[CentOS] Security advice, please

Tue Dec 23 15:25:08 UTC 2008
Michael A. Peters <mpeters at mac.com>

John Doe wrote:
>> Then, I want to read from my own IMAP server when I'm away from home.  Is 
>> there a better way than opening port 143?
> The easiest would be if you had a fixed external IP and only allow it; but I guess that won't be the case.
> Maybe using an other port than 143?  But I don't think that would fool port scanners.

Yes it will fool the port scanners.

On my centos server at a colo (er, not really my server, it's a xen 
virtual host on someone elses server, but it feels like mine - I love 
xen) I was seeing literally hundreds of attacks on the ssh port within a 
day of setting it up. I changed the port to one > 1024 and I haven't 
seen a single attack since.

If someone wants to attack your specific server, they'll do a full port 
scan and find what you have regardless of what ports you are using - but 
the vast majority of scripts don't because it takes longer to do a full 
port scan, machines run by people smart enough to change the port 
usually are run by people who have a clue, very often do not have a lot 
of users (machines that service a lot of users really need to use the 
standard ports) and thus are not as likely to have a brute force attack 
work. So the few extra hosts they find via full port scan isn't worth 
the time it takes, that time is better spent scanning for people without 
a clue who are running on the default port. I suspect a lot of scripts 
don't even bother to scan, they probably just try to connect and move to 
the next IP when they get a port closed.