nanog mailing list archives
Re: a record?
From: Matthew Sullivan <matthew () sorbs net>
Date: Fri, 18 Nov 2005 21:26:30 +1100
John Levine wrote:
Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?don't do that! Lots of (access) isps around the world (esp here in Europe) block those portsIf you're going to move sshd somewhere else, port 443 is a fine choice. Rarely blocked, rarely probed by ssh kiddies. It's probed all the time by malicious web spiders, but since you're not a web server, you don't care.
Except if you're running a version of OpenSSL that has a vulnerability, you could be inviting trouble - particularly with kiddies scanning for Apache with vulnerable versions of OpenSSL attached by way of mod_ssl etc...
Regards, Mat
Current thread:
- Re: a record?, (continued)
- Re: a record? Kevin Loch (Nov 14)
- Re: a record? Rob Thomas (Nov 14)
- Re: a record? Randy Bush (Nov 14)
- Re: a record? Dan Hollis (Nov 14)
- Re: a record? Randy Bush (Nov 14)
- Re: a record? Peter Dambier (Nov 14)
- Re: a record? william(at)elan.net (Nov 14)
- Re: a record? Matthew Sullivan (Nov 14)
- Re: a record? Frank Louwers (Nov 15)
- Re: a record? John Levine (Nov 15)
- Re: a record? Matthew Sullivan (Nov 18)
- Re: a record? Eric Rescorla (Nov 18)
- Re: a record? william(at)elan.net (Nov 14)
- Re: a record? Patrick W. Gilmore (Nov 15)
- Re: a record? Alexei Roudnev (Nov 19)
- Re: a record? Austin McKinley (Nov 19)
- Re: a record? Suresh Ramasubramanian (Nov 19)
- Re: a record? Alexei Roudnev (Nov 19)
- Re: a record? Suresh Ramasubramanian (Nov 19)
- Re: a record? Sean Donelan (Nov 19)
- Re: a record? Elmar K. Bins (Nov 20)