home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] Re: ssh suggestions

On 17 Apr 2006 at 9:33, sberaud wrote:

> I noticed all the attacks were trying random ports in the upper range. I 
> am curious about the upper ports. Why are they more secure than the 
> lower ones?

In short, they aren't more secure.  Most attacks, like the ones you 
are seeing, are scripts, looking at the usual ports. Moving ssh to 
listen on another port means things aren't where they are supposed to 
be.  A higher port number is suggested because that will give you an 
unused port number.  You could just as easily make ssh listen on a 
lower port number, say 23 (telnet) or 80 (http).

Putting it on port 28932 for example means that:

1 - they have to scan a lot of port numbers to find your ssh
2 - they then have to recognize that it's SSH they've found and not 
one of the other protocols

Neither of these two steps is particular difficult.  But it does 
remove the annoying script kiddie factor.

Personally, I prefer to firewall off ssh so that incoming connections 
are accepted only from location I want.  For example, all of my boxes 
will accept ssh from each other.  I then add in a couple of trusted 
locations (friend's boxes, etc).

-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php



replies

message navigation