Multiple ssh login attempts inside my system...

Sevendogsbsd

Daemon

Reaction score: 692
Messages: 1,142

Does that really work? I always thought this was security by obscurity (which doesn't work)...
It is but it may cut down on the number of scans. Most of the scans are automated and are looking for well known ports. A determined attacker (human) is going to run a full port scan to determine what is open and target that.
 
OP
ziomario

ziomario

Aspiring Daemon

Reaction score: 45
Messages: 616

It is but it may cut down on the number of scans. Most of the scans are automated and are looking for well known ports. A determined attacker (human) is going to run a full port scan to determine what is open and target that.

I'm not so sure. A human can't make a lot of full port scans since he wouldn't have the time. Even because hackers know that a good sys administrator does not want to use common ports.
 

Sevendogsbsd

Daemon

Reaction score: 692
Messages: 1,142

Cyber criminals have nothing but time. The port is irrelevant; if I find an open port, I will attack it. Doesn’t matter if you run on a non standard port, people can still find it. My comment was running on a non standard port can reduce the number of automated (bot) scans because those are trying well known ports.
 

richardtoohey2

Aspiring Daemon

Reaction score: 324
Messages: 648

My comment was running on a non standard port can reduce the number of automated (bot) scans because those are trying well known ports.
It definitely makes a difference, so it's worth doing if you can. But it's not a top-level defence, just something to cut down the (logging) noise and the script-kiddies a bit.

A few years ago moving the ssh port meant a quiet life, nowadays it's not so useful. But YMMV!
 
Top