Re: SSH attacks?

[Christine Kronberg <Christine_Kronberg () genua de>]

On Thu, 29 Jul 2004, Pieter-Bas IJdens wrote:
> >   Only after the first playround the test/guest attempts started so
> >   I was starting to think that whoever was probing my host from Korea
> >   was probably going with that. Now that my host is out of focus, I'm
> >   really relieved. :-)
>
> If you are so worried about SSH security who don't you just  run sshd on a
> non-standard port. Ever since I moved all externally listening ssh daemons

  Because I'm not alone in my host. It serves a couple of friends as well.
  Worry is only a part of the story - I'm awfully curious. I want to know
  what these people are doing but I don't want my node to be compromised.
  As a matter of fact I find it very instructive to see what people are
  trying to accomplish. Sometimes I can use this knowledge to help other
  people. I don't want to miss that.
  Another word about to worry: I want to worry about system security as
  neither me nor the software is perfect. I do not believe in security
  by obscurity (although I must admit that sometimes it works extremely
  well). Once I stop worrying I may ovberlook the one attempt that really
  hurts me. Better to stay alert. :-)

> to a different port I didn't get any ssh probes anymore (obviously). Got
> rid of all these ssh-worm attacks (good old days) in a second, and I
> personally don't mind supplying people a port number with their
> username/password. The same can be done for many other services that are
> not port-bound. Kindof takes the fun out of automated subnet scans.

  True, but there are some minor services as smtp and http which still
  should be reachable on their standard ports. So the fun continues. :-)

  Cheers,


                                                     Chris Kronberg.

-- 
GeNUA mbH