joeb joeb at
Mon Sep 8 02:20:14 UTC 2008

In FreeBSD 6.2 and older the port SSH listened on was controlled by
/etc/services. Now in 7.0 SSH no longer looks at /etc/services to find out
what port to listen on. Is this by design or error in the move to a newer
release of SSH?

When it comes to security through obscurity don't be so fast to shoot it
down.  On my system port 22 was receiving over 700 scans or login attempts a
day. Changing the SSH to use xx22 port stopped all the high school and
college script kiddies cold. Now I only get maybe 5 hits on my xx22 port
every 3 months. In my book I would say 'security through obscurity' is a
very simple first step solution that gives great results. But it will not
stop the perpetrator who targets your IP addresses on purpose for some
unknown reason. Then your SOL.

More information about the freebsd-questions mailing list