On Thu, 2005-04-28 at 07:11 -0700, Alan Dayley wrote:
> I have found that my dsl connection drops and changes my IP so much that
> doing RSA keys, while more secure, was too painful (How to is explained
> in the link above).
What has worked for my home network is a combination of things.
The first two could be considered lame, but my goal is to first turn the
flood down to a trickle.
1. iptables reject as much as you can. If you're on a dialup that sits
on a class B, allow the whole class B. You can even allow a class A.
That's a lot of IP's that can still attempt, but a lot more will be
blocked. Some of the population will see you, most won't.
2. /etc/hosts.allow with identd. Yes, identd is not a secure protocol,
but it reduces the flow a little more. The following would only allow
fred from qwest.net in if he is running identd.
sshd: fred@.qwest.net
On your client side, you could limit auth requests to known IP's if
you're worried about running an identd daemon.
3. Use a non-standard port.
4. Use RSA keys.
Daniel
--
| ---------------------------------------------------------------
| Daniel P. Stasinski | http://www.saidsimple.com
| daniel@avenues.org | http://www.disabilities-r-us.com
| --------------------------- | http://www.scriptkitties.com
| Jabber: mooooooo@jabber.org | http://oneweek.org
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)