Hacker News new | ask | show | jobs
by Meneth 52 days ago
I got tired of dealing with SSH knocks and blocked the port for all external IPs, using WireGuard to get into the LAN.

WireGuard is nice because, unlike most other services, it operates on UDP and sends no reply packet unless you know the key, so attackers can't discover it by portscanning.
1 comments
tardedmeme 52 days ago
Unless all your other ports are sending reject packets
link
yjftsjthsd-h 52 days ago
Do UDP ports ever send reject packets?
link