Re: SSH security questions
From: Menno Duursma (pan_at_desktop.lan)
Date: 05/12/05
- Next message: Doug Laidlaw: "Re: Tripwire"
- Previous message: Jose Maria Lopez Hernandez: "Re: linux firewall distro that includes LVS?"
- In reply to: Mikhail Zotov: "Re: SSH security questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 May 2005 11:55:26 GMT
On Thu, 12 May 2005 09:03:57 +0400, Mikhail Zotov wrote:
> Menno Duursma wrote:
>> ALL EXEPT sshd : .com, .net, .org, .edu, .gov, .mil, .int, .biz, \
>> .aero, .coop, .museum : DENY
>>
>
> I am afraid this is not a perfect solution
Indeed it's not. Haveing it spawn a whois query looking for Country: US
would narrow it down some more (the database for which should be local.)
> because the fact that a host has a name with a edu|com|org|net suffix
> doesn't guarantee that it is located in the US.
Well, to me it seem(s/ed) the objective is/was to filter (drop?) the bulk
of packets obviously unwelcome. So an administrator can concentrate on the
ones the fliter let trough.
And anyways, filtering on IP adress wouldn't guarantee a host to reside in
some contry or other either. As the AS to which it belongs might be
distributed, rerouted, or there maybe some kind of VPN tunnel in use, etc.
-- -Menno.
- Next message: Doug Laidlaw: "Re: Tripwire"
- Previous message: Jose Maria Lopez Hernandez: "Re: linux firewall distro that includes LVS?"
- In reply to: Mikhail Zotov: "Re: SSH security questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
