On Thu, 29 Jul 2004, Pieter-Bas IJdens wrote:
>
> > Only after the first playround the test/guest attempts started so
> > I was starting to think that whoever was probing my host from Korea
> > was probably going with that. Now that my host is out of focus, I'm
> > really relieved. :-)
>
> If you are so worried about SSH security who don't you just run sshd on a
> non-standard port. Ever since I moved all externally listening ssh daemons

Because I'm not alone in my host. It serves a couple of friends as well.
Worry is only a part of the story - I'm awfully curious. I want to know
what these people are doing but I don't want my node to be compromised.
As a matter of fact I find it very instructive to see what people are
trying to accomplish. Sometimes I can use this knowledge to help other
people. I don't want to miss that.
Another word about to worry: I want to worry about system security as
neither me nor the software is perfect. I do not believe in security
by obscurity (although I must admit that sometimes it works extremely
well). Once I stop worrying I may ovberlook the one attempt that really
hurts me. Better to stay alert. :-)

> to a different port I didn't get any ssh probes anymore (obviously). Got
> rid of all these ssh-worm attacks (good old days) in a second, and I
> personally don't mind supplying people a port number with their
> username/password. The same can be done for many other services that are
> not port-bound. Kindof takes the fun out of automated subnet scans.

True, but there are some minor services as smtp and http which still
should be reachable on their standard ports. So the fun continues. :-)

Cheers,

Chris Kronberg.

--
GeNUA mbH

[ reply ]