From owner-freebsd-security@FreeBSD.ORG Mon Oct 5 20:26:41 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E31081065693 for ; Mon, 5 Oct 2009 20:26:41 +0000 (UTC) (envelope-from m@micheas.net) Received: from mail-bw0-f227.google.com (mail-bw0-f227.google.com [209.85.218.227]) by mx1.freebsd.org (Postfix) with ESMTP id 792768FC0C for ; Mon, 5 Oct 2009 20:26:40 +0000 (UTC) Received: by bwz27 with SMTP id 27so2598026bwz.43 for ; Mon, 05 Oct 2009 13:26:40 -0700 (PDT) Received: by 10.204.156.3 with SMTP id u3mr4317308bkw.179.1254772972880; Mon, 05 Oct 2009 13:02:52 -0700 (PDT) Received: from ?10.0.1.6? (c-24-5-79-127.hsd1.ca.comcast.net [24.5.79.127]) by mx.google.com with ESMTPS id 1sm495012fkt.11.2009.10.05.13.02.49 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 05 Oct 2009 13:02:51 -0700 (PDT) From: Micheas Herman To: freebsd-security@freebsd.org In-Reply-To: <7f1779bf9fa52b6cbf7a8384883232a6@yyc.orthanc.ca> References: <7f1779bf9fa52b6cbf7a8384883232a6@yyc.orthanc.ca> Content-Type: text/plain; charset="UTF-8" Date: Mon, 05 Oct 2009 13:02:46 -0700 Message-Id: <1254772966.30618.1405.camel@vcampaign> Mime-Version: 1.0 X-Mailer: Evolution 2.28.0 Content-Transfer-Encoding: 7bit Subject: Re: openssh concerns X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: m@micheas.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2009 20:26:42 -0000 On Mon, 2009-10-05 at 12:46 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX wrote: > > Granted, if somebody is not specifically targeting you and is just scanning > > ranges to find sshd on 22 they will pass you right up since that port will > > be closed. > > The port change was intended only to avoid the port scanners. And when you get notices in your logs, you can respond, as you know you are being targeted and can take appropriate responses. The biggest reason I can see for running ssh on an non-standard port is increasing the signal to noise ratio in the logs. If you can investigate every failed ssh login, you should be safer than if you ignore 40,000 failed logins a day. Just my experience, but of course being able to effortlessly investigate 40,000 failed logins would probably be a better situation. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Things past redress and now with me past care. -- William Shakespeare, "Richard II"