I don't know about that, security through obscurity, maybe a bit, but still HIGHLY effective........<br><br>zero vs 100,000 ;)<br><br>QUOTE:<br>"We also note that all three honeypots used in this study ran a second SSH server on a high port, which was used for maintenance and control purposes. No malicious login attempts directed at the servers running on these ports were observed during the same period that over 100,000 attacks were observed on the default SSH port. Asking legitimate users to remember the non-standard port can be a small inconvenience."<br>
SOURCE: <a href="http://people.clarkson.edu/~owensjp/pubs/leet08.pdf">http://people.clarkson.edu/~owensjp/pubs/leet08.pdf</a><br><br>There are of course many ways to secure ssh more securely than the default settings. Disabling root login is always #1 on my list :) Changing the port number is always #2. Setting allowed users and number of logins and allowed IP's help as well. <br>
<br>Dave Crouse<br><br><br><br><br><div class="gmail_quote">On Tue, May 13, 2008 at 12:22 PM, Josh More <<a href="mailto:morej@alliancetechnologies.net">morej@alliancetechnologies.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
True, but it doesn't improve security, it just reduces the number of<br>
random stumblers.<br>
<br>
I suggest disabling remote SSH login for root and locking down SSH to<br>
version 2 and key-based access only. I also run DenyHosts to limit the<br>
traffic.<br>
<div class="Ih2E3d"><br>
<br>
<br>
-Josh More, RHCE, CISSP, NCLP, GIAC<br>
<a href="mailto:morej@alliancetechnologies.net">morej@alliancetechnologies.net</a><br>
515-245-7701<br>
<br>
</div>>>> "Dave Crouse" <<a href="mailto:crouse@usalug.net">crouse@usalug.net</a>> 05/13/08 12:16 PM >>><br>
<div><div></div><div class="Wj3C7c">I never run ssh on the standard port 22 anymore..... changing the port<br>
number alone will significantly reduce the number of logged attacks.<br>
<br>
Dave Crouse<br>
<br>
<br>
<br>
<br>
On Tue, May 13, 2008 at 11:49 AM, Kendall Bailey <<a href="mailto:krbailey@gmail.com">krbailey@gmail.com</a>><br>
wrote:<br>
<br>
> I run an SSH server on port 22 as my only public service. I run the<br>
> denyhosts daemon to protect against dictionary attacks and lock down<br>
> SSH pretty thoroughly in other regards, but still allow connection<br>
> from any host otherwise. The last few days I've seen hundreds of<br>
> hosts logged by denyhosts. Anyone know why random dictionary attacks<br>
> might be spiking? Is it widespread? I'm considering closing that<br>
> port for a while.<br>
><br>
> Thanks.<br>
> Kendall<br>
> _______________________________________________<br>
> Cialug mailing list<br>
> <a href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br>
> <a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
><br>
<br>
_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
</div></div></blockquote></div><br>