North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Elmar K. Bins
  • Date: Sun Nov 20 06:19:02 2005

[email protected] (Sean Donelan) wrote:

> > Security by obscurity eliminates all (100%) of this automated scans and
> > automated attacks. So, having SSH on port 63023 (for example)  and seen
> > probes, you can be 100% sure that someone have SPECIFIC interest in your
> This is just security by outrunning the bear.  The assumption is bears
> will stop chasing you if they catch a different hiker first.

You're failing to catch the intention here.

> Unfortunately, we now have decades of experience in cybersecurity that
> this isn't true.  It appears to work for a while, but on the Internet
> bears are always hungry and learn.  There are people actively scanning
> for any open ports running any protocol, without a SPECIFIC interest in
> your computer.

Funnily, I see many many more scanning attempts for the same port (or
handful of ports) across entire networks than the other way around.

And as stated before: If somebody scans 63023, he has interest in your
site and is worth the effort of doing something about it. That's the
whole point in changing the port.

Changing the port is not making the system more secure, it only filters
out passers-by.



"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren."
                          (PLemken, <[email protected]>)

--------------------------------------------------------------[ ELMI-RIPE ]---