[geeks] SSH Scans Increasing
Sheldon T. Hall
shel at artell.net
Thu Aug 21 14:03:38 CDT 2008
Saith Joshua Boyd ...
> On Thu, Aug 21, 2008 at 02:39:30PM +0200, Sheldon T. Hall wrote:
> > I got tired of the script-kiddies, too. I contemplated
> > moving the SSH
> > service to a non-standard port, but this complicated access
> > for one of my
> > primary remote-access users, so I couldn't. I whitelisted
> > the secure
> > network he'd be calling from, and, for everyone else, I set
> > up a kind of
> > ghetto portknocking arrangement. You'd hit a particular
> > high-numbered port,
> > which grabbed your IP address but didn't reply, and a
> > script kicked off by
> > the connection would put that IP address in the whitelist
> > for the SSH port.
> > It was a bit of "security by obscurity" but it worked great.
>
> Wouldn't it be a bit simpler to just run ssh on 2 ports, 22 with a
> whitelist and something else without, rather than port knocking?
Easier? Sure, but where's the fun in that?
-Shel
More information about the geeks
mailing list