From owner-freebsd-security@FreeBSD.ORG Mon Nov 21 13:16:57 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5923C16A41F for ; Mon, 21 Nov 2005 13:16:57 +0000 (GMT) (envelope-from MH@kernel32.de) Received: from crivens.unixoid.de (crivens.unixoid.de [81.169.171.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCA1D43D45 for ; Mon, 21 Nov 2005 13:16:54 +0000 (GMT) (envelope-from MH@kernel32.de) Received: from localhost (localhost [127.0.0.1]) by crivens.unixoid.de (Postfix) with ESMTP id 67CBB3EFF; Mon, 21 Nov 2005 14:16:53 +0100 (CET) Received: from crivens.unixoid.de ([127.0.0.1]) by localhost (crivens.unixoid.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31359-17; Mon, 21 Nov 2005 14:16:48 +0100 (CET) Received: from [10.38.0.120] (unknown [212.12.51.89]) by crivens.unixoid.de (Postfix) with ESMTP id 908BA3EE1; Mon, 21 Nov 2005 14:16:48 +0100 (CET) Message-ID: <4381C8BD.2050304@kernel32.de> Date: Mon, 21 Nov 2005 14:16:45 +0100 From: Marian Hettwer User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ray@redshift.com References: <20051121085221.GA4267@cirb503493.alcatel.com.au> <3.0.1.32.20051117232057.00a96750@pop.redshift.com> <43818643.5000206@kernel32.de> <20051121085221.GA4267@cirb503493.alcatel.com.au> <3.0.1.32.20051121043723.00aa1490@pop.redshift.com> In-Reply-To: <3.0.1.32.20051121043723.00aa1490@pop.redshift.com> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at unixoid.de Cc: Peter Jeremy , freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 13:16:57 -0000 Hej Ray, ray@redshift.com wrote: > > The point isn't to get more secure. You are correct by saying that moving the Hu. I thought the point was to get more security. If it's more about "stealth", okay, move the daemon to another port :) > port # doesn't make anything more secure. But why make it easy for someone that > might be doing a scan to find your SSH prompt during a scan that may be focused > on ports 21, 22, 25, 80 and 110? > Of course it's a bit harder to find your sshd, if it's not running on tcp/22. And maybe, an automated script won't find the sshd. A human being will, indeed, find the sshd pretty quick. Take any port which responds with an SYN-ACK to your SYN and of you go on that port with telnet... > Along these same lines, we used to even re-compile sshd and remove the welcome > message/version number in the connect. I know there are two schools of thought > on broadcasting your version numbers on connections, but in the mid 90's, we did > do that from time to time. > And if you don't get the ssh banner, it might get harder now :-) > Anyway, to each their own :) > ack. Marian