Oddball SSH port
Myles Green
rmg57 at telus.net
Thu Nov 15 18:07:44 PST 2007
On Wed, 14 Nov 2007 15:10:50 +0000 (UTC)
"mailbox at hipp.com" <michael at hipp.com> wrote:
> >----Original Message----
> >From: mcarpenter at intelguardians.com
> >On Tuesday 30 October 2007, Michael Hipp wrote:
> >> Just wondering if any part of the port numbering space is less of a
> >> target than another. Or if there are technical issues I'm not
> >> aware
> of.
> >
> >If your goal is to limit the autorooters (scripts which exploit SSH
> vulns)
> >then you're fine. If you truly are interested in slowing down the
> badguys,
> >guess again. Simply nudging SSH (using nmap -A for example) gives
> >up
> the
> >goods too easily... Full nmap scans, like those of a dangerous
> attacker,
> >will turn up the port as open, and SSH gives itself away.
>
> That's about all I'm trying to do.
>
> Some of my systems are continually logging dictionary attacks against
> accounts like 'tom' and 'mary'. And if there was anyone with any
> brains behind the attempts they'd notice that such is pointless
> without the right public key.
>
> Anyway, I think obfuscating the ssh port will blunt most of these
> wannabe crackers.
>
> But if you have any other measures to protect ssh I would certainly
> like to hear.
I dunno if this has been mentioned yet but you might want to have a
look at 'denyhosts':
"denyhosts - an utility to help sys admins thwart ssh hackers"
HTH,
Myles
--
If you have problems in Windows: REBOOT
If you have problems in Linux: BE ROOT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.celestial.com/pipermail/linux-users/attachments/20071115/faa0e27e/attachment.bin
More information about the Linux-users
mailing list