[ale] Flaw in dd-wrt
Pat Regan
thehead at patshead.com
Sat Jul 25 15:16:16 EDT 2009
Richard Bronosky wrote:
> You shouldn't have anything open to the public without knockd.
Why?
> It's another level of protection against brute force attacks.
There are less intrusive ways to accomplish the same thing. The
simplest solution for ssh is to just disable password authentication.
You can't get much more secure than that.
There are also scripts will watch the log file and create iptables rules
to drop packets from ips with too many failed logins. You can also
accomplish the same thing in a much less granular way with just iptables
rules.
That combined with a reasonable password would give you almost exactly
as much extra security as port knocking but without the extra effort of
actually having to knock.
Pat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20090725/447c28d7/attachment.bin
More information about the Ale
mailing list