mouss mouss@netoyen.net wrote:
If you consider this security through obscurity, then why not publish the list of your users on a public web page? after all, you should use strong passwords, so why hide usernames? <<
Usernames are comparatively hard to guess, and chosen from a large space - although email addresses often provide a huge clue. By contrast, there are only 64K port numbers (and only 1K privileged ports, all of which will be scanned by default with nmap) - and to make it worse, the attacker only has to telnet or nc to a port and sshd will obligingly send back its version number and protocol version info as plaintext. So, the added "obscurity" is effectively zero.
I sort of half-buy the log volume/noise argument, but rate-limiting and good analysis tools deal with this as well. And it does nothing for the stress level, since the serious adversary will see through your non-standard port number in seconds.
Best,
--- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909