Re: duqu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Dec 07, 2011 at 07:07:33AM -0500, Lamar Owen wrote:
> On Tuesday, December 06, 2011 08:06:55 PM James A. Peltier wrote:
> > [Changing the port #] is completely and utterly retarded.  You have
> done *NOTHING* to secure SSH by doing this.  You have instead made it
> only slightly, and I mean ever so slightly, more secure.  A simple port
> scan of your network would find it within seconds and start to utilize it.
> 
> Simple port scans don't scan all 65,536 possible port numbers; those
> scans are a bit too easy for IDS detection and mitigation.  Most scans
> only scan common ports; the ssh brute-forcer I found in the wild only
> scanned port 22; if it wasn't open, it went on to the next IP address.

In theory James is correct.  In practice Lamar appears to be.  About a
year back I changed my ssh port and have not since seen password hack
attempts, so the port scanners are definitely not pervasively scanning
all ports.  (Not that they'd have logged in; but it was causing noise
and annoyance in the logs)

Now the same wouldn't be true if I was managing firewalls for Chase or
Bank Of America or Citi or HSBC; you can be sure that they're being 
scanned on all ports and better not have external ssh connections open
to the world!

-- 

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux