nanog mailing list archives
Re: a record?
From: Eric Rescorla <ekr () rtfm com>
Date: Fri, 18 Nov 2005 07:28:12 -0800
Matthew Sullivan <matthew () sorbs net> writes:
John Levine wrote:Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?don't do that! Lots of (access) isps around the world (esp here in Europe) block those portsIf you're going to move sshd somewhere else, port 443 is a fine choice. Rarely blocked, rarely probed by ssh kiddies. It's probed all the time by malicious web spiders, but since you're not a web server, you don't care.Except if you're running a version of OpenSSL that has a vulnerability, you could be inviting trouble - particularly with kiddies scanning for Apache with vulnerable versions of OpenSSL attached by way of mod_ssl etc...
It's worth noting that while OpenSSH uses OpenSSL for crypto, most of the recent vulnerabilities in OpenSSL do not extend to OpenSSH, because they're in the SSL state machine, not the crypto. -Ekr
Current thread:
- Re: a record?, (continued)
- Re: a record? Rob Thomas (Nov 14)
- Re: a record? Randy Bush (Nov 14)
- Re: a record? Dan Hollis (Nov 14)
- Re: a record? Randy Bush (Nov 14)
- Re: a record? Peter Dambier (Nov 14)
- Re: a record? william(at)elan.net (Nov 14)
- Re: a record? Matthew Sullivan (Nov 14)
- Re: a record? Frank Louwers (Nov 15)
- Re: a record? John Levine (Nov 15)
- Re: a record? Matthew Sullivan (Nov 18)
- Re: a record? Eric Rescorla (Nov 18)
- Re: a record? william(at)elan.net (Nov 14)
- Re: a record? Patrick W. Gilmore (Nov 15)
- Re: a record? Alexei Roudnev (Nov 19)
- Re: a record? Austin McKinley (Nov 19)
- Re: a record? Suresh Ramasubramanian (Nov 19)
- Re: a record? Alexei Roudnev (Nov 19)
- Re: a record? Suresh Ramasubramanian (Nov 19)
- Re: a record? Sean Donelan (Nov 19)
- Re: a record? Elmar K. Bins (Nov 20)
- Re: a record? Patrick W. Gilmore (Nov 20)