North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: a record?
Are you sure? ?? statistics shows me opposite. > "There are people actively scanning for any open ports running any > protocol, without a SPECIFIC interest in your computer." I mean - for ANY. Pretty easy to check - set up access liost with 'log' for 2 ports - port 22 and port 63023, and show us number of hits in 1 week. My statistics shows 0 count on big non standard ports. Reason is simple - full range scan is very slow, and have very low ratio of success, so it is relatively useless. > > Allow me to re-state again in slightly different language so you > understand this time: > > Changing your port may (will?) lower the number of automated scans > you see hitting your daemon, but it will _NOT_ eliminate them. IOW: > Just because someone is probing for an SSH daemon on 65K ports > against your box does _NOT_ mean he has a specific interest in your box. Probing - not; trying to guess password - 100% YES. But probing rate is 0 , to my surprtise. > > If you honestly believe that just 'cause someone tried "ssh -p 63xxx > $YOUR.BOX" it means he is specifically targeting your box, well, that > is your prerogative. You are almost certain to be wrong at least > part of the time, though. > > -- > TTFN, > patrick