On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > On 02/13/2015 09:15 AM, Chris Adams wrote: > > Yeah, the old "move stuff to alternate ports" thing is largely a waste > > of time and just makes it more difficult for legitimate use. With > > large bot networks and tools like zmap, finding services on alternate > > ports is not that hard for the "bad guys".
> Having SSH on 22 is lower-hanging fruit than having SSH on a different > port. Sure, an NBA all-star will be able to reach the apples at the top > of the tree easily, but most people are not NBA all-stars. Most > port-scanners do not scan all possible ports. > > And I am fully aware that people in the 'it's a waste of time' camp are > unmoved by that. It's not worth arguing about; those who move to > non-standard ports are going to want to do it anyway. Lamar's comments are very sensible. I always change the SSH port to something conspicuously different. Every server has a different and difficult to guess SSH port number with access restricted to a few IP addresses. Waste of time = all the time and energy required to clean-up after a hacker's breech when a few seconds work selecting a different port could make a beneficial improvement to security. -- Regards, Paul. England, EU. Je suis Charlie. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
