Security basics

Karl Larsen k5di at zianet.com
Wed Oct 3 21:46:36 UTC 2007


Alan M. Evans wrote:
> On Wed, 2007-10-03 at 15:40 -0500, Steve Siegfried wrote:
>
>   
>> Changing ports for ssh isn't actually that hot of an idea.  Most port scanners
>> can detect ssh implementations since they normally self-identify.  For example,
>> if you're running ssh on the normal port (22), try executing:
>> 	/usr/bin/telnet YOUR.HOST.IP.ADDR 22
>> and see what pops out.
>>     
>
> Of course. But most attacks aren't scanning every port on your machine
> and trying to identify unknown services. Mostly they're just going for
> the low-hanging fruit on the standard port numbers.
>
>
>   
    This whole line of reasoning is false. I don't care if Hacker, the 
bad guy, gets on my computer with ssh. He then needs to come up with a 
valid login name and password. If he fails at this in some set time it 
all quits.

    Until you can convince me that my system is at risk from ssh when 
using a real password I am going to sleep well.



-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.




More information about the users mailing list