1 |
On Sat, 2 Feb 2008 10:27:24 -0800 |
2 |
Grant <emailgrant@×××××.com> wrote: |
3 |
|
4 |
> Well thank you for that. I had planned on setting up port knocking |
5 |
> for ssh and cups but I guess I'm just as well off leaving them |
6 |
> listening on 22 and 631? |
7 |
|
8 |
Fail2Ban, though a little intensive, seems to be a decent method for |
9 |
avoiding unwanted SSH traffic while accepting trusted traffic. I have |
10 |
seen one deployment where it seems passably inconspicuous, at least. |
11 |
|
12 |
Alternately, if you run SSH on an unusual port, you're unlikely to see |
13 |
much Bot traffic. I would recommend this, if you're concerned, above |
14 |
port knocking myself -- relying on a complicated "pre-authentication" |
15 |
method rather than / in addition to a remote admin tool like SSH seems |
16 |
to be asking for problems. |
17 |
|
18 |
> As for printing from lpr to cups across the internet, I should be |
19 |
> encrypting that data shouldn't I? Nothing too sensitive but it sounds |
20 |
> like a good thing to do. It looks like cups can use ssl but I don't |
21 |
> see any mention of it in man lpr. |
22 |
|
23 |
SSH Tunneling and VPN come to mind too, but I must ask - what good is |
24 |
printing a physical document across the net, unless the printer is |
25 |
still only a little way away, and if so, what is it doing behind a |
26 |
public network? I am curious about this deployment. |
27 |
|
28 |
> - Grant |
29 |
-- |
30 |
gentoo-user@l.g.o mailing list |