On 17 Apr 2006 at 9:33, sberaud wrote: > I noticed all the attacks were trying random ports in the upper range. I > am curious about the upper ports. Why are they more secure than the > lower ones? In short, they aren't more secure. Most attacks, like the ones you are seeing, are scripts, looking at the usual ports. Moving ssh to listen on another port means things aren't where they are supposed to be. A higher port number is suggested because that will give you an unused port number. You could just as easily make ssh listen on a lower port number, say 23 (telnet) or 80 (http). Putting it on port 28932 for example means that: 1 - they have to scan a lot of port numbers to find your ssh 2 - they then have to recognize that it's SSH they've found and not one of the other protocols Neither of these two steps is particular difficult. But it does remove the annoying script kiddie factor. Personally, I prefer to firewall off ssh so that incoming connections are accepted only from location I want. For example, all of my boxes will accept ssh from each other. I then add in a couple of trusted locations (friend's boxes, etc). -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php