From owner-freebsd-security@FreeBSD.ORG Mon Nov 21 10:10:22 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05D3E16A41F for ; Mon, 21 Nov 2005 10:10:22 +0000 (GMT) (envelope-from MH@kernel32.de) Received: from crivens.unixoid.de (crivens.unixoid.de [81.169.171.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86F5843D55 for ; Mon, 21 Nov 2005 10:10:21 +0000 (GMT) (envelope-from MH@kernel32.de) Received: from localhost (localhost [127.0.0.1]) by crivens.unixoid.de (Postfix) with ESMTP id ACA913F03; Mon, 21 Nov 2005 11:10:15 +0100 (CET) Received: from crivens.unixoid.de ([127.0.0.1]) by localhost (crivens.unixoid.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14171-20; Mon, 21 Nov 2005 11:10:10 +0100 (CET) Received: from [10.38.0.120] (unknown [212.12.51.89]) by crivens.unixoid.de (Postfix) with ESMTP id E9EF43EE1; Mon, 21 Nov 2005 11:10:09 +0100 (CET) Message-ID: <43819CFF.7010608@kernel32.de> Date: Mon, 21 Nov 2005 11:10:07 +0100 From: Marian Hettwer User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bitbucket References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com><43818643.5000206@kernel32.de><20051121085221.GA4267@cirb503493.alcatel.com.au> <43819049.5090107@kernel32.de> <003201c5ee82$920aaee0$6501a8c0@llama> In-Reply-To: <003201c5ee82$920aaee0$6501a8c0@llama> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at unixoid.de Cc: freebsd-security@freebsd.org, ray@redshift.com Subject: Re: Need urgent help regarding security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 10:10:22 -0000 Hej there, Bitbucket wrote: > > I agree that this is not good security. It does NOT make your system more > secure. ack :) > But I stop should of saying it should not be done as I can see no > detremental effect to changing the port number. If it makes you sleep > better at night then do it. It cannot hurt. Just dont RELY on it. > Well, it wouldn't make me sleep better at nights, since I know that there's an unpatched sshd out there. And even if it would be on another port, a non-Script-Kiddy could break in easily. Apart from avoiding security by obscurity, you're right, you can do it. If I'm responsible for several dozen of boxes out there, I still couldn't sleep at night, even though the sshd might be on another port than 22 :) Perhaps it winds down to: Do it on your private box, don't do it "at work" :) regards, Marian