Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Eric Rescorla
  • Date: Fri Nov 18 10:22:44 2005

Matthew Sullivan <matthew@sorbs.net> writes:

> John Levine wrote:
>
>>>>Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
>>>>
>>>don't do that! Lots of (access) isps around the world (esp here in
>>>Europe) block those ports
>>>
>>
>>If you're going to move sshd somewhere else, port 443 is a fine
>>choice.  Rarely blocked, rarely probed by ssh kiddies.  It's probed
>>all the time by malicious web spiders, but since you're not a web
>>server, you don't care.
>>
>
> Except if you're running a version of OpenSSL that has a
> vulnerability, you could be inviting trouble - particularly with
> kiddies scanning for Apache with vulnerable versions of OpenSSL
> attached by way of mod_ssl etc...

It's worth noting that while OpenSSH uses OpenSSL for crypto, most of
the recent vulnerabilities in OpenSSL do not extend to OpenSSH,
because they're in the SSL state machine, not the crypto.

-Ekr




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.