we will never let that shit even remotely close to our tree. period. * Johan Söderberg <johan.s.u...@gmail.com> [2011-03-04 15:00]: > In my mind this is not security by obscurity, no more than one-time > passwords. > The ports can be compared to the keys of a keyboard when typing a password. > As with passwords, the implementation is not a secret. > The port that is protected is not hidden, it is locked. > It adds security and do not add attack vectors as it is implemented as a > simple > ruleset for pf, protecting sshd. It can also be combined with authpf. > Why waste energy on spammed logs with scans and attacks, banning and luring > with > honeypots on the outside? > Why give sshd unnecessary exposure as it may have weaknesses? > > http://en.wikipedia.org/wiki/Security_through_obscurity > http://stackoverflow.com/questions/4486171/isnt-a-password-a-form-of-security- > through-obscurity > http://security.stackexchange.com/questions/1194/port-knocking-is-it-a-good-idea
-- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
