Re: Need urgent help regarding security

• Previous message: Marian Hettwer: "Re: Need urgent help regarding security"
• In reply to: ray_at_redshift.com: "Re: Need urgent help regarding security"
• Next in thread: ray_at_redshift.com: "Re: Need urgent help regarding security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Nov 2005 14:16:45 +0100
To: ray@redshift.com

Hej Ray,

ray@redshift.com wrote:
>
> The point isn't to get more secure. You are correct by saying that moving the
Hu. I thought the point was to get more security. If it's more about
"stealth", okay, move the daemon to another port :)

> port # doesn't make anything more secure. But why make it easy for someone that
> might be doing a scan to find your SSH prompt during a scan that may be focused
> on ports 21, 22, 25, 80 and 110?
>
Of course it's a bit harder to find your sshd, if it's not running on
tcp/22. And maybe, an automated script won't find the sshd. A human
being will, indeed, find the sshd pretty quick. Take any port which
responds with an SYN-ACK to your SYN and of you go on that port with
telnet...

> Along these same lines, we used to even re-compile sshd and remove the welcome
> message/version number in the connect. I know there are two schools of thought
> on broadcasting your version numbers on connections, but in the mid 90's, we did
> do that from time to time.
>
And if you don't get the ssh banner, it might get harder now :-)

> Anyway, to each their own :)
>
ack.

Marian
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Marian Hettwer: "Re: Need urgent help regarding security"
• In reply to: ray_at_redshift.com: "Re: Need urgent help regarding security"
• Next in thread: ray_at_redshift.com: "Re: Need urgent help regarding security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages How did this happen? ... May 12 06:50:43 localhost sshd: Failed password for illegal user ... cgi from 212.93.149.205 port 2265 ... Starting sshd: ... (comp.os.linux.security) Re: bypassing employers proxy to surf anonymously ... port 443, so it's harder to distinguish from an https server. ... through the remote sshd. ... You have an option to go with a managed service or an enterprise software. ... (Pen-Test) RE: possible ssh hack ... What version of SSHD were you running, ... Apache and we can help you out. ... Subject: possible ssh hack ... port 4207 ... (Incidents) Re: Possible New Security Tool For FreeBSD, Need Your Help. ... We just want to hide the sshd port until we need it. ... >> the Internet where would they put the sniffer? ... Do a traceroute between the host you're ... (FreeBSD-Security) Re: SSHD reconfig ... run sshd on some port other than 22, ... Multiple layers of security are better. ... Apple, you mangled it. ... (comp.sys.mac.system)