Thanks for the mail sending help at the last meeting

Matthew Gillen me at mattgillen.net
Fri Aug 25 10:32:04 EDT 2006


David Kramer wrote:
> Is there any security risk from using the default port and IP address
> for VPN, or should I change it to something more obscure?

Running on non-standard ports doesn't /really/ buy you any additional
security, even though it feels like it does.  It might stop some
script-kiddies, but it won't stop (barely even slow down) someone who knows
what they're doing.  (and of course eventually the port-scanning of the script
kiddies will get more sophisticated)

It's generally better to have the "this service is exposed!  I must watch it!"
feeling, than to have the "this service is hidden, I don't need to worry about
 its security issues" attitude when the service isn't hidden very well at all.

If you're really paranoid, you can look into setting up a port-knocking scheme:
http://en.wikipedia.org/wiki/Port_knocking

Matt

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Discuss mailing list