[SATLUG] Re: Questions about home server security: non-standard ports

Don Davis dondavis at reglue.org
Thu Feb 21 14:17:18 CST 2013

Hash: SHA1

Yep. Tarpit on port 22, ssh forward to 443 for camouflage, and ssh-keys
required. It takes about 5 minutes to set up.

On 02/21/2013 01:50 PM, David Kowis wrote:
> On 02/15/2013 04:30 PM, Bruce Dubbs wrote:
>> Frank Huddleston wrote:
>>> Greetings,
>>> Thanks for the suggestions about security on a home server. I
>>> see that one thing people do is use non-standard ports. I have
>>> done that myself, but get the feeling that it's just security 
>>> through obfuscation and does nothing more than put a little
>>> hurdle in the way of a cracker, and increases complexity. So what
>>> do you think: is this worthwhile as a security measure?
>> In my mind, no.  Each service needs to be secured on it's own, but
>> just changing the port number will not be a significant security
>> measure. There are only 65K ports.  How long do you think it takes
>> for a script to try them all?
> There are ways to make that take longer as well.
> using the TARPIT target is a great deal of fun. see:
> http://xtables-addons.sourceforge.net/modules.php
> Basically: it allows a TCP connection to establish, but always
> responds with a window size of 0, which is the TCP equivalent of
> putting a connection on hold.
> This does open your router to a DDOS attack, in that it'll run out of
> available memory to handle the connections, but that depends on the
> resources of the server. In my use at home, I've never had that problem.
> It sticks bots up really well, since they're generally not smart
> enough to bail on their connections :)
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the SATLUG mailing list