On Mon, 19 Jan 2004 23:26:30 MST, Brett Watson <brett@the-watsons.org> said:
hacked? (Answer - you will never be hacked, if you use nonstandard port, except if you attracks someone by name, such as _SSH-DAEMOn.Rich-Bank-Of-America.Com_.
Go grab nessus (www.nessus.org), modify the code a bit, and I guarantee you that your ssh daemon running on a non-standard port can still be found, identified, and exploited. Trivial.
Alexei's point is that *yes*, things like Nessus *will* find a relocated SSH - but that if you're getting Nessus scanned, somebody has painted a bullseye target on YOUR site, not "any site vulnerable to <exploit du jour>". The people looking for "any vulnerable site" will just go SSH-scanning on port 22 and be done with it, since it's simply NOT PRODUCTIVE to do an exhaustive test of each machine. One probe at port 22 will probably go under the radar, scanning all 65K ports is sure to peeve somebody off....