Jeremy,
I agree with MaxieZ, a combination of SEC and Iptables work nicely
in this situation and could be extended to other services like FTP,
IMAP, Web authentication, etc. I personally do not feel that security
through obscurity by changing the port numbers is a viable solution.
A port knocker of some sort is a much more secure solution that will
allow you to block all unwanted IP's but still allow for dynamic
addresses. There are port knockers that listen on various ports and
work like a combination lock to open the port, and there are others that
use a more secure one time pad "magic packet" kind of authentication to
open the port for your IP. It is more work to setup, but it is more
secure than just changing the port. Remember a few years ago when ssh
had a remote exploit? You probably shouldn't leave that port open.
--
[email protected] mailing list
