|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 06 Mar 2002 17:26:28 -0000
From: Rob Pickering <rob@pickering.org>
Reply-To: "rob@pickering.org" <>
To: "Christopher L. Morrow" <chris@UU.NET>, nanog@merit.edu
Message-ID: <29558683.1015435588@[172.18.60.14]>
In-Reply-To: <Pine.GSO.4.33.0203061459240.3098-100000@rampart.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
--On 06 March 2002 15:04 +0000 "Christopher L. Morrow" <chris@UU.NET>
wrote:
> Eric's point was you deploy your fancy-dan mail server with ONLY 22
> and 25 listening,
Um, that would be "ONLY port 25 listening" on it's public network
facing interface wouldn't it.
Why would you want to expose a management protocol like ssh to the
Internet?
OK so leaving ssh open is convenient, but if we are talking best
practice surely having your remote management protocols running on a
separate network, or at the very least filtering on a host basis so
that it's only listening to connects from your NOC has to be the way
to do this.
--
Rob.
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |