Claude Jones wrote:
You and Leonard are confirming some things I've concluded, but, it reminds me of a second question I haven't really found an answer to. What port? Is it best to choose a high port, or pick one in the below 1024 range?
*Probably* choosing a high port. There are enough services running in the low IP range that it's worth scanning them. Once the SSH daemon has been scanned, an attacker will know that port is open, and a simple telnet connection will tell a potential attacker that it's a SSH daemon.
It takes long enough to scan the entire IP range that it's significantly less common. So you're somewhat less likely to be scanned.
James.