Originally posted by trek
View Post
Why military stuff and people are usually painted camouflage instead of let's say BRIGHT PINK?
Because camouflage will make them harder to detect and thus reduce the times they actually get hit.
Security comes from layering different things, so that if one fails there are others still in the way. Any defence will fail eventually, but its job is to slow down and dull the attack so the responders can react.
In the case in point, yes, moving the port to an arbitrary high number is good enough to reduce dramatically (like by 2 orders of magnitude last time I tried a honeypot on port 22) the attempts to hammer it. Making a bot that instead of scanning only port 22 needs to scan up to port 50000 or whatever carries a major performance penalty, not many do.
Because ssh itself isn't invulnerable even if the algorithm itself is and the admin chose a good long uncrackable password (or even better just the key and turn off the password, only the one with the key can login at all). There was Heartbleed for example.
This trick would buy time to get the server secure again, unless someone was targeting *specifically* that server it's wildly unlikely to actually find the ssh port at all in a reasonable time if it has to scan a zillion ports in all servers around.
Then OK, sure, not having ssh open on the outside at all and connecting only through a VPN is better (no duh) but you can't always do that.
Comment