undefined | Better HN

0 pointsR0b0t14y ago0 comments

> Block AWS CIDR ranges?

Since I don't log in from there, yes sure? And if I'm hosting on AWS I can proxy through an AWS resident host. Same with any other cloud provider.

0 comments

2 comments · 1 top-level

throwawayboise4y ago· 1 in thread

Yep. It has been a long time since I ever needed to provide a wide-open SSH service. By far the normal case is to allow login from one or a handful of IP addresses, or maybe a /24. Do this and your SSH log noise drops to zero.

bombcar4y ago

It’s amusing that the people who howl loudly that blocking foreign IP ranges is an absolute failure have zero problems with blocking all IPs but a certain few.

I’ve yet to determine where the tipping point is.

j / k navigate · click thread line to collapse