[86863] in North American Network Operators' Group
Re: a record?
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Nov 20 02:40:12 2005
Date: Sun, 20 Nov 2005 02:39:45 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: nanog@nanog.org
In-Reply-To: <071d01c5ed9c$bd487290$6401a8c0@alexh>
Errors-To: owner-nanog@merit.edu
On Sat, 19 Nov 2005, Alexei Roudnev wrote:
> Security by obscurity eliminates all (100%) of this automated scans and
> automated attacks. So, having SSH on port 63023 (for example) and seen
> probes, you can be 100% sure that someone have SPECIFIC interest in your
This is just security by outrunning the bear. The assumption is bears
will stop chasing you if they catch a different hiker first.
Unfortunately, we now have decades of experience in cybersecurity that
this isn't true. It appears to work for a while, but on the Internet
bears are always hungry and learn. There are people actively scanning
for any open ports running any protocol, without a SPECIFIC interest in
your computer. SSH already has a No Trespassing banner.
You may just not have a big enough sample to see what is actually
happening.
