Date: Fri, 28 Dec 2007 10:17:33 -0700 From: Chad Perrin <perrin@apotheon.com> To: freebsd-questions@freebsd.org Subject: Re: SSH through port forwarding Message-ID: <20071228171733.GB89701@demeter.hydra> In-Reply-To: <20071218054048.6EE7.A38C9147@seibercom.net> References: <20071218040802.GB6678@ayn.mi.celestial.com> <f5ccf92b0712172147n5f97e8e0qf2c871753f0298bc@mail.gmail.com> <20071218054048.6EE7.A38C9147@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > > On December 18, 2007 at 12:47AM sham khalil wrote: > > > > once you open port 22 to public ip, you'll get people try to bruteforce your > > machine. > > if you don't want that set sshd to listen to a higher number like 5522 > > then forward port 5522 from the router to the internal machines. > > > > unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > > machine. > > Security through obscurity is a poor substitute for security. Port scanners > will eventually find that port also. One needs something else for security against brute-force attempts, but changing the port number does help cut down on the amount of bandwidth consumption on the LAN side of your router by allowing the router to ignore/deny all incoming traffic on port 22. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Marvin Minsky: "It's just incredible that a trillion-synapse computer could actually spend Saturday afternoon watching a football game."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071228171733.GB89701>