Chad Perrin wrote:
On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote:
On December 18, 2007 at 12:47AM sham khalil wrote:

once you open port 22 to public ip, you'll get people try to bruteforce your
machine.
if you don't want that set sshd to listen to a higher number like 5522
then forward port 5522 from the router to the internal machines.

unfortunately for wrt54g, you can't forward port 5522 to 22 for internal
machine.
Security through obscurity is a poor substitute for security. Port scanners
will eventually find that port also.

One needs something else for security against brute-force attempts, but
changing the port number does help cut down on the amount of bandwidth
consumption on the LAN side of your router by allowing the router to
ignore/deny all incoming traffic on port 22.

Has denyhosts been considered?

Brian
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to