"Properly protected" however sounds a bit like blaming the victim. I would
say it's a lot easier to protect a castle that just has one gate. If I use
it once a year, why leave it running all the time beckoning to bad guys or
waiting for me to slip up on firewall rules?
In addition to SSH, the other attractive nuisance seems to be RDP. There's
a simple little tool called DUBrute the kiddies will run against tcp/3389,
they don't have to be successful, just the traffic will mess you up.
I'm waiting for webcams to be the next big target, so many of them use UPnP
and DynDNS to expose a webserver on a public IP, and end users buy them at
Amazon and Costco, even supposed computer and networking professionals
install them with no thoughts about network security.
-----Original Message-----
From: Butch Evans via Af
Sent: Sunday, November 16, 2014 3:04 PM
To: [email protected]
Subject: Re: [AFMUG] [OT] Weird MT situation
On 11/16/2014 08:48 AM, Erich Kaiser via Af wrote:
Winbox and MAC-Telnet are your friend, there is no need to have anything
else enabled. You can send backup scripts via email. Version 6.5 and
higher has worked rock solid and the export scripts work perfectly.
Properly protected, there is no need to turn them off, either. As a
consultant, there is nothing more frustrating than to have to walk one
router at a time via mac-telnet to reach a router that SHOULD be
reachable via ssh.
--
Butch Evans
702-537-0979
Network Support and Engineering
http://store.wispgear.net/
http://www.butchevans.com/
