attack on my server
Jamon Camisso
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Mon Aug 27 20:28:13 UTC 2007
Neil Watson wrote:
> On Mon, Aug 27, 2007 at 03:46:43PM -0400, Jamon Camisso wrote:
>> Easiest is to move ssh from port 22 to another port, something random,
>> above 1024.
>
> I think this gives a false sense of security. You have to assume that
> if a port is publicly available then cracker will find it. After all
> only a 5 minute port scan stands between him and the obfuscated port.
Sure, again keys are best. But moving the port reduces automated scans
drastically, I'd say by an order of magnitude at least, usually more.
If you're up against a cracker who wants in, then any open port is a
potential vulnerability. If you have to have passwords, move the port,
use fail2ban/denyhosts, and maybe setup port-knocking too.
Jamon
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list