Re: OpenSSH is a good choice?

[Willem Koenings <infsec () gmail com>]

On Fri, 24 Dec 2004 18:19:34 +1300, Ben Hawkes
<ben.hawkes () paradise net nz> wrote:

> the internet being high enough to be an attractive target for a worm. In
> the end, running a service on a non-standard port at this point in time
> is a useful part of a layered security approach, if only to inhibit
> worms.

Not only the worms. Consider this scenario - person gets on his hand
new sshd 0day exploit and now wants to play with it. He starts to find
possible victims. How he starts to find them, what is the most logical
approach? He chooses some c class /24, takes out his favorite scanner
and starts sweep through class c to find port 22. Why?

- scanning through all 65535 is very inefective and time consuming
- amount of people who relocated sshd to some other port is marginal
- in he does not find somone vulnerable quick enough, he might lose his intrest
- he is not attacking somone in person, he is just fishing, seaching
anyone, who is running sshd.

If your computer port 22 does not answer to the scan, you are omitted,
he goes on and does not waste his time to your computer - there are
plenty other fishes in the sea.

I'e noticed, that most victim searches are performed in similar
manner. But things are completly different, if you happened to piss
somone of - then you automatically are under his undivided attention.

all the best,

W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html