On 16/09/05, Steve Holdoway wrote:
> Yes, I couldn't agree more - the 'default permit' approach is evil and
> stupid. However, when requiring ssh access from sites with dynamic ip
> addresses it's a good first line of defence.

If you need to connect from a dial-up box that connects thru Foo ISP,
just allow the IP block used by Foo's dial-up pool. That narrow's the
possible attacks to Foo's other customers. Combined with good
passwords and disallowing root login, you should be reasonably okay.

Yuri
-- 
** WARNING to mailing list repliers **
Gmail over-rides "Reply-To:" field. Check your "To:" address before
sending reply to this post.

Reply via email to