[ale] ssh brute-force

Wolf Halton wolf.halton at gmail.com
Sun Feb 16 16:34:45 EST 2014 

Unless you are being specifically, there are about 60,000 ports that aren't
scanned by tools in default mode.  High numbers without registered services
will get almost zero hits.
On Feb 16, 2014 3:45 PM, "John Heim" <john at johnheim.com> wrote:

>
>
> My experience is that changing the port reduces the random  attempts to
> near zero. But if someone specifically targets you, it doesn't help.
>
> Hackersprobably aren't doing port scans of your server. They are probably
> scanning your network for machines with port 22 open.
>
> On 02/16/14 13:20, Edward Holcroft wrote:
>
>> All,
>>
>> I have a server that I had to open to the world for ssh. It's getting a
>> lot of brute-force hits, although I've managed to bring it down to an
>> "acceptable" level by using a suitable level of paranoia in denyhosts.
>> Obviously I'd rather not have these hits at all.
>>
>> I often hear the suggestion made that I should be using a non-standard
>> port for ssh to reduce such attacks. I wonder though what the real value
>> of this would be, since would a portscan not reveal the open port to
>> would-be hackers anyway?
>>
>> I've heard it said that unwanted ssh hits have been reduced to zero by
>> changing the port from 22 to something else. Of course I can test the
>> hypothesis by simply changing the port, but I'd like to hear some
>> opinions on this question before doing so.
>>
>> ed
>>
>> --
>> Edward Holcroft | Madsen Kneppers & Associates Inc.
>> 11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
>> O (770) 446-9606 | M (770) 630-0949
>>
>> MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc.
>> WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or
>> privileged. If you are not the intended recipient, please notify the
>> sender immediately then delete it - you should not copy or use it for
>> any purpose or disclose its content to any other person. Internet
>> communications are not secure. You should scan this message and any
>> attachments for viruses. Any unauthorized use or interception of this
>> e-mail is illegal.
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>  _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140216/1ac7e59b/attachment.html>

More information about the Ale mailing list