Re: Need urgent help regarding security

Hej Ray,

ray@redshift.com wrote:
> 
> The point isn't to get more secure.  You are correct by saying that moving the
Hu. I thought the point was to get more security. If it's more about 
"stealth", okay, move the daemon to another port :)

> port # doesn't make anything more secure.  But why make it easy for someone that
> might be doing a scan to find your SSH prompt during a scan that may be focused
> on ports 21, 22, 25, 80 and 110?
>
Of course it's a bit harder to find your sshd, if it's not running on 
tcp/22. And maybe, an automated script won't find the sshd. A human 
being will, indeed, find the sshd pretty quick. Take any port which 
responds with an SYN-ACK to your SYN and of you go on that port with 
telnet...

> Along these same lines, we used to even re-compile sshd and remove the welcome
> message/version number in the connect.  I know there are two schools of thought
> on broadcasting your version numbers on connections, but in the mid 90's, we did
> do that from time to time.
> 
And if you don't get the ssh banner, it might get harder now :-)

> Anyway, to each their own :)
>
ack.

Marian
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"