-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-03-29 at 07:20 -0000, Sid Boyce wrote:
An open sshd behind an open firewall will be under brute force attack in about 23 milliseconds after going on-line :-)
That's for certain. I had one occasion when I went to a relative's home armed with CD's to get his box up to date, only to find I didn't have everything with me, so on the next occasion, I enabled the ssh port on my smoothwall box so I could get to the stuff remotely. A few days later I remembered it was open and there were numerous attempts at a break in, all failed.
Another option would be to stop sshd if the user stops/dissables the firewall. Or rather stop all network services! :-P And to open it in the firewall with the "FW_SERVICES_ACCEPT_EXT" option. That could be another can of worms, perhaps... :-? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFH7hu/tTMYHG2NR9URAqZrAKCIGZ7P+Nn7bjGM2dVm59SjR47xVwCfQxOS lHwmT9BssdzMk1nkNdO8mGw= =lfkM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org