[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf port knocking

On Fri, Dec 17, 2004 at 06:05:39PM -0500, Roy Morris wrote:
> If you want to knock off most of the port pounding twits, stop allowing
> ssh from 'any', filter instead by source. If you can't do that, because you 
> MUST have access from your remote laptop, then maybe try using a ssh 
> rule that says use OS type =my remote OS. 
  that would probably work for most intents and purposes, but i
  know the pf.conf(5) specifically cautions against using OS fingerprints
  for security enforcement.  it suggests they're for policy 
  implementation at best.
  rather than allowing for your laptop like that, i'd probably 
  go the route of starting a second sshd listening on whatever
  port ( where reserved is likely better than not ) for the 
  purposes of authpf(8) to allow a hole into tcp:22.
[ openbsd 3.6 GENERIC ( nov 4 ) // i386 ]