Telco's write best practices for packet switching networks
Rob Pickering
rob at pickering.org
Wed Mar 6 17:26:28 UTC 2002
--On 06 March 2002 15:04 +0000 "Christopher L. Morrow" <chris at UU.NET>
wrote:
> Eric's point was you deploy your fancy-dan mail server with ONLY 22
> and 25 listening,
Um, that would be "ONLY port 25 listening" on it's public network
facing interface wouldn't it.
Why would you want to expose a management protocol like ssh to the
Internet?
OK so leaving ssh open is convenient, but if we are talking best
practice surely having your remote management protocols running on a
separate network, or at the very least filtering on a host basis so
that it's only listening to connects from your NOC has to be the way
to do this.
--
Rob.
More information about the NANOG
mailing list