Re: securing server
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oliver Antwerpen wrote:
>
> Steve schrieb:
>> Le 07-05-2008, à 17:34:08 +0800, Abdul Bijur Vallarkodath
>> (abdulbijur@gmail.com) a écrit :
>>
>>
>>> just my two pence.
>>>
>>
>> and my two centimes.
>>
>>
>>> * Change the ports of most ports like ssh, ftp, smtp, imap etc.
>>> from the
>>> default ones to some other ones.
>>>
>>
>> >From my poor understanding of security related issues, I guess this is
>> totally useless since any (good) port scanner will defeat this without
>> any problem. Remember, security by obscurity is a bad idea.
>>
>>
>>
>
> Used solely you are right, but used in addition to usual other securing
> mechanisms it can help against zero-day attacks, which only shoot
> exploits to well-known ports.
>
>
Only when the 0day attack originates from a Skiddy who found it on
milw0rm (making it technically no longer an 0day anyway).
If someone is determined enough to get access to a system to take the
time to write an exploit, they're certainly clever enough to use nmap,
which defeats most attempts at hiding a service version.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIKRPzLeTfO4yBSAcRAjmNAJ0eDx+cdZU1NnfyWLvbNhlEfK92VQCgxzNc
F9oDXS7vaw0QKQC5rMEzFps=
=lghP
-----END PGP SIGNATURE-----
Reply to: