| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b13f6c1041224060615409b7a@mail.gmail.com> From: infsec at gmail.com (Willem Koenings) Subject: OpenSSH is a good choice? On Fri, 24 Dec 2004 18:19:34 +1300, Ben Hawkes <ben.hawkes@...adise.net.nz> wrote: > the internet being high enough to be an attractive target for a worm. In > the end, running a service on a non-standard port at this point in time > is a useful part of a layered security approach, if only to inhibit > worms. Not only the worms. Consider this scenario - person gets on his hand new sshd 0day exploit and now wants to play with it. He starts to find possible victims. How he starts to find them, what is the most logical approach? He chooses some c class /24, takes out his favorite scanner and starts sweep through class c to find port 22. Why? - scanning through all 65535 is very inefective and time consuming - amount of people who relocated sshd to some other port is marginal - in he does not find somone vulnerable quick enough, he might lose his intrest - he is not attacking somone in person, he is just fishing, seaching anyone, who is running sshd. If your computer port 22 does not answer to the scan, you are omitted, he goes on and does not waste his time to your computer - there are plenty other fishes in the sea. I'e noticed, that most victim searches are performed in similar manner. But things are completly different, if you happened to piss somone of - then you automatically are under his undivided attention. all the best, W.
Powered by blists - more mailing lists