On Fri, 2015-02-13 at 11:21 -0500, m.roth@xxxxxxxxx wrote:
> I disagree - I am in the "waste of time" camp. The reality is that only
> script kiddies start out by trying 22 (and I *do* mean script kiddies -
> I've seen attempts to ssh in that were obviously from warez, man, where
> they were too stupid to fill in ___ with a username, or salt. All the
> others, I figure they don't need to be major league, just someone with a
> clue, who'll run a scan; in fact, I'd expect them to run a scan just to
> see what IPs were visible, and I know that if I was writing a scan, I
> don't assume that I'm *so* brilliant that I'm the only one to think of
> scanning ports < 1k while looking for systems that I might hit.
Changing SSH port to a non-standard port is the beginning. Restricting
access to that port to a few IPs is another layer of protection .... and
then more things are done to lessen the chances of unauthorised access.
--
Regards,
Paul.
England, EU. Je suis Charlie.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
