North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Sean Donelan
  • Date: Sun Nov 20 02:40:45 2005

On Sat, 19 Nov 2005, Alexei Roudnev wrote:
> Security by obscurity eliminates all (100%) of this automated scans and
> automated attacks. So, having SSH on port 63023 (for example)  and seen
> probes, you can be 100% sure that someone have SPECIFIC interest in your

This is just security by outrunning the bear.  The assumption is bears
will stop chasing you if they catch a different hiker first.

Unfortunately, we now have decades of experience in cybersecurity that
this isn't true.  It appears to work for a while, but on the Internet
bears are always hungry and learn.  There are people actively scanning
for any open ports running any protocol, without a SPECIFIC interest in
your computer.  SSH already has a No Trespassing banner.

You may just not have a big enough sample to see what is actually
happening.