Date: Mon, 05 Oct 2009 13:14:28 -0500 From: Andrew Kuriger <a.kuriger@liquidphlux.com> To: Lyndon Nerenberg - VE6BBM/VE7TFX <lyndon@orthanc.ca> Cc: freebsd-security@freebsd.org Subject: Re: openssh concerns Message-ID: <efebbdedeeab2948c663aeefa6686ea5@mail.liquidphlux.com> In-Reply-To: <f2f79c6b5c482a9ad826c2f53d206dec@yyc.orthanc.ca> References: <f2f79c6b5c482a9ad826c2f53d206dec@yyc.orthanc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 Oct 2009 12:03:44 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX <lyndon@orthanc.ca> wrote: >> Personally I tend to either firewall the OpenSSH daemon, or leave it >> wide open. I don't really see the point in changing ports, as long as >> they are still publicly available. > > The ssh bots only seem to probe port 22. In well over a year of > running my ssh servers on a different (very low numbered) port I > haven't logged a single probe (across about a dozen highly visible > servers). > > --lyndon > I personally don't use it (although I'm considering it), but you could look into port knocking. Changing the port that SSHD binds to definitely falls under that obscurity line since if somebody is targeting you, they very well may run a SYN scan (Mmm namp) and read the banners to quickly find out what port you are running sshd on, then target bots accordingly. Granted, if somebody is not specifically targeting you and is just scanning ranges to find sshd on 22 they will pass you right up since that port will be closed. Andrew -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?efebbdedeeab2948c663aeefa6686ea5>