sean@donelan.com (Sean Donelan) wrote:
Security by obscurity eliminates all (100%) of this automated scans and automated attacks. So, having SSH on port 63023 (for example) and seen probes, you can be 100% sure that someone have SPECIFIC interest in your
This is just security by outrunning the bear. The assumption is bears will stop chasing you if they catch a different hiker first.
You're failing to catch the intention here.
Unfortunately, we now have decades of experience in cybersecurity that this isn't true. It appears to work for a while, but on the Internet bears are always hungry and learn. There are people actively scanning for any open ports running any protocol, without a SPECIFIC interest in your computer.
Funnily, I see many many more scanning attempts for the same port (or handful of ports) across entire networks than the other way around. And as stated before: If somebody scans 63023, he has interest in your site and is worth the effort of doing something about it. That's the whole point in changing the port. Changing the port is not making the system more secure, it only filters out passers-by. Elmar. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---