Erik Osterholm wrote:
On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
There was some discussion on this list not too long ago, and someone
asked if I was willing to make my pf config and the associated scripts
I wrote for it public.  I would have posted on the original thread,
but I can't find it now.

Here is the information:

First: I'm not sure if the group got to it and I'm posting to a very stale thread here but I've found that the best way to defeat these password scanning ssh bots is to disallow passwords allowing public/private key authentication in their stead. Unfortunately this isn't always possible. Bill's method is a very close second.

Second: I love the simplicity of the stateless firewall rules in Bill's pf.conf. I may have to look at implementing that here.

-- Chris

      __o          "All I was doing was trying to get home from work."
    _`\<,_           -Rosa Parks
Christopher Sean Hilton                    <chris | at |>
        pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to