Isn't it just good security practice to limit telnet/SSH access to only a few choice hosts/subnets? I know I'd never allow the 0/0 net access to a signon screen, even if it is SSH. If you're on vacation and need to access something, call your NOC, and have them temporarily allow your dynamic address for SSH. When a hacker finds an open SSH host, they think two things - This host is important to someone, and that they need more doughnuts... Chuck -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Frank Louwers Sent: Tuesday, November 15, 2005 3:03 AM To: nanog@nanog.org Subject: Re: a record? On Tue, Nov 15, 2005 at 12:01:00AM +0100, Peter Dambier wrote:
Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
don't do that! Lots of (access) isps around the world (esp here in Europe) block those ports (in and out), so if you ever need emergency access to your system from a network you don't know, you'll find yourself blocked. Kind Regards, Frank Louwers -- Openminds bvba www.openminds.be Tweebruggenstraat 16 - 9000 Gent - Belgium