Scott Ullrich wrote: > On Thu, May 21, 2009 at 3:37 PM, David Burgess <[email protected]> wrote: >> http://linux.slashdot.org/article.pl?sid=09/05/21/1824220&from=rss >> >> What versions run in pfsense? Is this something we should be concerned about? > > http://openssh.com/txt/cbc.adv > > In a nutshell: not a problem. If you are paranoid, turn off SSH. It > is not required for pfSense daily operations.
we run ssh on a non-standard port on pfsense firewalls and vpn servers, and we don't allow the whole world access anyway, only relatively trusted IPs; it'd be pretty hard to use spoofed IPs and blindly crack SSH, so I think we're pretty safe. we also run pfsense web as https AND on non-standard port AND only allow relatively trusted IPs too. so far so good. :-) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
