Agreed. A proper [firewall family inet] restricting ssh access with a packet filter is a far better solution.
I assume that lo0.0 loopback filters finally work on an EX-series as of 10.4 (I think I saw that in the release notes for 10.4R3x). - Chris. On 2011-04-04, at 7:02 AM, Stefan Fouant wrote: > I'm surprised by how many people on this list still think that 'Security > through Obscurity' is an effective means of securing devices. Nmap or any > other suitable scanner could isolate the SSH port in relatively no time at > all. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp