Sid Boyce wrote:
Per Jessen wrote:
Richard (MQ) wrote:
Having said that - surely the memory footprint must be fairly small, and ssh security bugs are fairly rare ! ;-)
An open sshd behind an open firewall will be under brute force attack in about 23 milliseconds after going on-line :-)
/Per Jessen, Zürich
That's for certain. I had one occasion when I went to a relative's home armed with CD's to get his box up to date, only to find I didn't have everything with me, so on the next occasion, I enabled the ssh port on my smoothwall box so I could get to the stuff remotely. A few days later I remembered it was open and there were numerous attempts at a break in, all failed. It still has it's uses, alternatively there is openVPN which I haven't looked at in a while. The last time I just couldn't get it configured to work to a friend's box, whereas Cisco VPN client was a success for getting into our corporate systems working from home or dialling in via a private ISP from customer sites. Regards Sid.
I do accept that any port open to the external internet will be bombarded by attacks, which is why we have firewalls. My feeling is that it is verging on reckless to connect a modem directly to a workstation, that's why I too run a Smoothwall box (and very impressed with it). I know of quite a few people with poorly patched MS-lumbered PCs connected directly and yes, they often have problems. I'd even suggest that this is close to being the normal situation in the world at large, though probably not for OpenSuSE users. I don't suppose there's any survey data? Maybe a better solution is to leave it installed and enabled, but catch a user disabling the local firewall in YaST and pop up a box "are you sure you know what you're doing", maybe listing the open ports at the same time. Within small LANs it can be useful to disable it completely, but in a more public environment it's plain foolish. This one will continue to run and run I'm sure! -- Cheers Richard (MQ) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org