Please Help! How to STOP them...

Oliver Fromme olli at lurza.secnetix.de
Mon Jan 15 17:05:38 UTC 2007 

Gerard Seibert wrote:
 > Reko Turja wrote:
 > > Moving your sshd port somewhere else than 22 - the prepackaged 
 > > "cracking" programs don't scan ports, just blindly try out the default 
 > > port - with determined/skilled attacker it's different matter entirely 
 > > though.
 > 
 > Security through Obscurity is not true security at all. You are simply
 > assuming that other ports are not being scanned.

I don't think he's assuming that.  He is just suggesting an
effective solution to the problem that hundreds of failed
login attempts are filling the OP's logs and cron mails.
He didn't claim that it increases security.

In fact, I would also recommend to move the ssh service
from port 22 to a different, non-standard port if possible.
If you want, you can even have the sshd daemon listen on
_both_ port 22 _and_ your non-standard port 122, and limit
access to port 22 to a few well-known IP addresses, using
a packet filter.  That way you diminish the usual "blind"
attempts on port 22, but you can still login using the
non-standard port if you happen to come from an unknown
IP address, so you don't lock yourself out.

Of course, it is important to understand that changing
the port number will not significantly increase security.
However, it might give you a slight advance when yet
another ssh security bug is discovered and exploits start
circulating while you're asleep.  Usually the first
exploits are quick and dirty hacks which have port 22
hardcoded, and most script kiddies who blindly scan
random networks don't have enough clue to change it.  ;-)

Of course, you still need to patch or update your sshd
as quickly as possible if necessary, and you still need
to use good passwords, or -- even better -- don't use
passwords at all, but use key-based authentication.
Another thing that might be useful are one-time passwords
(OPIE), especially when you're connection from a foreign
client such as a public terminal.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

cat man du : where Unix geeks go when they die

More information about the freebsd-questions mailing list