>Mine too. So nmap sucks if you want to quickly identify daemons running on >strange ports. No big deal. This discussion wasn't about nmap to start with. >The point of the discussion was wether it made sense to run services on >non-standard ports to deter cr4x0rs. And I feel it doesn't.
Actually, the point of the discussion was whether security through obscurity (A.K.A. camouflage techniques) is a legitimate tool in the security arsenal. >As long as a sshd yells "SSH-1.99" at you the moment you connect to it's >port there's no hiding sshd. Like I said, ... camouflage ... It doesn't stop with port numbers. And if you do camouflage the real SSH and run a honeypot on port 22 that looks like SSH, where do you think the haxors will put their attention first? >A well-tuned iptables or equivalent, on the other hand, might hide the >presence of daemons completely for anyone except the designated users. How >is that for obscurity? Great idea. The whole point of camouflage and obscurity techniques is to confuse observers/attackers and this fits the bill. I agree that security through obscurity should always be backed up with real hardening where possible, but I also believe that multiple techniques working in synergy is best. --Michael Dillon