 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
2 edits | reply to Daniel
Re: Security and Obscurity: Changing Daemon Ports I didn't write that properly or completely, thanks for pointing that out. I should have followed with a statement that reduced exposure is a valid security measure. I do continue to maintain changing defaults is primarily a reduction in exposure, which is, as you pointed out, a valid component of security implementation. I'm thinking in terms of component nomenclature.
Rambling on now, 
My logs bear out that once these auto-bots scan the standard port and get no response from it, they don't come back to attempt further exploits related to the standard port. At that point I've avoided a "second look" by the autobot or at the minimum, avoided having my IP logged as "interesting" and recorded for further scans on other common service ports.
Thus, we've thwarted a large number of common attempts (Based on the logs I review) at the initial attack stage by simply changing ports. If there would be other more personalized attempts, there would be more hurdles to overcome.
As for being a real issue, my experience in my little circle bears out that autobots are real issues, and reducing exposure is one valid step in dealing with them.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
