[svlug] ssh attacks - ideas

Fabrizio Bertocci fabriziobertocci at gmail.com
Fri Oct 22 15:05:47 PDT 2004

Previous message: [svlug] ssh attacks - ideas
Next message: [svlug] ssh attacks - ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I agree with everybody: changing the port in theory won't make the
system more secure... it's easy to find it...

*BUT*, the fact is that I'm currently managing two servers: on the one
with ssh listening to port 22 I see a daily list of failed login
attempts... (some days even more than one hundred... )
For the other server (ssh listening on port 7789), since I moved sshd
to listen to port 7789,   I've NEVER seen a login attempt.

Most likely hackers uses scripts to scan a range of IP for a daemon
responding on standard port 22... and don't bother too much for
scanning other ports...

The reason why I chose 7789? Because it's a number that's faster to
type (with or without numeric keypad) ;-)

Fabrizio

On Fri, 22 Oct 2004 14:36:17 -0700, Rafael Skodlar <raffi at linwin.com> wrote:
> On Fri, Oct 22, 2004 at 02:18:47PM -0700, Anthony Ettinger wrote:
> > What difference does the port make? I don't see how
> 
> Exactly. NMAP can tell you that some other port has ssh listening on it
> if somebody decides to scan you on all kinds of ports.
> 
> > this has any baring on whehter or not your machine is
> > secure.
> >
> 
> If your level of paranoia is so high, then firewall ports so that
> connections are limited to certain sources. If that's not acceptable, I
> have my doubts in it's practicality, then use port knocking technique to
> open default ssh port only when needed.
> 
> > --- Norman Shapiro <norm at dad.dad.org> wrote:
> >
> > > "Edward M. Goldberg" <emg at EdwardMGoldberg.com>
> > > writes
> > >
> > > >Pick [the port that sshd will listen to] with care!
> > >
> > > Can you tell me what to be careful about?  How do I
> > > pick the port?  Is there
> > > some appropriate range?
> > >
> > > Thanks for being patient with my stupidity.
> > >
> > >     Norman Shapiro
> > >     798 Barron Avenue
> > >     Palo Alto CA 94306-3109
> > >     (650) 565-8215
> > >     norm at dad.org
> 
> --
> Rafael
> "There really can be no debate about it now: natural human ability to
> percieve number does not exceed four!"
> --- George Ifrah, The Universal History of Numbers.
> 
> 
> 
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>

Previous message: [svlug] ssh attacks - ideas
Next message: [svlug] ssh attacks - ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list