North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: a record?
- From: Patrick W. Gilmore
- Date: Sun Nov 20 10:47:13 2005
On Nov 20, 2005, at 6:17 AM, Elmar K. Bins wrote:
I'm going to repeat what Sean said, because you clearly didn't read
what he said:
Unfortunately, we now have decades of experience in cybersecurity
Funnily, I see many many more scanning attempts for the same port (or
this isn't true. It appears to work for a while, but on the Internet
bears are always hungry and learn. There are people actively
for any open ports running any protocol, without a SPECIFIC
handful of ports) across entire networks than the other way around.
And as stated before: If somebody scans 63023, he has interest in your
site and is worth the effort of doing something about it. That's the
whole point in changing the port.
Changing the port is not making the system more secure, it only
"There are people actively scanning for any open ports running any
protocol, without a SPECIFIC interest in your computer."
Allow me to re-state again in slightly different language so you
understand this time:
Changing your port may (will?) lower the number of automated scans
you see hitting your daemon, but it will _NOT_ eliminate them. IOW:
Just because someone is probing for an SSH daemon on 65K ports
against your box does _NOT_ mean he has a specific interest in your box.
If you honestly believe that just 'cause someone tried "ssh -p 63xxx
$YOUR.BOX" it means he is specifically targeting your box, well, that
is your prerogative. You are almost certain to be wrong at least
part of the time, though.