Security Incidents mailing list archives
Re: SSH attacks?
From: mgotts () 2roads com
Date: Fri, 30 Jul 2004 17:06:24 -0700
If you are so worried about SSH security who don't you just run sshd
on
a non-standard port.That practice affords no security benefit. Any scanner worth its salt (no pun...really) can identify a service even if it's running on a non-standard port. Nessus does this, as do a host of other scanners.
It certainly does afford a security benefit. The issue isn't whether or not there are tools that can identify a service on a nonstandard port (as you note, such tools are readily available). The issue -- especially in this case -- is that such scanning of all 65535 ports is not being done by the worms and other automated attack tools being discussed. These sorts of attacks are going after the low-hanging fruit, the easy exploit and, if a worm, frequently looking for rapid infection rates. Scanning every port doesn't provide enough benefit to the attacker to be useful, especially considering that you can argue that anybody who bothers to change the port probably is also at least minimally aware of security. Is it *good* security? No. Will an attacker who is specifically trying to penetrate your network be stopped? Of course not. But will it prevent a worm from zapping you in a day-0 exploit and give you time to patch or disable the service? Yes. Had you said "little security benefit", I'd agree. But to say "no security benefit" is just silly. -- Mark
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Josh Tolley (Jul 27)
- Re: SSH attacks? Chris Brown (Jul 27)
- Re: SSH attacks? Adam Young (Jul 27)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 29)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 30)
- Re: SSH attacks? Jay D. Dyson (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 31)
- Re: SSH attacks? mgotts (Jul 31)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Steve Schuster (Jul 29)
- Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Chris Brenton (Jul 29)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)