Joseph L. Casale wrote: > > The non-standard port is a good trick, > > Here's just an opinion: Security by obscurity only > makes >you< feel good, it does nothing in reality. > Anyone sufficiently talented to hack a service in > order to gain root or do something useful would not > be fooled by that. Set whatever your doing up right > so that any false sense of security is not deemed > necessary. Changing port numbers will not stop a talented person who is intent on breaking into your network. However, it will stop (or at least slow down) the script-kiddies, worms, and others out there who are just scanning for misconfigured or unpatched applications. Switching SSH to a non-standard port completely emptied my log files of bad connection attempts. Now, if someone attempts to break in, it will be VERY obvious in the logs where before, it would have been buried in all of the other garbage. > Prevent weak passwords, possibly use connection throttling > etc etc. Of course. No one is suggesting that changing port numbers is all you need to do. It is just one more thing that you can do to slow down the attackers. -- Bowie