<div dir="ltr">They scan more than one port, and *some* attempt service identification, which is easy with SSH. But moving it to a non-standard port will reduce but not eliminate attacks. It'll also confuse end users if you have any who aren't technical.<br>
<br><br><br><div class="gmail_quote">On Tue, Aug 19, 2008 at 6:09 PM, Brian Pitts <span dir="ltr"><<a href="mailto:brian@polibyte.com">brian@polibyte.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Michael B. Trausch wrote:<br>
> On Tue, 2008-08-19 at 12:12 -0400, Jim Popovitch wrote:<br>
>> New? No. SSH brute force attempts are not new. You, as a target,<br>
>> might be new. ;-)<br>
>><br>
>> Save yourself some trouble and run SSHD on a non-standard port.<br>
><br>
> I keep seeing this said over and over again, and I keep wondering: Are<br>
> the attackers _really_ that stupid? Wouldn't a simple portscan prior to<br>
> attempting to attack get rid of any benefit that this would provide?<br>
<br>
</div>I assume they scan... port 22. If ssh isn't there either it's not<br>
running or there's a smart admin. Either way that system is not an<br>
inviting target.<br>
<font color="#888888"><br>
-Brian<br>
</font><div><div></div><div class="Wj3C7c">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</div></div></blockquote></div><br>
</div>