Re: SSH attacks?

["Pieter-Bas IJdens" <pieter-bas () ijdens com>]

>   Another word about to worry: I want to worry about system security as
>   neither me nor the software is perfect. I do not believe in security
>   by obscurity (although I must admit that sometimes it works extremely
>   well). Once I stop worrying I may ovberlook the one attempt that really
>   hurts me. Better to stay alert. :-)

Indeed. I just moved them because I was sick of all the automated scans on
these ports. I still have the same update policies for those as I used to
have and treat them no different from other parts of the system. It just
saves time. It also has some minor benefits with respect to 0-day
exploits, but for the rest has no real added value with respect to system
security. Then again, system security is a total package of measures of
course, and having this as part of it has some added value.

Security by obscurity is never an option. If it works extremely well that
is probably just because noone is trying hard enough :)

> > to a different port I didn't get any ssh probes anymore (obviously). Got
> > rid of all these ssh-worm attacks (good old days) in a second, and I
> > personally don't mind supplying people a port number with their
> > username/password. The same can be done for many other services that are
> > not port-bound. Kindof takes the fun out of automated subnet scans.
>
>   True, but there are some minor services as smtp and http which still
>   should be reachable on their standard ports. So the fun continues. :-)

That is right indeed. Keep reading the logs :)

  Pieter-Bas