Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Kirk Hoganson <kirk2@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Mon, 03 Oct 2005 11:06:42 -0600
> 
>> Jeremy,
>>   I agree with MaxieZ, a combination of SEC and Iptables work nicely 
>> in this situation and could be extended to other services like FTP, 
>> IMAP, Web authentication, etc.  I personally do not feel that security 
>> through obscurity by changing the port numbers is a viable solution.
> 


A port knocker of some sort is a much more secure solution that will 
allow you to block all unwanted IP's but still allow for dynamic 
addresses.  There are port knockers that listen on various ports and 
work like a combination lock to open the port, and there are others that 
use a more secure one time pad "magic packet" kind of authentication to 
open the port for your IP.  It is more work to setup, but it is more 
secure than just changing the port.  Remember a few years ago when ssh 
had a remote exploit?  You probably shouldn't leave that port open.
-- 
gentoo-security@g.o mailing list


Replies:
Re: [OT?] automatically firewalling off IPs
-- boger
References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- MaxieZ
Re: [OT?] automatically firewalling off IPs
-- David vasil
Re: [OT?] automatically firewalling off IPs
-- rpfc
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: Kernels and GLSAs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.