2008/10/12 Daniel Pittman <[EMAIL PROTECTED]>: [snip] > To me, this is like airport security: I am all in favour of securing air > travel. I am not in favour of doing things that make people *feel* > secure without actually doing a damn thing. > > Regards, > Daniel
Hey, Just to quickly weigh in on this... Port knocking, as long as it is not the entire security strategy could be a relevent addition here. The problem as stated by the OP is 'idiots from eastern Europe and Russia tring to crack my server'. The layer of obscurity that port knocking adds could be considered akin to changing the port number and even that small change often drops the number of attempts to zero (judging by the many reports and responses on other lists and forums). If someone is actually trying to break _your_ server then it won't help much, as you said, but if the intent is to break _a_ server then it may be sufficient to make them move on. In this regard a really simple sequence is just as effective as anything more complex. The vaunted airport 'security theatre' efforts are similar here in that they help prevent casual or impulsive incidents but (arguably) don't do much for any true, concerted efforts. cheers, Owen. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
