3 Oct
2001
3 Oct
'01
10:17
Hi Markus,
From: "Markus Gaugusch"
My intention is, to allow a connect from a specific host outside our lan. Therefore i want to restrict the client-port's, to 1000-1023. never ever restict the client's source port. it is unnecessary. it can be faked. it just isn't useful at all.
maybe you're right.
The client is untrusted until it is authenticated. if you want to connect from a specific host, why not allow the whole IP for ssh?
that's right, and of course, i do so. mit freundlichen Grüßen Jörg Zimmermann ------------------------------------------- .xsiteing agentur für netzkommunikation 42117 wuppertal - friedrich-ebert-str. 141b tel: 0202/3097070 - fax: 0202/3097072