--On Thursday, June 17, 2010 09:38:02 -0700 "Randal L. Schwartz" <[email protected]> wrote:
>>>>>> "Emmanuel" == Emmanuel VERCHERE <[email protected]> writes: > > Emmanuel> SSH daemons using password auth exposed to the Internet _do_ > Emmanuel> get bruteforce attempts. I would not recommend moving it to a > Emmanuel> different port than 22 as that would be of very, _very_ little > Emmanuel> help - rather switch to public key auth (plus SPA if you're > Emmanuel> paranoid), et voila. > > After being regularly nailed on my port 22, I *did* move it. I've had > only *one* attack since then, down by a factor of 20 or so. > > Yes, it's worth it to not be on port 22, as long as you're one of the > few. :) Remember, these bots are going for low-hanging fruit... it's > not worth it for them to hit all 65k ports. > > Now, if we *all* move away from 22, your advice is more appropriate. Of course if you do account provisioning correctly and configure your hosts securely, you're not exposed on port 22 either. You just have to deal with the constant knocking at the door. Some of us have simply learned to ignore it. It's just the background noise of the internet. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
