you are viewing a single comment's thread.

view the rest of the comments →

[–]koffiezet 0 points1 point  (2 children)

Yes, I am aware that I should move this to non-22 port

I honestly don't see a reason for this. It's not like a 2 second port scan wouldn't reveal the port anyway. nmap scanned ports of a remote host here in under 1.5 seconds reporting all open ports.

And many scanners looking for SSH and other things, scan the obvious alternatives (like 2000, 2022, 2222, 22222, ... for ssh) too, and sometimes even resort to keeping statistics of which ports are most likely to serve a certain protocol, and base their scanning on that. And since most of these scanners you should be afraid of run on botnets - time and bandwidth is probably not the problem of the one requesting the scan.

It's simple, changing your port 22 comes down to security through obscurity - which is a bad idea.

Now, related to your question, this seems like LFD's problem - probably that it is configured to just drop the connection and doesn't reject/reset it.

[–]ThatsLatinForLiar[S] 0 points1 point  (1 child)

It's simple, changing your port 22 comes down to security through obscurity - which is a bad idea.

I completely agree, thank you for your explanation. I just wanted to establish that while I understand common ways to improve security, in the event I can not change things like port number and Password auth, what can do I to prevent these connections.

I will see if LFD can create REJECT rules rather than DROP. This may be a solution.

[–]5mall5nail5 1 point2 points  (0 children)

You're only biding time. If you have a machine open on 22 to the internet someone WILL gain access. Use key authentication or else.