From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fy5OW-00049j-Eg for garchives@archives.gentoo.org; Wed, 05 Jul 2006 11:18:12 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65BFil8022814; Wed, 5 Jul 2006 11:15:44 GMT Received: from gateway4.delphi.com (gateway4.delphi.com [69.220.142.16]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k65B3eCm026962 for ; Wed, 5 Jul 2006 11:03:41 GMT Received: from USINKOK-MX05.NorthAmerica.DelphiAuto.net ([144.250.174.205]) by gateway4.delphi.com (MOS 3.8.0-FCS) with ESMTP id DVL92408; Wed, 5 Jul 2006 07:03:40 -0400 (EDT) Received: from USINKOK-MX01.NorthAmerica.DelphiAuto.net ([144.250.174.199]) by USINKOK-MX05.NorthAmerica.DelphiAuto.net with InterScan Messaging Security Suite; Wed, 05 Jul 2006 07:03:40 -0400 Received: from [10.233.7.145] ([10.233.7.145]) by USINKOK-MX01.NorthAmerica.DelphiAuto.net with Microsoft SMTPSVC(5.0.2195.6713); Wed, 5 Jul 2006 07:03:36 -0400 Message-ID: <44AB9C5A.9020504@mid.message-center.info> Date: Wed, 05 Jul 2006 13:02:50 +0200 From: Alexander Skwar User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20060104 Thunderbird/1.0.7 Mnenhy/0.6.0.104 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Protecting my server against an individual References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> <44AB1C8E.4090903@gmail.com> <44AB6C6A.9040008@mid.message-center.info> <9b1675090607050223p2b5089bdx7f0abdc5dcaf28ac@mail.gmail.com> In-Reply-To: <9b1675090607050223p2b5089bdx7f0abdc5dcaf28ac@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Jul 2006 11:03:36.0719 (UTC) FILETIME=[A9F229F0:01C6A022] X-Archives-Salt: bc6d0cd0-13f7-4cd8-8f4a-3d09bd9277aa X-Archives-Hash: ebe01b30df1603e99e359bf0f9531b4b Trenton Adams wrote: > I would move ssh to a very high port number of your choice. Most ssh > port scanners do not bother checking anything other than port 22, as > it is too time consuming. I have not had any weird hits on my ssh > port in years. It was hammered daily, even with attempted logins and > such, with it running on port 22. Now, pretty much nothing. Why not > use something like 65350 or some random high port like that? ACK. Good idea. One more thing though: I'd not use a "strange" port like 65350, but rather a port, which might be legitimately open. Suppose you've got a web server and DON'T use ssl. In this case, https (443) would be available. Or if you don't have a usenet server, you could use 119. Reason: It's "normal" that such ports are open. If I were a script kiddie, I wouldn't bother looking at normally open ports. But if there's something strange like 65350, I *would* look. > And yes, you probably shouldn't be asking these questions if you have > an important linux computer on the internet. Because if it is > important, you should know what you are doing before you put it on the > internet. > > If on the other hand, you're just getting to know linux, and the > computer is not all that important, then you should be asking these > questions. Yes, he *CERTAINLY* should be asking those questions - but he shouldn't have a server on the internet. Reason: It might be so, that the system is less secure than it ought to be and thus might be already part of a botnet or somesuch. And if it were part of a botnet, it might be used to attack other systems or to simply relay spams. Because of that, I find it somewhat irresponsible or at the very least questionable, when users with not so much knowledge operate servers. And it doesn't matter if all, if the system is important to the OP - it matters only, if it might be used to do things, which the OP doesn't want. Alexander Skwar -- The more laws and order are made prominent, the more thieves and robbers there will be. -- Lao Tsu -- gentoo-user@gentoo.org mailing list