On Thursday January 1 at 11:47pm Jan Minar <Jan.Minar@seznam.cz> wrote: > On Thu, Jan 01, 2004 at 09:42:09PM +0000, Adam Barton wrote: > > What would do in this case, is, rather than forwarding port 22 to > > port 22 on an internal host, do say forward 10001 to internalhost1, > > 10002 to internalhost2 etc. as required instead. Then leave 22 open > > for connections to the box itself or block it off completely with an > > > > iptables rule. > > > > At least then a script kiddy won't simply find port 22 open and > > start to bruteforce your ssh password. He has to scan higher than > > normal to find your SSH which he/she is less likely to do. > > This is a ``security by obscurity''; a naive approach that works by > giving you a warm fuzzy feeling that you've done your homework, which > lessens your alertness, so you won't ever notice the intruders. Plus, a quick nmap scan will discover the open ports pretty quickly. -- -johann koenig Now Playing: Goldfinger - The End Of The Day : Stomping Ground Today is Sweetmorn, the 1st day of Chaos in the YOLD 3170 My public pgp key: http://mental-graffiti.com/pgp/johannkoenig.pgp
Attachment:
pgpFnFERQra12.pgp
Description: PGP signature