From owner-freebsd-security@FreeBSD.ORG Mon Nov 21 12:32:43 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6DCA16A41F for ; Mon, 21 Nov 2005 12:32:43 +0000 (GMT) (envelope-from ray@redshift.com) Received: from outgoing.redshift.com (outgoing.redshift.com [207.177.231.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id D229D43D60 for ; Mon, 21 Nov 2005 12:32:41 +0000 (GMT) (envelope-from ray@redshift.com) Received: from workstation (216-228-19-21.dsl.redshift.com [216.228.19.21]) by outgoing.redshift.com (Postfix) with SMTP id ED5B697DD1; Mon, 21 Nov 2005 04:32:40 -0800 (PST) Message-Id: <3.0.1.32.20051121043238.00aa1490@pop.redshift.com> X-Mailer: na X-Sender: redshift.com Date: Mon, 21 Nov 2005 04:32:38 -0800 To: Peter Jeremy , Marian Hettwer From: ray@redshift.com In-Reply-To: <20051121085221.GA4267@cirb503493.alcatel.com.au> References: <43818643.5000206@kernel32.de> <3.0.1.32.20051117232057.00a96750@pop.redshift.com> <43818643.5000206@kernel32.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 12:32:44 -0000 At 07:52 PM 11/21/2005 +1100, Peter Jeremy wrote: | On Mon, 2005-Nov-21 09:33:07 +0100, Marian Hettwer wrote: | >ray@redshift.com wrote: | >>Also, if you have access to the router, it's handy to re-write | >>traffic from a higher public port down to port 22 on the server, | >>since that will trip up anyone doing scans looking for a connect on | >>port 22 across a large number of IP's. | >> | >No. That's security by obscurity and doesn't make your system even a wee | >bit more secure. | | It depends what you are guarding against. If someone wants to get into | _your_ system then it's worthless. OTOH, "you don't have to run faster | than the bear, just faster than someone else": Moving your ssh access | off port 22 means that someone doing a network scan of port 22 won't | see your system. This is reasonable protection against script kiddies. | | Definitely, don't rely on it as your only security. But, IMHO, it is | worth doing in addition to other security measures. | -- | Peter Jeremy Thanks Peter. That was my thinking also. In other words, not as a replacement for anything else, but just in case someone out there was specifically scanning a lot of IP's on just port 22. Someone doing that sort of targeted scanning would make me nervous and I would want to do anything to avoid them. If someone was scanning "just for port 22 connects", my thinking was they probably had additional tools to go after any connects on those ports. Those aren't the sort of people I want to make scanning easy for :) Ray