--On Wednesday, March 27, 2013 3:28 PM -0400 Bill Horne <[email protected]>
wrote:
When combined with port-knocking, having a non-standard port for a
service like ssh
is an effective means of preventing port-scanning attacks. It doesn't
prevent an
It also makes you vulnerable to denial of service.
in Exim4, but it
_IS_ an effective tool when properly deployed.
I claim that obfuscation cannot be properly deployed. Obfuscation is
wrapping a towel around your head and pretending that if you can't see the
service then neither can anyone else.
Changing the port isn't giving your neighbor the key to your home. Keys are
authentication tokens. The port is analogous to the keyway. Changing the
port is the same as moving the keyway. The lock is still there and you
still need the correct key; you've just moved it up or down from where it
is normally located which is usually a convenient waist/elbow height.
The only security that you've added is that blind thieves are going to have
a slightly harder time finding the keyway.
--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
