[NBLUG/talk] I'm getting ssh scanned! Should I be worried?
Bob Blick
bblick at sonic.net
Thu Oct 7 15:16:58 PDT 2004
>> I would recommend using a port number ( <1024 ).
>
>>troy wrote:
>> I'd probably go for something above 1024 (since most system services use
>> low port numbers)
>
> hahhahaha. I wish I could be there to watch the smoke when Bob gets our
> messages =)
Maybe I'll just split the difference, and choose port 1024 :)
Actually if I look at the logs of failed attempts, an attack consists of a
long list of names tried once each, and root is tried multiple times. So
since root ssh logins are not allowed on my machine, the chance of them
choosing a real username AND password are so slim it's not really worth
it.
Although I'm sure a high-profile site gets more attacks than my vanity
server.
And I suppose the ftp daemon is also susceptible (no I don't allow
anonymous access)...
-Bob
More information about the talk
mailing list