AllowHosts / DenyHosts
Dan Kaminsky
dankamin at cisco.com
Wed Feb 28 20:56:22 EST 2001
> These ancient systems should not be trusted to be connected to the
> internet anyway, unless they're behind a firewall which can do this kind
> of thing.
Presumptuous, are we :-)
There *are* ancient machines out there that *aren't* going anywhere, but
*still* have telnet on them.
If you're trying to eradicate telnet throughout your organization, making
these machines run ssh is a Good Thing. Preventing trivial, even accidental
DoS attacks on machines with low processing power by automatically rejecting
all SSH connection attempts that don't come from a specific classification
of hosts is a Good Thing.
Yours Truly,
Dan Kaminsky, CISSP
www.doxpara.com
More information about the openssh-unix-dev
mailing list