On 02/13/2015 09:15 AM, Chris Adams wrote: > Yeah, the old "move stuff to alternate ports" thing is largely a waste > of time and just makes it more difficult for legitimate use. With > large bot networks and tools like zmap, finding services on alternate > ports is not that hard for the "bad guys". Having SSH on 22 is lower-hanging fruit than having SSH on a different port. Sure, an NBA all-star will be able to reach the apples at the top of the tree easily, but most people are not NBA all-stars. Most port-scanners do not scan all possible ports. And I am fully aware that people in the 'it's a waste of time' camp are unmoved by that. It's not worth arguing about; those who move to non-standard ports are going to want to do it anyway.