[kwlug-disc] Tightening up SSH

[Khalid Baheyeldin]

On Tue, Jul 20, 2010 at 10:10 AM, Andrew Kohlsmith (mailing lists account) <
aklists at mixdown.ca> wrote:

> On Monday, July 19, 2010 10:41:35 pm unsolicited wrote:
> > Darcy Casselman wrote, On 07/19/2010 9:12 AM:
> > > Along with previous suggestions, I'd recommend switching to a
> > > non-standard port.  It's not really security against a determined
> > > attacker, but it cuts out 99.99% of the random Internet drive-bys.
> >
> > Could you tell me the source of this statistic please?
>
> Darcy claims he made it up, but I can back it up with my own experience
> too.
> And yes, I do know that the plural of "anecdote" is not "evidence". :-)
>

I feel that the %99.99 is a low estimate too.

I have many client machines that I manage and the amount of scans/probes
is just insane. Putting ssh on a non standard port is just much better for
one's
sanity.

Think of it as a "No soliciting" sign on your door. Unless you want to open
the
door for each canvasser and listen to a 5 minute sales story.

Or the decal of the alarm company on your lawn.

This isn't an "attack" any more than a bird flying overhead managing to poop
> on
> your head is an attack. There's no intelligence behind this.
>
> (Ok, maybe it's slightly more of an attack than the example I gave, since
> the
> bird isn't flying overhead looking for bald spots (I hope!), but you get my
> drift.)
>

The bird and the canvasser are poor analogies. Neither are turning the knobs
or door handles of homes/cars checking if something is unlocked so they can
go in and snatch stuff.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100720/1780e1f7/attachment.htm>