[SATLUG] Re: Questions about home server security: non-standard
dkowis at shlrm.org
Thu Feb 21 13:50:23 CST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 02/15/2013 04:30 PM, Bruce Dubbs wrote:
> Frank Huddleston wrote:
>> Thanks for the suggestions about security on a home server. I
>> see that one thing people do is use non-standard ports. I have
>> done that myself, but get the feeling that it's just security
>> through obfuscation and does nothing more than put a little
>> hurdle in the way of a cracker, and increases complexity. So what
>> do you think: is this worthwhile as a security measure?
> In my mind, no. Each service needs to be secured on it's own, but
> just changing the port number will not be a significant security
> measure. There are only 65K ports. How long do you think it takes
> for a script to try them all?
There are ways to make that take longer as well.
using the TARPIT target is a great deal of fun. see:
Basically: it allows a TCP connection to establish, but always
responds with a window size of 0, which is the TCP equivalent of
putting a connection on hold.
This does open your router to a DDOS attack, in that it'll run out of
available memory to handle the connections, but that depends on the
resources of the server. In my use at home, I've never had that problem.
It sticks bots up really well, since they're generally not smart
enough to bail on their connections :)
> -- Bruce
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the SATLUG