On Mon, 5 Oct 2009 12:03:44 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX <[email protected]> wrote: >> Personally I tend to either firewall the OpenSSH daemon, or leave it >> wide open. I don't really see the point in changing ports, as long as >> they are still publicly available. > > The ssh bots only seem to probe port 22. In well over a year of > running my ssh servers on a different (very low numbered) port I > haven't logged a single probe (across about a dozen highly visible > servers). > > --lyndon > I personally don't use it (although I'm considering it), but you could look into port knocking. Changing the port that SSHD binds to definitely falls under that obscurity line since if somebody is targeting you, they very well may run a SYN scan (Mmm namp) and read the banners to quickly find out what port you are running sshd on, then target bots accordingly. Granted, if somebody is not specifically targeting you and is just scanning ranges to find sshd on 22 they will pass you right up since that port will be closed.
Andrew -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
