a record?

Patrick W. Gilmore patrick at ianai.net
Sun Nov 20 15:45:21 UTC 2005


On Nov 20, 2005, at 6:17 AM, Elmar K. Bins wrote:

>> Unfortunately, we now have decades of experience in cybersecurity  
>> that
>> this isn't true.  It appears to work for a while, but on the Internet
>> bears are always hungry and learn.  There are people actively  
>> scanning
>> for any open ports running any protocol, without a SPECIFIC  
>> interest in
>> your computer.
>
> Funnily, I see many many more scanning attempts for the same port (or
> handful of ports) across entire networks than the other way around.
>
> And as stated before: If somebody scans 63023, he has interest in your
> site and is worth the effort of doing something about it. That's the
> whole point in changing the port.
>
> Changing the port is not making the system more secure, it only  
> filters
> out passers-by.

I'm going to repeat what Sean said, because you clearly didn't read  
what he said:

"There are people actively scanning for any open ports running any  
protocol, without a SPECIFIC interest in your computer."

Allow me to re-state again in slightly different language so you  
understand this time:

Changing your port may (will?) lower the number of automated scans  
you see hitting your daemon, but it will _NOT_ eliminate them.  IOW:  
Just because someone is probing for an SSH daemon on 65K ports  
against your box does _NOT_ mean he has a specific interest in your box.

If you honestly believe that just 'cause someone tried "ssh -p 63xxx  
$YOUR.BOX" it means he is specifically targeting your box, well, that  
is your prerogative.  You are almost certain to be wrong at least  
part of the time, though.

-- 
TTFN,
patrick



More information about the NANOG mailing list