[kwlug-disc] Tightening up SSH
kb at 2bits.com
Tue Jul 20 10:23:54 EDT 2010
On Tue, Jul 20, 2010 at 10:10 AM, Andrew Kohlsmith (mailing lists account) <
aklists at mixdown.ca> wrote:
> On Monday, July 19, 2010 10:41:35 pm unsolicited wrote:
> > Darcy Casselman wrote, On 07/19/2010 9:12 AM:
> > > Along with previous suggestions, I'd recommend switching to a
> > > non-standard port. It's not really security against a determined
> > > attacker, but it cuts out 99.99% of the random Internet drive-bys.
> > Could you tell me the source of this statistic please?
> Darcy claims he made it up, but I can back it up with my own experience
> And yes, I do know that the plural of "anecdote" is not "evidence". :-)
I feel that the %99.99 is a low estimate too.
I have many client machines that I manage and the amount of scans/probes
is just insane. Putting ssh on a non standard port is just much better for
Think of it as a "No soliciting" sign on your door. Unless you want to open
door for each canvasser and listen to a 5 minute sales story.
Or the decal of the alarm company on your lawn.
This isn't an "attack" any more than a bird flying overhead managing to poop
> your head is an attack. There's no intelligence behind this.
> (Ok, maybe it's slightly more of an attack than the example I gave, since
> bird isn't flying overhead looking for bald spots (I hope!), but you get my
The bird and the canvasser are poor analogies. Neither are turning the knobs
or door handles of homes/cars checking if something is unlocked so they can
go in and snatch stuff.
Khalid M. Baheyeldin
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kwlug-disc