Breakin attempt
Erik Nørgaard
norgaard at locolomo.org
Sat Oct 22 19:18:27 UTC 2011
On 22/10/2011 16:12, Polytropon wrote:
> Is there _any_ reason why moving from port 22 to something
> different is _not_ a solution?
Yes
> Reason why I'm asking: Moving SSH away from its default port
> seems to be a relatively good solution as break-in attempts
> concentrate on default ports. So in case a sysadmin decides
> to move SSH to a "hidden" location, what could be an argument
> against this decision?
Moving to a non standard port does not provide you any additional real
security. The random scannings and occasional attacks will disappear
from your logs but these are not interesting, they fail because you
already hardened your server. Those who are determined to break into
your server will also find your ssh running on a non-standard port.
On the other hand, those legitimate users who rely on ssh to connect
remotely to their account may not be able to because the firewall on the
network only allows access to standard ports for whatever reason, and
running ssh on port, say, 24 is a non-standard port. It is actually
common to block access to most ports and allow access only through a
proxy, and then open for those particular services that will not run
through a proxy. Hence, if you want to be sure to be able to connect
remotely, your best bet is to run your services on standard ports.
In summary, nothing is won moving ssh to a nonstandard port except for
potential problems.
BR, Erik
More information about the freebsd-questions
mailing list