GeoIP support - DenyCountry
David Walker
openssh-list at grax.com
Sun Jan 19 10:26:23 EST 2003
It is not a security mechanism as such. It is a scan reduction tool.
It is useful for my network in that all of my users are based in the United
States. Any connection from outside the United States is automatically known
to be bogus and there is no reason to allow it to continue.
Granted there are plenty of bogus users within the United States but there is
no reason in my mind to add the rest of the world to that. A significant
portion of the scans that reach my network are from outside the United States
while nothing in my network (at the current time) offers any benefit to a
non-US user.
On Saturday 18 January 2003 05:09 pm, Jakob Schlyter wrote:
> I strongly recommend that this patch is rejected and not integrated in nor
> distributed with openssh. the whole idea behind - as a security mechanism
> - is totally bogus.
>
> jakob
More information about the openssh-unix-dev
mailing list