Always Learning wrote:
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old "move stuff to alternate ports" thing is largely a waste of time and just makes it more difficult for legitimate use. With large bot networks and tools like zmap, finding services on alternate ports is not that hard for the "bad guys".
Having SSH on 22 is lower-hanging fruit than having SSH on a different port. Sure, an NBA all-star will be able to reach the apples at the top of the tree easily, but most people are not NBA all-stars. Most port-scanners do not scan all possible ports.
And I am fully aware that people in the 'it's a waste of time' camp are unmoved by that. It's not worth arguing about; those who move to non-standard ports are going to want to do it anyway.
Lamar's comments are very sensible.
I always change the SSH port to something conspicuously different. Every server has a different and difficult to guess SSH port number with access restricted to a few IP addresses.
<snip> I disagree - I am in the "waste of time" camp. The reality is that only script kiddies start out by trying 22 (and I *do* mean script kiddies - I've seen attempts to ssh in that were obviously from warez, man, where they were too stupid to fill in ___ with a username, or salt. All the others, I figure they don't need to be major league, just someone with a clue, who'll run a scan; in fact, I'd expect them to run a scan just to see what IPs were visible, and I know that if I was writing a scan, I don't assume that I'm *so* brilliant that I'm the only one to think of scanning ports < 1k while looking for systems that I might hit.
mark