[svlug] Firewalls?

Mark msalists at gmx.net
Tue Jan 23 10:53:35 PST 2007


> 
> They have no chance to get in.  OK, so what specific problem are you
> trying to solve, again?   And what exactly makes IP/port filtering
> ("firewalls") an appropriate tool for that?
> 
> Maybe the problem you're trying to solve is "I'm really 
> bothered by the
> logcheck reports that show all those dictionary attacks."  Since you
> say there's no chance of them getting in, maybe the right solution is 
> to better configure logcheck's[1] reporting, to reduce the meaningless
> information so you can concentrate on what's significant.
> 
> This matter seems to come up frequently, by the way.

Some time ago I suggested having sshd listen to a different port than 22. I was criticized that this was just a workaround and
didn't really fix the problem at a deeper level, but it worked for me. It's been over a year now and I can not remember having had
one hit since. Before I changed the port I had tens of thousands of hits every single day...

MARK





More information about the svlug mailing list