a record?
Alexei Roudnev
alex at relcom.net
Sun Nov 20 18:23:50 UTC 2005
Are you sure? ?? statistics shows me opposite.
> "There are people actively scanning for any open ports running any
> protocol, without a SPECIFIC interest in your computer."
I mean - for ANY. Pretty easy to check - set up access liost with 'log' for
2 ports - port 22 and port 63023, and show us number of hits in 1 week.
My statistics shows 0 count on big non standard ports. Reason is simple -
full range scan is very slow, and have very low ratio of success, so it is
relatively useless.
>
> Allow me to re-state again in slightly different language so you
> understand this time:
>
> Changing your port may (will?) lower the number of automated scans
> you see hitting your daemon, but it will _NOT_ eliminate them. IOW:
> Just because someone is probing for an SSH daemon on 65K ports
> against your box does _NOT_ mean he has a specific interest in your box.
Probing - not; trying to guess password - 100% YES.
But probing rate is 0 , to my surprtise.
>
> If you honestly believe that just 'cause someone tried "ssh -p 63xxx
> $YOUR.BOX" it means he is specifically targeting your box, well, that
> is your prerogative. You are almost certain to be wrong at least
> part of the time, though.
>
> --
> TTFN,
> patrick
More information about the NANOG
mailing list