Re: [dev] IRC on Free node

From: Chris Down <chris_AT_chrisdown.name>
Date: Sun, 3 Nov 2013 19:08:16 +0800

On 2013-11-03 09:47, FRIGN wrote:
> How effective is it to actually bind sshd to another port (like 1337 for
> instance)?
> Is that a sane defense against those attacks or have the
> attackers advanced in the last few years to to a broader portscan?

In my experience, it cuts it down quite significantly (but not totally).

If you do this, you should make sure that you run on a port <1024,
though, otherwise someone could find some way to make your daemon crash
and masquerade as it (which is still protected a little assuming that
your SSH host key is not readable to them, but still).

I just run on port 22, though. If you run sshguard/fail2ban and monitor
your SSH logs, your log noise should decrease dramatically, even on port
22. That said, there are better ways to do this than "read the log files
and ban", although that is good enough for me (I only allow login to my
user, and only via my private key, so if someone was to gain access it
would almost certainly be in a way that was not brute force, in which
case I'm fucked anyway).

Received on Sun Nov 03 2013 - 12:08:16 CET

This archive was generated by hypermail 2.3.0 : Sun Nov 03 2013 - 12:12:06 CET