From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EMWjh-0007eT-Cy for garchives@archives.gentoo.org; Mon, 03 Oct 2005 20:16:33 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j93GsQhp000573; Mon, 3 Oct 2005 16:54:26 GMT Received: from irina.lenderlab.com (irina.lenderlab.com [166.70.60.148]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j93Go9YQ030982 for <gentoo-security@lists.gentoo.org>; Mon, 3 Oct 2005 16:50:10 GMT Received: from localhost (localhost [127.0.0.1]) by irina.lenderlab.com (Postfix) with ESMTP id D35CE23D894 for <gentoo-security@lists.gentoo.org>; Mon, 3 Oct 2005 10:58:15 -0600 (MDT) Received: from irina.lenderlab.com ([166.70.60.148]) by localhost (irina [166.70.60.148]) (amavisd-new, port 10024) with ESMTP id 12137-01 for <gentoo-security@lists.gentoo.org>; Mon, 3 Oct 2005 10:58:14 -0600 (MDT) Received: from [10.0.0.252] (unknown [166.70.156.138]) by irina.lenderlab.com (Postfix) with ESMTP id E2ED223D7FF for <gentoo-security@lists.gentoo.org>; Mon, 3 Oct 2005 10:58:14 -0600 (MDT) Message-ID: <43416522.4010407@lenderlab.com> Date: Mon, 03 Oct 2005 11:06:42 -0600 From: Kirk Hoganson <kirk2@lenderlab.com> User-Agent: Mozilla Thunderbird 1.0 (X11/20050310) X-Accept-Language: en-us, en Precedence: bulk List-Post: <mailto:gentoo-security@lists.gentoo.org> List-Help: <mailto:gentoo-security+help@gentoo.org> List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs References: <43404CB8.3@lunatic.net.nz> <20051002211923.GA3186@maxiez.national-net.com> <43412B8F.5040207@cs.utk.edu> <20051003141852.4cugwa2ic0ckkk0c@www.rnl.ist.utl.pt> In-Reply-To: <20051003141852.4cugwa2ic0ckkk0c@www.rnl.ist.utl.pt> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at lenderlab.com X-Archives-Salt: 54faae75-b668-479a-9ddb-f445306d3781 X-Archives-Hash: b052bf00ec2bc38727963fd6fa26708f > >> Jeremy, >> I agree with MaxieZ, a combination of SEC and Iptables work nicely >> in this situation and could be extended to other services like FTP, >> IMAP, Web authentication, etc. I personally do not feel that security >> through obscurity by changing the port numbers is a viable solution. > A port knocker of some sort is a much more secure solution that will allow you to block all unwanted IP's but still allow for dynamic addresses. There are port knockers that listen on various ports and work like a combination lock to open the port, and there are others that use a more secure one time pad "magic packet" kind of authentication to open the port for your IP. It is more work to setup, but it is more secure than just changing the port. Remember a few years ago when ssh had a remote exploit? You probably shouldn't leave that port open. -- gentoo-security@gentoo.org mailing list