From: Kelly Setzer <Kelly.Setzer@placemark.com>
To: netfilter@lists.netfilter.org
Cc: Mark Seamans <marks@crvinc.com>
Subject: Re: Core Linux Router - NO NAT
Date: Fri, 21 Mar 2003 09:23:07 -0600 [thread overview]
Message-ID: <20030321152307.GA25317@placemark.com> (raw)
In-Reply-To: <200303210140.48570.netfilter@newkirk.us>
On Fri, Mar 21, 2003 at 01:41:22AM -0500, Joel Newkirk wrote:
> On Thursday 20 March 2003 06:23 pm, Mark Seamans wrote:
> > I wish to protect the box itself, while it preforms it's duties as a
> > Router allowing only ssh from the ip's that I wish for management.
> > This way I can also setup rules to protect it form DOS attacks etc...
> >
> > So any suggestions would be great.
> >
> Another approach might be to have only one or two IPs from which you
> allow SSH connections. Then if you need to connect from a remote
I've seen the argument made that ssh should be configured only to
authenticate with rsa keys.
(PasswordAuthentication no)
It makes it impossible for someone to try guessing passwords.
Whether or not you can keep your key secure is another matter.
Also, running ssh on another port, say port 25 or 80 will help you
evade some of the automated scanning tools.
Kelly
--
Kelly Setzer, System Administrator/Architect - Placemark Investments
14180 Dallas Pkwy, Suite 200, Dallas, TX 75240
kelly.setzer@placemark.com http://www.placemark.com
(972)404-8100x41 (work) (214) 287-3464 (cell)
next prev parent reply other threads:[~2003-03-21 15:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-20 23:23 Core Linux Router - NO NAT Mark Seamans
2003-03-21 6:41 ` Joel Newkirk
2003-03-21 11:16 ` Mark Seamans
2003-03-21 15:23 ` Kelly Setzer [this message]
2003-03-21 15:19 ` James A. Pattie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030321152307.GA25317@placemark.com \
--to=kelly.setzer@placemark.com \
--cc=marks@crvinc.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox