[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf port knocking
On Fri, Dec 17, 2004 at 06:05:39PM -0500, Roy Morris wrote:
> If you want to knock off most of the port pounding twits, stop allowing
> ssh from 'any', filter instead by source. If you can't do that, because you
> MUST have access from your remote laptop, then maybe try using a ssh
> rule that says use OS type =my remote OS.
that would probably work for most intents and purposes, but i
know the pf.conf(5) specifically cautions against using OS fingerprints
for security enforcement. it suggests they're for policy
implementation at best.
rather than allowing for your laptop like that, i'd probably
go the route of starting a second sshd listening on whatever
port ( where reserved is likely better than not ) for the
purposes of authpf(8) to allow a hole into tcp:22.
[ openbsd 3.6 GENERIC ( nov 4 ) // i386 ]