North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Alexei Roudnev
  • Date: Sun Nov 20 13:25:08 2005

Are you sure? ?? statistics shows me opposite.

> "There are people actively scanning for any open ports running any
> protocol, without a SPECIFIC interest in your computer."

I mean - for ANY. Pretty easy to check - set up access liost with 'log' for
2 ports - port 22 and port 63023, and show us number of hits in 1 week.

My statistics shows 0 count on big non standard ports. Reason is simple -
full range scan is very slow, and have very low ratio of success, so it is
relatively useless.

> Allow me to re-state again in slightly different language so you
> understand this time:
> Changing your port may (will?) lower the number of automated scans
> you see hitting your daemon, but it will _NOT_ eliminate them.  IOW:
> Just because someone is probing for an SSH daemon on 65K ports
> against your box does _NOT_ mean he has a specific interest in your box.

Probing - not; trying to guess password - 100% YES.
But probing rate is 0 , to my surprtise.

> If you honestly believe that just 'cause someone tried "ssh -p 63xxx
> $YOUR.BOX" it means he is specifically targeting your box, well, that
> is your prerogative.  You are almost certain to be wrong at least
> part of the time, though.
> -- 
> patrick