Oddball SSH port

[james at jamesmcdonald.id.au]

> Forgive if this is a stoopid question...
>
> I'm starting to change a lot of my remote servers to have SSH listen on
> an oddball port. (A small bit of obfuscation that slows down the
> crackers ... whose population seems to be on an asymptote with infinity.)
>
> Is there any discernible advantage to /which/ oddball port I choose? Is
> any one of the following, for example, any better than another?
>
>      52, 502, 5002, or 50002
>
> Just wondering if any part of the port numbering space is less of a
> target than another. Or if there are technical issues I'm not aware of.
>
check against a recent copy of /etc/services and then find ports that
aren't listed.

Generally nmap by default will look for 'well known' ports so a standard
nmap wont catch a port that isn't in /etc/services or a known l33t h at x0r
port. So a casual port scan won't pick up a port that you select outside
it's normal scan range unless someone is doing nmap <host> -p 1-65535

Anything under 1024 is priveleged (you need to be root to open a daemon on
it). I'm not sure of the wisdom for and against of using anything < 1024.

Most bots go for known ports. so I wouldn't put it on 135 :) or any other
M$ port.

This is my 2c worth.