On 22 July 2014 00:52, Guy Gold <[email protected]> wrote: > Hi Erez, > > On Mon, Jul 21, 2014 at 4:18 AM, Erez D <[email protected]> wrote: > >> >> it is not even a dynamic ip, it is a private ip behind a dynamic one >> > > Then, what Eliyahu wrote should serve you a perfect solution. > > Also, there's not much advantage in the point of hiding behind the > "security by obscurity" method (i.e serve SSH at port 9000. or whichever). > The increase to security by using that method is in doubt - when taking > under consideration tools used by "bad guys (and girls)" nowadays . > If you must do it, that's fine, but don't let it be a reason for not using > much better methods, as Eliyahu suggested. >
>From personal experience - there is a huge advantage in picking a random port for external SSH (and external HTTP). I always had port scanners on my standard, dynamic ISP ADSL addresses until I moved them to different non-standard ports. Since then my logs are clean, and I'm talking about over 5 years of experience (I don't remember exactly when I did the switch). This is of course not the only measure I take for security. I still treat them as vulnerable etc. But after years of not having a single probe on the new ports I have to say that it removed the threat of pretty much 100% of the probes on my home network. Perhaps they are more thorough on static ip addresses, known targets etc., but in my experience this is a very successful step. > > > -- > Guy Gold > > _______________________________________________ > Linux-il mailing list > [email protected] > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -- [image: View my profile on LinkedIn] <http://www.linkedin.com/in/gliderflyer>
_______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
