Maybe port scanners will find open ports pretty quickly, but I've found that using non-standard ports is helpful in reducing traffic, at least. For example, SSH on port 22 gets lots of SYNs but moving it elsewhere, and making 22 totally unresponsive discourages most such attempts. This increases security slightly a priori, and may also improve security by simplifying the firewall log(s).
When using OpenVPN over UDP, the standard port 1194 can be subject to random and/or attack packets. These have to be processed and rejected (since their HMACs etc. hopefully won't pass decryption). This won't occur in TCP mode, of course, but UDP tends to be more efficient, especially since TCP over TCP tends to clog up. P.S. When you come right down to it, *all* computer (software) security is "security by obscurity", whether the obscurity of passwords, private keys, etc. For example, DES is no longer used because 56-bit keys are no longer obscure enough to hide from modern computers. On Wed, 24 Oct 2018 13:24:41 +0000 Timothy Metzinger <tim.metzin...@outlook.com> wrote: > There's no security in obscurity. Automated port scanners will sweep > your system in a couple of seconds. > > Tim Metzinger > > From: bind-users <bind-users-boun...@lists.isc.org> on behalf of G.W. > Haywood via bind-users <bind-users@lists.isc.org> Sent: Wednesday, > October 24, 2018 12:15:10 PM To: bind-users@lists.isc.org > Subject: Re: Question about visibility > > Hi there, > > On Wed, 24 Oct 2018, Hardy, Andrew wrote: > > > Further to the original post, as well as not creating a DNS record > > and "possibly" adding robot.txt with appropriate content, as > > discussed, I presume that if I run the http server on a personally > > selected unprivileged port then it is very "unlikely" the site pages > > will be indexed/discovered/etc surely? > > > > Thoughts? > > A server on a non-standard port is often neglected. Its security may > be less well maintained than one that is intentionally public. > > That's just the sort of thing that criminals are looking for. They'll > probably find it, and then they'll attack it. > > -- > > 73, > Ged. > _______________________________________________ > Please visit > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0> > to unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0> > > Tim Metzinger > 703.963.3015 > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
