[Gllug] ssh attacks

Bruce Richardson itsbruce at uklinux.net
Fri Feb 3 11:29:36 UTC 2006


On Fri, Feb 03, 2006 at 10:39:11AM +0000, John wrote:
> Am I right in assuming changing the ssh port is pointless as anyone with nmap 
> will see the port I change it to anyway?

No, you are not right that it is pointless.  It may not be practical (if
this is a work box rather than a personal one or if you need access to
it from) but it would eliminate all or almost all of the attaches you
are seeing.  These attacks are automated, looking for an easy target.
They do not scan every port on a box, testing to see if it is running
ssh; they just attack port 22.  If you change the port, these attacks
will not hit you.

Moving the port would not protect you from a deliberate, targetted
attack by someone who had purposely singled you out, but it would
protect you from these automated attacks (or at least 99.9% of them).

-- 
Bruce

I must admit that the existence of Disneyland (which I know is real)
proves that we are not living in Judea in AD 50. -- Philip K. Dick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060203/adfd9a03/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list