Change SSH port? why does this seem to be safer?
This is a discussion on Change SSH port? why does this seem to be safer? within the Linux Security forums, part of the System Security and Security Related category; > So can anyone tell my why changing a port number improves safety? Ah, well, if you combine it with ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-30-2005
|
|||
|
|||
Re: Change SSH port? why does this seem to be safer?
> So can anyone tell my why changing a port number improves safety?
Ah, well, if you combine it with portsentry, you can make it unlikely that someone can discover which port SSH is running on before they get blocked. Supposing I run ssh on port 7588 (picked at random), that means that the only way for someone to *find* port 7588 is by searching ports at random. I also run portsentry, which blocks out IPs that try to do port scans. Once a host has scanned a few ports, that host gets added to my blacklist. The chances of someone hitting port 7588 before getting blacklisted are extremely poor. -- (reverse (concatenate 'string "moc.liamg" "@" "enworbbc")) http://cbbrowne.com/info/ If we were meant to fly, we wouldn't keep losing our luggage. 
|
|
08-30-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
Mr. Boy wrote:
> so as far as i can tell... there is nothing you get besides smaller > logfiles when you change service ports, you only keep really stupid > hackers-wannabe or scripts out... > > Well, that is exactly my point, if you don't have stupid passwords as > ch4ng3M3 and do not mind to have 24M of logfiles in your server.. there > is not much point on changing service ports... > > I think is better to be restrictive in resources than changing the > standards... > > But, THANKS ALL OF YOU GUYS, i've learnt a little bit today with your > response... > > Keep Sharing that good knowledge... this makes all of us stronger > against m$... > One other possible good reason to change ports is that then attempts at port 22 will be logged in a manner that DShield can use for its analysis. I know this is a minor point but still of some value.
|
|
08-30-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
"Barton L. Phillips" <bartonphillips@sbcglobal.net> wrote in message
news:ja0Re.62$ZL4.4@newssvr12.news.prodigy.com > One other possible good reason to change ports is that then attempts > at port 22 will be logged in a manner that DShield can use for its > analysis. I know this is a minor point but still of some value. How does DShield operate please, and what does it accomplish?
|
|
08-30-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
ynotssor wrote:
> "Barton L. Phillips" <bartonphillips@sbcglobal.net> wrote in message > news:ja0Re.62$ZL4.4@newssvr12.news.prodigy.com > > >>One other possible good reason to change ports is that then attempts >>at port 22 will be logged in a manner that DShield can use for its >>analysis. I know this is a minor point but still of some value. > > > How does DShield operate please, and what does it accomplish? They automatically collect log files and analyze them. Their web site is http://isc.sans.org/ It is the SANS "Internet Storm Center".
|
|
09-01-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
On 2005-08-29, Mr. Boy <mrboy77@gmail.com> wrote:
> I have a security question to this group? > > Which is the security enhancement in changing service ports? a little > bit of probing and packet reading show exactly which service is running > on each port... > > as nmap does with a -sV switch... even without using ping ( -P0 )... > > it returns the service and version of almost every single service or > daemon that a computer has... no matter which OS is running it... > > So can anyone tell my why changing a port number improves safety? Security through obscurity; nothing more. -- John (john@os2.dhs.org)
|
|
09-01-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
On Thu, 01 Sep 2005 05:05:07 +0000, John Thompson wrote:
> On 2005-08-29, Mr. Boy <mrboy77@gmail.com> wrote: > >> I have a security question to this group? >> >> Which is the security enhancement in changing service ports? a little >> bit of probing and packet reading show exactly which service is running >> on each port... >> >> as nmap does with a -sV switch... even without using ping ( -P0 )... >> >> it returns the service and version of almost every single service or >> daemon that a computer has... no matter which OS is running it... >> >> So can anyone tell my why changing a port number improves safety? > > Security through obscurity; nothing more. Unless you are a high value target changing the the port number should help a lot. A typical ping time is 50ms which means that a port scanner can only probe 20 ports on a target system per second. At that rate it would take about an hour to probe all 64K ports on a machine, that's why they only probe well known ports. If you move the ssh port to some random number it should eliminate attacks from systems that are simply searching the internet for vulnerable machines. It won't make any difference for systems that are being explicitly targeted but unless you are a big corporation or a government agency why would anyone target you.
|
|
09-01-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
"General Schvantzkoph" <schvantzkoph@yahoo.com> wrote in message
news:pan.2005.09.01.16.25.29.916660@yahoo.com... > It won't make any difference for > systems that are being explicitly targeted but unless you are a big > corporation or a government agency why would anyone target you. Because one is on the Internet; no other reason is needed.
|
|
09-01-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
On 2005-09-01, ynotssor <ynotssor@example.net> blabbed:
> Because one is on the Internet; no other reason is needed. I would disagree with that. There is a big difference between being "targeted" and being opportunistically attacked. -- Shadus
|
|
09-01-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
"Shadus" <shadus@shadus.org> wrote in message
news:meWdnaJG3bYeroreRVn-uw@giganews.com... > > Because one is on the Internet; no other reason is needed. > > I would disagree with that. There is a big difference between being > "targeted" and being opportunistically attacked. Semantically, yes.
|
|
09-01-2005
|
|||
|
|||
|
Re: Change SSH port? why does this seem to be safer?
On 2005-09-01, ynotssor <ynotssor@example.net> blabbed:
>> I would disagree with that. There is a big difference between being >> "targeted" and being opportunistically attacked. > Semantically, yes. I would argue most opportunistic attacks on the network happen when someone portscans and finds an open port that they feel they might potentially be able to exploit in some manor. They're hoping for an insecure site or a clueless admin or unpatched services. A targeted attacker on the other hand generally takes the time to obtain information about the site, the admins, customers and or clients if they can. They can focus their attacks with much more accuracy making them potentially much more dangerous, I've not often had someone who casually stumbles on a ssh port start calling and attempting to social engineer information useful to cracking a site out of the employees. The two are on entirely different levels when it comes to potential danger. -- Shadus
|
Linear Mode
