[CentOS] [SOLVED] iptables rule question for Centos 5

Sat Aug 4 12:00:14 UTC 2012
Stephen Harris <lists at spuddy.org>

On Sat, Aug 04, 2012 at 02:37:54AM -0500, Johnny Hughes wrote:
> Moving the port to a non-standard port is better than nothing ... but
> only be a very slight bit.  It might work on the least knowledgeable
> script kiddies who only look at port 22, but it will do nothing to hide
> the fact that it is an open to the world ssh port on an nmap scan, etc.

Depends on what problem you're trying to solve...

If you're being targetted by an attacker then, yes, a port scan will
expose the port anyway.  BUT if you're just seeing random internet noise
then simply changing the port will stop this because your random zombie
doesn't port scan before hand (it takes too long, especially if you
DROP traffic to all other ports).

This means that you're not wasting CPU cycles negotiating SSL; you're
not wasting disk space on logs, CPU on fail2ban or similar, resources
on accepting connections etc etc.

Since I moved my port a year ago the number of random attacks on my host
has dropped to zero.

It's a very very small win, but it is a win :-)