eventually came to the decision to:
> Tim> Install PPTP server software, accepting connections from any IP.
>
> Whoa. Here we are, talking about making it *more* secure, and
> you go the other direction....
>
>
> http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol
>
>
> In short, you can't take anyone seriously who suggests PPTP when
> talking about security.
>
Randal,
It's not meant as the solution for remote access. It's only a
stopgap so you can ssh into your router and add the remote IP. Then
disconnect from the VPN you've configured, PPTP or not, and use SSH.
And the fact that I haven't (yet) seen random bots try vpn will keep
my logs clean. I'm sorry, I respect Randal very much, but..
A) ..wikipedia? that's informative and useful, but not authoritative
in any way.
B) It's connected for maybe 5 minutes at most. While connected, your
ssh session is still encrypted while you add the current remote IP. I
stand by my statements.
The other way (which requires a cron job) is to setup your roaming
laptop with a dyndns address (or similar service) and have your router
re-load it's firewall config periodically for any possible IPv4/IPv6
address changes to be picked up. I haven't done this to finish yet.
More information about the freebsd-questions
mailing list