On Wed, 3 Oct 2012, Chris Nighswonger wrote:
You are right that an open port is an open port, but trying keeping the crowd out of 10000 doors is *much* harder than trying to keep them out of 100 doors.
Especially since the cost of checking those additional 9,900 doors is so high.
An open port is not a security issue if nobody is listening. It's not the size of the port range that's important, it's the robustness of the service that is listening.
Limiting the number of potential attackers is much more productive than limiting the size of the port range.
Not to skewer anybody's homeland, but if you block China, both Koreas, Iran, Iraq, Kuwait and any other geographic area you don't expect legitimate traffic from, the volume of attacks will decrease by orders of magnitude.
-- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards [email protected] Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
