Oddball SSH port
mailbox@hipp.com
michael at hipp.com
Wed Nov 14 07:10:50 PST 2007
>----Original Message----
>From: mcarpenter at intelguardians.com
>On Tuesday 30 October 2007, Michael Hipp wrote:
>> Just wondering if any part of the port numbering space is less of a
>> target than another. Or if there are technical issues I'm not aware
of.
>
>If your goal is to limit the autorooters (scripts which exploit SSH
vulns)
>then you're fine. If you truly are interested in slowing down the
badguys,
>guess again. Simply nudging SSH (using nmap -A for example) gives up
the
>goods too easily... Full nmap scans, like those of a dangerous
attacker,
>will turn up the port as open, and SSH gives itself away.
That's about all I'm trying to do.
Some of my systems are continually logging dictionary attacks against
accounts like 'tom' and 'mary'. And if there was anyone with any brains
behind the attempts they'd notice that such is pointless without the
right public key.
Anyway, I think obfuscating the ssh port will blunt most of these
wannabe crackers.
But if you have any other measures to protect ssh I would certainly
like to hear.
Michael
More information about the Linux-users
mailing list