From owner-freebsd-questions@FreeBSD.ORG Sat Oct 22 15:23:39 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73D1F1065673 for ; Sat, 22 Oct 2011 15:23:39 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 443388FC14 for ; Sat, 22 Oct 2011 15:23:38 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id p9MFNNjZ019344 for freebsd-questions@freebsd.org; Sat, 22 Oct 2011 10:23:23 -0500 (CDT) Date: Sat, 22 Oct 2011 10:23:23 -0500 (CDT) From: Robert Bonomi Message-Id: <201110221523.p9MFNNjZ019344@mail.r-bonomi.com> To: freebsd-questions@freebsd.org In-Reply-To: <20111022161242.11803f76.freebsd@edvax.de> Subject: Re: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2011 15:23:39 -0000 > Date: Sat, 22 Oct 2011 16:12:42 +0200 > From: Polytropon > Subject: Re: Breakin attempt > > On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote: > > I suspect that these sorts of attacks are fairly normal if you're > > running ssh on the standard port. I used to have lots of 'break-in > > attempts' before I moved the ssh server to a different port. > > Is there _any_ reason why moving from port 22 to something > different is _not_ a solution? > > Reason why I'm asking: Moving SSH away from its default port > seems to be a relatively good solution as break-in attempts > concentrate on default ports. So in case a sysadmin decides > to move SSH to a "hidden" location, what could be an argument > against this decision? Arguements aginst doing so are generally based on the "'security by obscurity' is not security" concept. That argument _is_ 'technically accurate'. Moving sshd to a non-standard port does _not_ do anything to make the system any more secure. Of course, as long as one understands that that _is_ the case, and is doing it for 'some other' defensible reason -- such as to eliminate logfile 'noise' from script-kiddie 'doorknob rattlers' -- doing so *is* perfectly reasonable. *I* do it on _my_ machines, expressly for the reason stated in the prior paragraph.