[HECnet] Botnet hits on 23/tcp
Johnny Billquist
bqt at softjar.se
Tue Oct 25 12:20:54 PDT 2016
On 2016-10-25 19:51, Robert Armstrong wrote:
>>Nmap can figure it out for you. No need for humans.
>
> nmap only tells you what ports are open, and there will be a bunch.
> It’s a long way from there to breaking in – a human is still required.
nmap will also try and figure out what service is listening on the port.
So, running your ssh server on a non-standard port don't really increase
security. It can still easily be found, even without human intervention.
At which point we're back to the same situation as ssh running on the
standard port. Ie. running on a non-standard port is just security
through obscurity. The actual ssh is just as secure (or not) independent
of the port. And finding it, even on a non-standard port, is not hard,
if someone really wants to. And it can all be automated.
For the actual cracking, nmap isn't the tool. It just provides
information. But for the actual cracking, the same tool works equally
well on standard ports as non-standard ports.
But I do agree that it definitely reduce the noise, so I'm not saying
people shouldn't. I'm just saying that you should not think that it
makes it any safer. :-)
Johnny
More information about the Hecnet-list
mailing list