On Thu, Jan 01, 2004 at 09:42:09PM +0000, Adam Barton wrote: > What would do in this case, is, rather than forwarding port 22 to port > 22 on an internal host, do say forward 10001 to internalhost1, 10002 to > internalhost2 etc. as required instead. Then leave 22 open for > connections to the box itself or block it off completely with an > iptables rule. > > At least then a script kiddy won't simply find port 22 open and start to > bruteforce your ssh password. He has to scan higher than normal to find > your SSH which he/she is less likely to do.
This is a ``security by obscurity''; a naive approach that works by giving you a warm fuzzy feeling that you've done your homework, which lessens your alertness, so you won't ever notice the intruders. -- Jan Minar "Please don't CC me, I'm subscribed." x 4
pgp00000.pgp
Description: PGP signature
