Need urgent help regarding security

[Jeremie Le Hen]

Hi, Marian,

> Where is the protection, or rather the danger in being "visible" to 
> script kiddis? There's no security issue valid for script kiddis which 
> wouldn't be valid for any other attacker too.
> The main question is: Where is the danger in script kiddies with their 
> brute force attacks?
> I guess it's mainly the annoying fact that your logfile get's 
> unreadable. If that's the problem: use logsurfer or something similar to 
> analyze the logfile.
> You just don't get more secure by moving the sshd to a different port 
> than port 22.

Security is not absolute, as you surely know considering the fact you
seem to be quite sensitive to it.  I guess that most of running sshd(8)
are bound to port tcp/22.  If a group of hackers find a hole in
OpenSSH's sshd(8) implementation in a very early stage of the
connection (IOW before authentication) but do not disclose it - and
only God knows how many undisclosed holes there are - then one can
figure they want to avail themselves of this hole by working in
collaboration with spammers or whatever.  The best way they can work
for this purpose is creating a massive exploitation tool in order to
install as much spam agents as they can, before the hole is disclosed.
Not having your sshd(8) bound to port 22 would save you from being
exploited in this case.

Of course, if this particular group of hackers wants to defeat _your_
network, this measure won't prevent them from exploiting your sshd(8).

There is no need to involve kiddies, given that the tools they are
using would surely appear far after the correction of the hole in the
next OpenSSH release and all serious network administrators would have
upgraded their boxes.

Please, don't turn this thread into a troll.

Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >