Probably I am a little too paranoid, I just don't want anyone to logon to the box at all. My theory is if there are no services open then people cannot log on to the box. My firewall is just there to forward and filter packets. I agree with you with the power of sshd. I just believe that if someone wants to get in then there is no way of stopping them. If there is no port for them to logon to then how can they gain access unless they are a local user? Yes I could use IPtables to filter the access to specific addresses and ports. I just wanted to ensure that my box was a tight as you could get it.
> > > I do install compilers on to my firewall, in case I want to compile > > a package mind you I never install any servers, especially either > > telnetd or sshd, on my firewall. If I want to make a mod to my firewall > > I have to do it locally. > > Can you explain why you exclude sshd? Sure, telnet passes clear passwords > and text, but the entire sshd communication is encrypted and has been > proven extremely difficult to crack, particularly where key-exchange > authentication is used instead of passwords. > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
