g <geleem@xxxxxxxxxxxxx> writes: > Steve Blackwell wrote: > <snip> >> so it appears that someone was trying to break in to my machine. > > do you have 'ping reply' enabled on your cable modem? > > if so, i would suggest that you disable it so you are not visible. > > hth. One should really point out that some icmp messages are vital to the correct operation of the network? Many newbies seem to end up filtering out icmp-must-fragment in their zeal to stop all those evil icmp messages. That messes up mtu-discovery and ends up causing some destinations to effectively be unreachable for large packets. The core problem is to prevent someone from guessing users' passwords. You aren't going to achieve real security by hiding this or that attribute. If you don't want to worry about your users chosing bad non-random passwords, don't let them. Force them to use a 1k-2k RSA key for ssh and turn off all login types in sshd_config other than RSA2. That way any attacker has to correctly guess a 1k-bit computer generated number. That will almost certainly be much more secure than any password users will chose. Then you can look at the ssh log files and laugh. The universe isn't going to last long enough for them to guess even a small fraction of the keys. -wolfgang -- Wolfgang S. Rupprecht If the airwaves belong to the public why does the public only get 3 non-overlapping WIFI channels? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
