From owner-freebsd-security@FreeBSD.ORG  Mon Nov 21 08:52:27 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B467716A41F
	for <freebsd-security@freebsd.org>;
	Mon, 21 Nov 2005 08:52:27 +0000 (GMT)
	(envelope-from PeterJeremy@optushome.com.au)
Received: from mail24.syd.optusnet.com.au (mail24.syd.optusnet.com.au
	[211.29.133.165])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E37E443D49
	for <freebsd-security@freebsd.org>;
	Mon, 21 Nov 2005 08:52:26 +0000 (GMT)
	(envelope-from PeterJeremy@optushome.com.au)
Received: from cirb503493.alcatel.com.au
	(c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236])
	by mail24.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id
	jAL8qMH0020136
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 21 Nov 2005 19:52:24 +1100
Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])
	by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id
	jAL8qMHh004597; Mon, 21 Nov 2005 19:52:22 +1100 (EST)
	(envelope-from pjeremy@cirb503493.alcatel.com.au)
Received: (from pjeremy@localhost)
	by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jAL8qLiD004596; 
	Mon, 21 Nov 2005 19:52:22 +1100 (EST) (envelope-from pjeremy)
Date: Mon, 21 Nov 2005 19:52:21 +1100
From: Peter Jeremy <PeterJeremy@optushome.com.au>
To: Marian Hettwer <MH@kernel32.de>
Message-ID: <20051121085221.GA4267@cirb503493.alcatel.com.au>
References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com>
	<43818643.5000206@kernel32.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <43818643.5000206@kernel32.de>
User-Agent: Mutt/1.4.2.1i
X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc
Cc: freebsd-security@freebsd.org, ray@redshift.com
Subject: Re: Need urgent help regarding security
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2005 08:52:27 -0000

On Mon, 2005-Nov-21 09:33:07 +0100, Marian Hettwer wrote:
>ray@redshift.com wrote:
>>Also, if you have access to the router, it's handy to re-write
>>traffic from a higher public port down to port 22 on the server,
>>since that will trip up anyone doing scans looking for a connect on
>>port 22 across a large number of IP's.
>>
>No. That's security by obscurity and doesn't make your system even a wee 
>bit more secure.

It depends what you are guarding against.  If someone wants to get into
_your_ system then it's worthless.  OTOH, "you don't have to run faster
than the bear, just faster than someone else": Moving your ssh access
off port 22 means that someone doing a network scan of port 22 won't
see your system.  This is reasonable protection against script kiddies.

Definitely, don't rely on it as your only security.  But, IMHO, it is
worth doing in addition to other security measures.
-- 
Peter Jeremy