* davei@algx.net (Dave Israel) [Tue 20 Jan 2004, 18:48 CET]:
On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said: [..]
- unpatched sshd on port 30013 - safety is 7 (higher) because no one automated script can find it, and no one manual scan find it in reality Actually, an automated script or manual scan can find it trivially. All you have to do is a quick port scan, looking for this: [..]
Indeed. And Alexei's point is that noone is looking for that.
one across the enterprise, so it is only really obscure once. Moving port numbers only protects you against idle vandalism; it is useless against people who truly wish you harm.
Alexei's point also was that you need additional measures against those people.
You really need a firewall, particularly one that can detect a port scan and shut off the scanner, for changing ports to have any real security. It is kind of like a 4-digit PIN being useless for a bank card without the 3-try limit.
Unless you like really, really sore fingers, and don't think a long line of people waiting behind you at the ATM will attract any attention from the bank employees. -- Niels.