Hi Patrick and all! Someday, Lord willing, I would like to set up a lot of standard ports to go to a "honey pot - virtual area" on my systems. I would love to be able to let the attacker do his thing in a safe environment which allows me to gather all the information about him and his ways that I can. Then, I would love to be able to automatically report all of this good information to the security community almost as fast as it occurs. The thought of some agents knocking on the attacker's door as he continues an attack makes me smile. To a great future fellows! Tod On 10/3/07, Patrick <flymooney@xxxxxxxxx> wrote: > Steve Siegfried wrote: > > > Changing ports for ssh isn't actually that hot of an idea. Most port scanners > > can detect ssh implementations since they normally self-identify. For example, > > if you're running ssh on the normal port (22), try executing: > > /usr/bin/telnet YOUR.HOST.IP.ADDR 22 > > and see what pops out. > > > > Hope this helps'idly, > > > > -S > > Changing SSH ports on my server yielded a 100% drop (yes...100%) in > routine script attacks. I still have the usual people checking for > phpMyAdmin stuff as well as the others, but nothing comes through on SSH > now. And yes, when I did it I heard the whole "security through > obscurity is not security" BS but the results cannot be argued with. In > summation, CHANGE YOUR SSH PORT. It will work and cut down if not > eliminate the script kiddies. Then when someone really starts knocking > on your SSH door, it will not be lost in all of the "noise" from the > scripters. > > Patrick > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >
