> not trying to speak for ed, but IMHO...it's dumb because any > yahoo with > a local account on a machine can create a listening socket on > a port >= > 1024.
Anyone can create a socket above 1024 anyway, regardless .. this has nothing to do with ssh. If you are running a server, full of users with shell access, you must have a completely different security model. If this is a gateway then ... I don't want to beat this to death, so let me say this is my opinion. If you want to knock off most of the port pounding twits, stop allowing ssh from 'any', filter instead by source. If you can't do that, because you MUST have access from your remote laptop, then maybe try using a ssh rule that says use OS type =my remote OS. Cheers Rm