On 16/09/05, Steve Holdoway wrote: > Yes, I couldn't agree more - the 'default permit' approach is evil and > stupid. However, when requiring ssh access from sites with dynamic ip > addresses it's a good first line of defence.
If you need to connect from a dial-up box that connects thru Foo ISP, just allow the IP block used by Foo's dial-up pool. That narrow's the possible attacks to Foo's other customers. Combined with good passwords and disallowing root login, you should be reasonably okay. Yuri -- ** WARNING to mailing list repliers ** Gmail over-rides "Reply-To:" field. Check your "To:" address before sending reply to this post.
