On Mon, Jul 19, 2010 at 10:31 AM, John Van Ostrand <span dir="ltr"><<a href="mailto:john@netdirect.ca">john@netdirect.ca</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">----- Original Message -----<br>
><br>
> I disagree. Any security mechanism that relies on obscurity is not<br>
> secure. Just harden it. It's trivial to port scan you anyway.<br>
<br>
</div><div class="im">ditto.<br>
<br>
# nmap -sS -p 22,122,222,2022,2222 <a href="http://ip.address.or.net" target="_blank">ip.address.or.net</a><br></div></blockquote><div><br>Yes, but that is a hypothetical situation, or a targeted attack (deliberately wanting to penetrate this specific
server).<br><br>A targeted attack may succeed that way, and honestly, probably no one can prevent a targeted attack, only delay it.<br><br>But for the random scans that happen every hour on the net, the bots scan for common exploits and that means port 22 for ssh.<br>
<br>Run it on another port and 99% of scans for ssh will go away. You are less vulnerable (note: less vulnerable != more secure), but also there is less noise in the logs, less use of disk space, and less resources used by these attacks.<br>
</div></div>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">2bits.com</a>, Inc.<br><a href="http://2bits.com">http://2bits.com</a><br>Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>
Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>