On 07/02/06, David Scheidt <[EMAIL PROTECTED]> wrote: > > On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote: > > On Sun, 5 Feb 2006 18:55:13 -0500 > > David Scheidt <[EMAIL PROTECTED]> wrote: > > > > > > > > Nonsense. There may be some people that only scan well-known ports, > > > but it's much more common to scan every port on a machine. If you're > > > running a server on a non-standard port, an attacker will find it. > > > > > > > sure, but 99% of the time the machines attacking your server are zombies > > that do not care to do a full portscan. i suppose the purpose is to > > find other misconfigured, easy-to-hack computers on the network. by > > putting your services on non-standard ports you get rid of these > > mindless drones and don't pollute log files with useless garbage. > > > > now if somebody _does_ actually target your server in particular then > > this is definitely not the solution. > > > > anywayz, putting things on non-standard ports helps a lot, and is > > one of the first and easiest security measures an administrator > > may consider. > > > > Taking your clothes off and painting yourself blue is also one of the > first and easiest security measures to consider. It's even more > effective, too. I know of no machine that's been cracked that had a > wheel naked and painted blue. I've seen lots running standard > services on non-standard ports. > > Security through obscurity doesn't work, it makes tracking down > other problems harder, and creates work to maintain non-standard > configurations.
I understand his point, I see 2 types of problems we have to deal with. The thousands of drones that scan for boxes that are vulnerable to a specific exploit, they will often scan ip ranges on a specific port and if its open see if its vulnerable. For these types of intruders chnging ports is very effective since you would simply be skipped past on their scan, for most of us 99% of attempted intrusions are zombie based or some script a kid has downloaded of the web. The argument against changing ports is of course when you have a persistent hacker who wants in, he will of course scan all the ports and find the service and this type of protection is nullified. In this scenario if you havent taken additional measures to secure the box then you may be in trouble, I personally move things like sshd of its normal port simply to stop my logs been flooded with brute force logins and since I am the only one who uses ssh there is no downside to it, I of course dont rely on this alone and keep my software up to date amongst other security measures it is simply an extra layer of skin on the onion. For things like httpd I keep on port 80 as I think moving the port of that is more hassle then its worth. Chris _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
