North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: a record?

  • From: Church, Chuck
  • Date: Tue Nov 15 12:53:29 2005

Isn't it just good security practice to limit telnet/SSH access to only
a few choice hosts/subnets?  I know I'd never allow the 0/0 net access
to a signon screen, even if it is SSH.  If you're on vacation and need
to access something, call your NOC, and have them temporarily allow your
dynamic address for SSH.  When a hacker finds an open SSH host, they
think two things - This host is important to someone, and that they need
more doughnuts...


Chuck 


-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Frank Louwers
Sent: Tuesday, November 15, 2005 3:03 AM
To: nanog@nanog.org
Subject: Re: a record?


On Tue, Nov 15, 2005 at 12:01:00AM +0100, Peter Dambier wrote:
> 
> Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?

don't do that! Lots of (access) isps around the world (esp here in
Europe) block those ports (in and out), so if you ever need emergency
access to your system from a network you don't know, you'll find
yourself blocked.

Kind Regards,
Frank Louwers

-- 
Openminds bvba                www.openminds.be
Tweebruggenstraat 16  -  9000 Gent  -  Belgium