Mine too. So nmap sucks if you want to quickly identify daemons running on strange ports. No big deal. This discussion wasn't about nmap to start with. The point of the discussion was wether it made sense to run services on non-standard ports to deter cr4x0rs. And I feel it doesn't.
Actually, the point of the discussion was whether security through obscurity (A.K.A. camouflage techniques) is a legitimate tool in the security arsenal.
As long as a sshd yells "SSH-1.99" at you the moment you connect to it's port there's no hiding sshd.
Like I said, ... camouflage ... It doesn't stop with port numbers. And if you do camouflage the real SSH and run a honeypot on port 22 that looks like SSH, where do you think the haxors will put their attention first?
A well-tuned iptables or equivalent, on the other hand, might hide the presence of daemons completely for anyone except the designated users. How is that for obscurity?
Great idea. The whole point of camouflage and obscurity techniques is to confuse observers/attackers and this fits the bill. I agree that security through obscurity should always be backed up with real hardening where possible, but I also believe that multiple techniques working in synergy is best. --Michael Dillon
participants (1)
-
Michael.Dillon@radianz.com