On 5/15/06, GreenX FreeBSD <[EMAIL PROTECTED]> wrote:
> I'd advise against what you're trying to do. It won't make your box > more secure. Why? Simply so, on ssh you will not come any more. If I am not mistaken, probability of that the scanner will begin the check with "key" port, and further at once will check up sshd is equal - 1 / (0xFFFF*0xFFFE). If he will not make itthis, he can be caught on max-src-conn-rate concerning public services, and to put for his forward from all ports on ssh localhost.
And you always connect from a trusted network? Presumably the answer to this is no, else you'd just put rules in to allow the trusted network to connect. Port-knocking is security through obscurity at it's best and at a minimum is wide open to replay attacks. If the concern is simply that you don't want someone brute forcing an account, force the use of SSH authorized keys. Run a script watching the logs for anyone failing logins and add those addresses to a block list. --Bill _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
