Mailinglist Archive: opensuse (1986 mails)

< Previous Next >
[opensuse] Results of moving ssh to a high port - Zero script kiddies in a 24 hour period.
  • From: "David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 27 Nov 2008 01:30:10 -0600
  • Message-id: <492E4C82.1040100@xxxxxxxxxxxxxxxxxx>

Moving ssh to a high port has been a resounding success at completely
eliminating the dictionary attacks against my server. And so far, I have not
had one single instance since making the change. I don't have any great
statistics, but I do have one that shows the impact very clearly. The number of
log entries per 24 hour period before and after.

Before the change (November 21) I had over 5000 ssh attempts on port
22. There
were periods where there were multiple attempts every second:

16:36 nirvana~/linux/boxes/bonza/log> wc -l < 20081121.log

After the change:

16:37 nirvana~/linux/boxes/bonza/log> wc -l < 20081125.log

Less than 300 entries in the logs in _total_ for an entire 24 hour
period. If
you have similar issues, and your real user needs can be accommodated on a high
port, I highly recommend it.

David C. Rankin, J.D.,P.E. | openSoftware und SystemEntwicklung
Rankin Law Firm, PLLC | Countdown for openSuSE 11.1 |
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >