On Thu, 2005-04-28 at 07:11 -0700, Alan Dayley wrote:
> I have found that my dsl connection drops and changes my IP so much that 
> doing RSA keys, while more secure, was too painful (How to is explained 
> in the link above).

What has worked for my home network is a combination of things.

The first two could be considered lame, but my goal is to first turn the
flood down to a trickle.

1. iptables reject as much as you can.  If you're on a dialup that sits
on a class B, allow the whole class B.  You can even allow a class A.
That's a lot of IP's that can still attempt, but a lot more will be
blocked.   Some of the population will see you, most won't.

2.  /etc/hosts.allow with identd.  Yes, identd is not a secure protocol,
but it reduces the flow a little more.  The following would only allow
fred from qwest.net in if he is running identd.

	sshd: fred@.qwest.net

On your client side, you could limit auth requests to known IP's if
you're worried about running an identd daemon.

3. Use a non-standard port.
4. Use RSA keys.

Daniel

-- 
| ---------------------------------------------------------------
| Daniel P. Stasinski         | http://www.saidsimple.com
| daniel@avenues.org          | http://www.disabilities-r-us.com
| --------------------------- | http://www.scriptkitties.com
| Jabber: mooooooo@jabber.org | http://oneweek.org

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss