From owner-freebsd-security@FreeBSD.ORG  Mon Oct  5 18:32:39 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C18F2106568F
	for <freebsd-security@freebsd.org>;
	Mon,  5 Oct 2009 18:32:39 +0000 (UTC)
	(envelope-from a.kuriger@liquidphlux.com)
Received: from mail.liquidphlux.com (mail.liquidphlux.com [209.98.210.169])
	by mx1.freebsd.org (Postfix) with ESMTP id 8E4868FC1F
	for <freebsd-security@freebsd.org>;
	Mon,  5 Oct 2009 18:32:39 +0000 (UTC)
Received: by mail.liquidphlux.com (Postfix, from userid 80)
	id 3F40D4ECE8C; Mon,  5 Oct 2009 13:14:28 -0500 (CDT)
To: Lyndon Nerenberg - VE6BBM/VE7TFX <lyndon@orthanc.ca>
MIME-Version: 1.0
Date: Mon, 05 Oct 2009 13:14:28 -0500
From: Andrew Kuriger <a.kuriger@liquidphlux.com>
In-Reply-To: <f2f79c6b5c482a9ad826c2f53d206dec@yyc.orthanc.ca>
References: <f2f79c6b5c482a9ad826c2f53d206dec@yyc.orthanc.ca>
Message-ID: <efebbdedeeab2948c663aeefa6686ea5@mail.liquidphlux.com>
X-Sender: a.kuriger@liquidphlux.com
User-Agent: RoundCube Webmail/0.3-stable
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Cc: freebsd-security@freebsd.org
Subject: Re: openssh concerns
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2009 18:32:39 -0000


On Mon, 5 Oct 2009 12:03:44 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX 
<lyndon@orthanc.ca> wrote:
>> Personally I tend to either firewall the OpenSSH daemon, or leave it  
>> wide open. I don't really see the point in changing ports, as long as  
>> they are still publicly available.
> 
> The ssh bots only seem to probe port 22.  In well over a year of
> running my ssh servers on a different (very low numbered) port I
> haven't logged a single probe (across about a dozen highly visible
> servers).
> 
> --lyndon
> 
I personally don't use it (although I'm considering it), but you could
look into port knocking. Changing the port that SSHD binds to definitely
falls under that obscurity line since if somebody is targeting you, they
very well may run a SYN scan (Mmm namp) and read the banners to quickly
find out what port you are running sshd on, then target bots accordingly.
Granted, if somebody is not specifically targeting you and is just scanning
ranges to find sshd on 22 they will pass you right up since that port will
be closed.

Andrew

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments