l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2006 Jun 16 17:57

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Why change default ssh port?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Why change default ssh port?

Please pardon my sudden flurry of posts on this subject, but it's
something I've been pondering about recently.  Ryan, you'll probably
have noticed that this and similar topics tend to be a see-saw affair
between people saying 'Do this; it'll result in fewer attacks being
able to find you" and others (like me) replying "That's not helpful."

Part of the reason the discussion tends towards the interminable is
that opponents never quite articulate their objection very well.  I'm 
as guilty of this as anyone:  I tend to make a crusty jibe about hiding, 
and then not elaborate.  Meanwhile, proponents correctly point out that
their hiding strategies in various fields of computing (non-standard 
ports reducing dictionary attacks, e-mail address munging cutting down
spammer address harvesting, etc.) objectively reduces attack volume.

So, let me attempt to figure out and articulate why those tactics tend
to trigger a borderline-instinctive "reject" impulse from many sysadmins:

1.  Solving the Wrong Problem.  A system with a publicly exposed
vulnerability is no less vulnerable if you reduce attack volume by 90%.
The real problem is the vulnerability.  Equally, if you're being
overwhelmed by attack statistics and afraid of missing something
important, then the real problem _there_ isn't attack volume per se, but
rather poorly configured reporting.  Also, focussing on the wrong problem
_can_ (but doesn't necessarily) create an additional, all-new problem:

2.  False Assurance.  Many an admin, over the years, has fooled
himself/herself into thinking "My system [/service, whatever] is too
obscure for the bad guys to bother with."  Hiding strategies tend to 
produce their own variant of that mental bad habit:  You can easily
think "I don't have to hurry to reduce that risk.  I'm low-profile,
these days."  It's much healthier if you fix the underlying risks.  If
you do, then you're worry-free every bit as much on port 22 as on any

(How do you be worry-free?  Run software that doesn't suck, and
absolutely minimise Internet-facing services:

3.  We Were Here First.  Speaking for myself, I'll be damned if I'll
abandon port 22 just because a bunch of cretin kiddies and Russian
mafiosi with automated 'sploit code and dictionary files want to conduct
doorknob-twisting on it.  Likewise, it's beneath my dignity to obscure
my e-mail address just because someone might try to send it adverts for 
dubious investment opportunities.  Do those guys think they're better at
Internet management than the open-source technical community is?   Well,
they're wrong, and they can kiss my shiny Exim rulesets.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.