we will never let that shit even remotely close to our tree. period.

* Johan Söderberg <johan.s.u...@gmail.com> [2011-03-04 15:00]:
> In my mind this is not security by obscurity, no more than one-time 
> passwords. 
> The ports can be compared to the keys of a keyboard when typing a password.
> As with passwords, the implementation is not a secret. 
> The port that is protected is not hidden, it is locked.
> It adds security and do not add attack vectors as it is implemented as a 
> simple 
> ruleset for pf, protecting sshd. It can also be combined with authpf.
> Why waste energy on spammed logs with scans and attacks, banning and luring 
> with 
> honeypots on the outside?
> Why give sshd unnecessary exposure as it may have weaknesses?
> http://en.wikipedia.org/wiki/Security_through_obscurity
> http://stackoverflow.com/questions/4486171/isnt-a-password-a-form-of-security-
> through-obscurity
> http://security.stackexchange.com/questions/1194/port-knocking-is-it-a-good-idea

Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Reply via email to