Terry Gilsenan wrote: >Still, with all that, security by obscurity, isnt security at all, >but it can be a small part of increasing the work-factor, and this >may be just enough to convince the would be cracker to try some >other server instead.
More importantly, in the context of this thread, the botnets are only looking for low hanging fruit - ie SSH servers with weak configs. Once they get one, they can then use it for more work - and a unix/linux machine is quite a useful tool for them. The port knocking doesn't really need any great security (FWKNOP is way more than is actually needed) - unless someone is specifically targetting YOU and prepared to put the effort in, then they are unlikely to even realise what you are using. Of course, having strong protection when only weak is needed isn't a bad thing - they have no way of knowing how much work will be required, so will just give up (unless you are a specific target for some reason). -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
