[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 09/02/15 20:00, Simon Avery wrote:
> I've mentioned this a few times already and I still think it's one of
> the most basic and effective things you can and should do if you have a
> linux server exposed to the internet, yet one of the most overlooked.
Oh no, not this again...
I'm afraid I'm going to have to (respectfully) disagree with you on
this: let me explain.
Firstly this is stupid because it's security through obscurity, thus an
And that's it, no drama. Lame automated botnet scans can continue
bouncing off my network all day long and I couldn't care less. And as
for logging, well, disk space is plentiful and cheap and I love logs,
the more the merrier. They all get sent to a centralised rsyslog server
by the tens of thousands which I can then make pretty graphs out of for
The most stupid thing about this is the botnet scans will find your
random SSH port before too long, and then your IP and SSH port go into
their database and now everyone in China knows your secret. So what are
you going to do? Change it again? That's going to get really annoying
really quickly. I also don't fancy maintaining a massive lookup table to
keep track of which random port SSH is running on each of my thousands
of servers in the wild.
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq