From owner-freebsd-security@FreeBSD.ORG  Fri Oct  2 19:57:24 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 80860106566B
	for <freebsd-security@freebsd.org>;
	Fri,  2 Oct 2009 19:57:24 +0000 (UTC)
	(envelope-from patpro@patpro.net)
Received: from rack.patpro.net (rack.patpro.net [193.30.227.216])
	by mx1.freebsd.org (Postfix) with ESMTP id 1B5938FC12
	for <freebsd-security@freebsd.org>;
	Fri,  2 Oct 2009 19:57:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by rack.patpro.net (Postfix) with ESMTP id 3B0B813C
	for <freebsd-security@freebsd.org>;
	Fri,  2 Oct 2009 21:42:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at patpro.net
Received: from amavis-at-patpro.net ([127.0.0.1])
	by localhost (rack.patpro.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id V3DaTBkAR8of for <freebsd-security@freebsd.org>;
	Fri,  2 Oct 2009 21:42:09 +0200 (CEST)
Received: from [IPv6:::1] (localhost [127.0.0.1])
	by rack.patpro.net (Postfix) with ESMTP
	for <freebsd-security@freebsd.org>;
	Fri,  2 Oct 2009 21:42:09 +0200 (CEST)
Message-Id: <A6C54834-2243-426F-8A00-B4D547FA3226@patpro.net>
From: Patrick Proniewski <patpro@patpro.net>
To: Liste FreeBSD-security <freebsd-security@freebsd.org>
In-Reply-To: <20091003042802.O10039@sola.nimnet.asn.au>
Content-Type: multipart/signed; boundary=Apple-Mail-1--820062776; micalg=sha1;
	protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v936)
Date: Fri, 2 Oct 2009 21:42:07 +0200
References: <4AC545C3.9020608@johnea.net>
	<19141.20047.694147.865710@hergotha.csail.mit.edu>
	<4AC61C0B.3050704@johnea.net>
	<20091003042802.O10039@sola.nimnet.asn.au>
X-Mailer: Apple Mail (2.936)
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: openssh concerns
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2009 19:57:24 -0000


--Apple-Mail-1--820062776
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

> This will provide the greatest relief against drive-by ssh probes,  
> which
> are pretty much background radiation these days.  Some may decry it as
> 'security by obscurity', but who cares when it works so effectively :)

against script kiddies and bots, obscurity is good.


> http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers  
> provides a
> reasonably useful list of ports NOT to choose for an obscure ssh port.

/etc/services is a good start too :)

patpro
--Apple-Mail-1--820062776--