On 07/12/10 15:01, J Sisson wrote:
On Mon, Jul 12, 2010 at 2:46 PM, Leonardo Carneiro - Veltrac<
lscarne...@veltrac.com.br> wrote:
I ONLY run the sshd that are allowed to connect from the Internet in
non-standard ports. Anyone that matters to know knows on witch port the sshd
is running.
Well, them and anyone who knows how to half-assed run nmap or any other
numerous service fingerprinting utilities.
Yes, absolutely true. Any well thought out, skilled attack will quickly
find these other ports.
But I get many thousands of "idiot" bot attacks on my web server a
month. Since I have a good script to slam them out right away with
pfctl, I don't see much more than one or two log entries for each
evil-doer. All attempts after that never get in.
Since most attacks on port 22 are by equally idiotic bots, I think it is
reasonable to move sshd and block port 22.
Even with sshd moved, when I finally decided to block port 22, my
bandwidth use dropped noticeably.