Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!feed.xsnews.nl!border-1.ams.xsnews.nl!border3.nntp.ams.giganews.com!Xl.tags.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!local2.nntp.ams.giganews.com!nntp.lyse.net!news.lyse.net.POSTED!not-for-mail
NNTP-Posting-Date: Thu, 01 Dec 2011 06:11:51 -0600
Date: Thu, 01 Dec 2011 13:11:07 +0100
From: David Brown <david@westcontrol.removethisbit.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
Newsgroups: comp.os.linux.development.apps
Subject: Re: Security problem
References: <j3jrp5$534$1@speranza.aioe.org> <cd90j8-mnq.ln1@crazy-horse.bildanet.com> <5LadnfB9uvXse_3TnZ2dnUVZ7oGdnZ2d@lyse.net> <jb7kle$7it$1@dont-email.me>
In-Reply-To: <jb7kle$7it$1@dont-email.me>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <ZP6dnXFAC4ua8krTnZ2dnUVZ8h6dnZ2d@lyse.net>
Lines: 26
X-Usenet-Provider: http://www.giganews.com
X-AuthenticatedUsername: NoAuthUser
X-Trace: sv3-AjmLYnXhsAk+AcuYhZ8rModzMBIHOzjov5oAhwQqb32vGhPEu0RGwbOFcGOfJ9JUk1fhEgR0S1WCXJf!iSSItGhvp+jVvPaKwOApLIftFghD6Ilc3FGCR56dwGncY2imWZxY4jjCGTyFQ2fNUUPs4V+kQFAv!SEWu
X-Complaints-To: abuse@altibox.no
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 2267
Xref: x330-a1.tempe.blueboxinc.net comp.os.linux.development.apps:281

On 01/12/2011 11:24, Noob wrote:
> David Brown wrote:
>
>> The easiest and most effective step to limiting dictionary attacks is
>> simply to use a non-standard port.  Put your sshd on port 222 instead of
>> 22, and no attacker will ever find it.
>
> Famous last words.
>
> Meet nmap.

Worms and script kiddies go for standard ports, using common login names 
and passwords, on large ranges of IP addresses.  If an IP address 
doesn't have an sshd on port 22, they find a different address that 
does.  Why waste time on a system that is harder to break into when 
there are so many others around?

People making specific attacks will use nmap and port scanners on 
non-standard ports.  So if you are a likely target for attacks, then it 
will only delay the attack.

Of course you don't put sshd on port 222 and then put your root password 
as "secret".  But as part of a security strategy it is excellent for 
cutting out virtually all drive-by attacks, and reducing the noise in 
your logs.