[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] ssh brute-force
My experience is that changing the port reduces the random attempts to
near zero. But if someone specifically targets you, it doesn't help.
Hackersprobably aren't doing port scans of your server. They are
probably scanning your network for machines with port 22 open.
On 02/16/14 13:20, Edward Holcroft wrote:
> I have a server that I had to open to the world for ssh. It's getting a
> lot of brute-force hits, although I've managed to bring it down to an
> "acceptable" level by using a suitable level of paranoia in denyhosts.
> Obviously I'd rather not have these hits at all.
> I often hear the suggestion made that I should be using a non-standard
> port for ssh to reduce such attacks. I wonder though what the real value
> of this would be, since would a portscan not reveal the open port to
> would-be hackers anyway?
> I've heard it said that unwanted ssh hits have been reduced to zero by
> changing the port from 22 to something else. Of course I can test the
> hypothesis by simply changing the port, but I'd like to hear some
> opinions on this question before doing so.
> Edward Holcroft | Madsen Kneppers & Associates Inc.
> 11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
> O (770) 446-9606 | M (770) 630-0949
> MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc.
> WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or
> privileged. If you are not the intended recipient, please notify the
> sender immediately then delete it - you should not copy or use it for
> any purpose or disclose its content to any other person. Internet
> communications are not secure. You should scan this message and any
> attachments for viruses. Any unauthorized use or interception of this
> e-mail is illegal.
> Ale mailing list
> Ale at ale.org
> See JOBS, ANNOUNCE and SCHOOLS lists at