|
|
Incidents
SSH attacks? Jul 26 2004 10:59PM Robin (robin kallisti net nz) (10 replies) Re: SSH attacks? Jul 28 2004 04:33AM brandy (brandy klammeraffe org) (2 replies) Re: SSH attacks? Jul 29 2004 12:22AM Andrew J Caines (A J Caines halplant com) (3 replies) Re: SSH attacks? Jul 27 2004 09:12PM buzz (reitenba fh-brandenburg de) (2 replies) Re: SSH attacks? Jul 27 2004 08:46PM Adam Young (adam vbfx com) (1 replies) Re: SSH attacks? Jul 28 2004 08:19AM Christine Kronberg (Christine_Kronberg genua de) (3 replies) Re: SSH attacks? Jul 29 2004 09:21AM Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies) |
|
Privacy Statement |
on
> > a non-standard port.
>
> That practice affords no security benefit. Any scanner worth its
> salt (no pun...really) can identify a service even if it's running on a
> non-standard port. Nessus does this, as do a host of other scanners.
It certainly does afford a security benefit.
The issue isn't whether or not there are tools that can identify a service
on a nonstandard port (as you note, such tools are readily available). The
issue -- especially in this case -- is that such scanning of all 65535
ports is not being done by the worms and other automated attack tools
being discussed. These sorts of attacks are going after the low-hanging
fruit, the easy exploit and, if a worm, frequently looking for rapid
infection rates. Scanning every port doesn't provide enough benefit to the
attacker to be useful, especially considering that you can argue that
anybody who bothers to change the port probably is also at least minimally
aware of security.
Is it *good* security? No. Will an attacker who is specifically trying to
penetrate your network be stopped? Of course not. But will it prevent a
worm from zapping you in a day-0 exploit and give you time to patch or
disable the service? Yes.
Had you said "little security benefit", I'd agree. But to say "no security
benefit" is just silly.
-- Mark
[ reply ]