[CentOS] duqu
Stephen Harris
lists at spuddy.org
Wed Dec 7 14:17:24 UTC 2011
On Wed, Dec 07, 2011 at 07:07:33AM -0500, Lamar Owen wrote:
> On Tuesday, December 06, 2011 08:06:55 PM James A. Peltier wrote:
> > [Changing the port #] is completely and utterly retarded. You have
> done *NOTHING* to secure SSH by doing this. You have instead made it
> only slightly, and I mean ever so slightly, more secure. A simple port
> scan of your network would find it within seconds and start to utilize it.
>
> Simple port scans don't scan all 65,536 possible port numbers; those
> scans are a bit too easy for IDS detection and mitigation. Most scans
> only scan common ports; the ssh brute-forcer I found in the wild only
> scanned port 22; if it wasn't open, it went on to the next IP address.
In theory James is correct. In practice Lamar appears to be. About a
year back I changed my ssh port and have not since seen password hack
attempts, so the port scanners are definitely not pervasively scanning
all ports. (Not that they'd have logged in; but it was causing noise
and annoyance in the logs)
Now the same wouldn't be true if I was managing firewalls for Chase or
Bank Of America or Citi or HSBC; you can be sure that they're being
scanned on all ports and better not have external ssh connections open
to the world!
--
rgds
Stephen
More information about the CentOS
mailing list