[ale] 300,000 failed login attempts in 6 months!!!

Mike Harrison meuon at geeklabs.com
Tue Aug 19 19:05:15 EDT 2008


>> Save yourself some trouble and run SSHD on a non-standard port.
>
> I keep seeing this said over and over again, and I keep wondering:  Are
> the attackers _really_ that stupid?  Wouldn't a simple portscan prior to
> attempting to attack get rid of any benefit that this would provide?

Like I said before, it's not any more secure,
it just cuts down the background noise level.

A directed attack will scan you.. possibly over hours or weeks.
and knows a lot about your system.

A default SSH answers like this:

-----------------------------------
#telnet foo.com 6969
Trying 14.205.139.1...
Connected to foo.com
Escape character is '^]'.
SSH-2.0-OpenSSH_4.6p1
-----------------------------------

Pretty easy to find a simply moved SSH port.

But it WILL cut down the background noise of various stupid
scanner bots knocking on your doors.








More information about the Ale mailing list