Date: Mon, 21 Nov 2005 14:16:45 +0100 From: Marian Hettwer <MH@kernel32.de> To: ray@redshift.com Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <4381C8BD.2050304@kernel32.de> In-Reply-To: <3.0.1.32.20051121043723.00aa1490@pop.redshift.com> References: <20051121085221.GA4267@cirb503493.alcatel.com.au> <3.0.1.32.20051117232057.00a96750@pop.redshift.com> <43818643.5000206@kernel32.de> <20051121085221.GA4267@cirb503493.alcatel.com.au> <3.0.1.32.20051121043723.00aa1490@pop.redshift.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hej Ray, ray@redshift.com wrote: > > The point isn't to get more secure. You are correct by saying that moving the Hu. I thought the point was to get more security. If it's more about "stealth", okay, move the daemon to another port :) > port # doesn't make anything more secure. But why make it easy for someone that > might be doing a scan to find your SSH prompt during a scan that may be focused > on ports 21, 22, 25, 80 and 110? > Of course it's a bit harder to find your sshd, if it's not running on tcp/22. And maybe, an automated script won't find the sshd. A human being will, indeed, find the sshd pretty quick. Take any port which responds with an SYN-ACK to your SYN and of you go on that port with telnet... > Along these same lines, we used to even re-compile sshd and remove the welcome > message/version number in the connect. I know there are two schools of thought > on broadcasting your version numbers on connections, but in the mid 90's, we did > do that from time to time. > And if you don't get the ssh banner, it might get harder now :-) > Anyway, to each their own :) > ack. Marian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4381C8BD.2050304>