a record?
Patrick W. Gilmore
patrick at ianai.net
Sun Nov 20 15:45:21 UTC 2005
On Nov 20, 2005, at 6:17 AM, Elmar K. Bins wrote:
>> Unfortunately, we now have decades of experience in cybersecurity
>> that
>> this isn't true. It appears to work for a while, but on the Internet
>> bears are always hungry and learn. There are people actively
>> scanning
>> for any open ports running any protocol, without a SPECIFIC
>> interest in
>> your computer.
>
> Funnily, I see many many more scanning attempts for the same port (or
> handful of ports) across entire networks than the other way around.
>
> And as stated before: If somebody scans 63023, he has interest in your
> site and is worth the effort of doing something about it. That's the
> whole point in changing the port.
>
> Changing the port is not making the system more secure, it only
> filters
> out passers-by.
I'm going to repeat what Sean said, because you clearly didn't read
what he said:
"There are people actively scanning for any open ports running any
protocol, without a SPECIFIC interest in your computer."
Allow me to re-state again in slightly different language so you
understand this time:
Changing your port may (will?) lower the number of automated scans
you see hitting your daemon, but it will _NOT_ eliminate them. IOW:
Just because someone is probing for an SSH daemon on 65K ports
against your box does _NOT_ mean he has a specific interest in your box.
If you honestly believe that just 'cause someone tried "ssh -p 63xxx
$YOUR.BOX" it means he is specifically targeting your box, well, that
is your prerogative. You are almost certain to be wrong at least
part of the time, though.
--
TTFN,
patrick
More information about the NANOG
mailing list