On 3/4/21 5:26 AM, Carlos E. R. wrote:
On 04/03/2021 14.12, Per Jessen wrote:
Lew Wolfgang wrote:
And of course botnets also scan for open ports, and not just the obvious ones. I just checked on my underused server with a direct and static connection, and over a 75-minute period I had 869 ports scanned, 637 of them were unique ephemeral high-numbered ports. Botnets don't care about laws, and if your IP is static for very long, your hidden ssh port could be exposed. Yep, I can assure you they will be. Even if we use public key authentication, we still run ssh on a high port - on one server installed in 2015, there were no ssh attacks until 7 February 2021. Since 2907 login attempts.
On another, also installed in 2015, attempts started 1 November 2020, since then 136680. Static IPs?
We might have to go one step further: migrate the port randomly and periodically.
If you're really that paranoid, take a look at port knocking: https://www.howtogeek.com/442733/how-to-use-port-knocking-on-linux-and-why-y... Even that is security through obscurity, but an argument could be made that multiple levels of obscurity can only help. Regards, Lew