List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
>> I agree with MaxieZ, a combination of SEC and Iptables work nicely
>> in this situation and could be extended to other services like FTP,
>> IMAP, Web authentication, etc. I personally do not feel that security
>> through obscurity by changing the port numbers is a viable solution.
A port knocker of some sort is a much more secure solution that will
allow you to block all unwanted IP's but still allow for dynamic
addresses. There are port knockers that listen on various ports and
work like a combination lock to open the port, and there are others that
use a more secure one time pad "magic packet" kind of authentication to
open the port for your IP. It is more work to setup, but it is more
secure than just changing the port. Remember a few years ago when ssh
had a remote exploit? You probably shouldn't leave that port open.
firstname.lastname@example.org mailing list