Niall O Broin
niall at linux.ie
Thu Nov 23 16:50:19 GMT 2006
On 23 Nov 2006, at 16:40, Colm Buckley wrote:
> Have to say that implementing port-knocking was the single most
> effective thing I did to cut back on SSH attacks. Sure, it's
> security by obscurity, but in addition to taking sensible
> precautions (as you did), it really helps.
> http://www.shorewall.net/PortKnocking.html explains how to do it in
> Shorewall. I've actually done 2-stage knocking on my home system,
> but that's paranoid overkill.
Considering that the recommended way to implement knocking on
shorewall will block people trying to find a knocking port, it sure
does sound paranoid. But then again, being paranoid doesn't mean that
they're not out to get you.
More information about the ILUG