> 
>> Jeremy,
>>   I agree with MaxieZ, a combination of SEC and Iptables work nicely 
>> in this situation and could be extended to other services like FTP, 
>> IMAP, Web authentication, etc.  I personally do not feel that security 
>> through obscurity by changing the port numbers is a viable solution.
> 


A port knocker of some sort is a much more secure solution that will 
allow you to block all unwanted IP's but still allow for dynamic 
addresses.  There are port knockers that listen on various ports and 
work like a combination lock to open the port, and there are others that 
use a more secure one time pad "magic packet" kind of authentication to 
open the port for your IP.  It is more work to setup, but it is more 
secure than just changing the port.  Remember a few years ago when ssh 
had a remote exploit?  You probably shouldn't leave that port open.
-- 
gentoo-security@g.o mailing list