[CentOS] Security advice, please
Michael A. Peters
mpeters at mac.com
Tue Dec 23 15:25:08 UTC 2008
John Doe wrote:
>> Then, I want to read from my own IMAP server when I'm away from home. Is
>> there a better way than opening port 143?
> The easiest would be if you had a fixed external IP and only allow it; but I guess that won't be the case.
> Maybe using an other port than 143? But I don't think that would fool port scanners.
Yes it will fool the port scanners.
On my centos server at a colo (er, not really my server, it's a xen
virtual host on someone elses server, but it feels like mine - I love
xen) I was seeing literally hundreds of attacks on the ssh port within a
day of setting it up. I changed the port to one > 1024 and I haven't
seen a single attack since.
If someone wants to attack your specific server, they'll do a full port
scan and find what you have regardless of what ports you are using - but
the vast majority of scripts don't because it takes longer to do a full
port scan, machines run by people smart enough to change the port
usually are run by people who have a clue, very often do not have a lot
of users (machines that service a lot of users really need to use the
standard ports) and thus are not as likely to have a brute force attack
work. So the few extra hosts they find via full port scan isn't worth
the time it takes, that time is better spent scanning for people without
a clue who are running on the default port. I suspect a lot of scripts
don't even bother to scan, they probably just try to connect and move to
the next IP when they get a port closed.
More information about the CentOS