In an interesting blog entry by Richard Bejtlich, TaoSecurity: Fight to Your Strengths, he suggests that sometimes security through obscurity might be suitable. He uses an example where he lets OpenSSH use another port than the default port and thus he gets less number of attacks against sshd. I have added a question at his blog that would be interesting to investigate:
Would it be possible to let a firewall or inline IDS automatically block incoming ssh traffic to the default port and then make ssh communication going out using the default port appear to be using a different port?The idea would be to automatically make a temporarily obfuscation until it is possible to switch port on the server. In this way it might be possible to not interfere with the running service but still stop automated attacks. Is there anybody out there who can tell me if this would work in reality?
Powered by ScribeFire.
2 comments:
I am sorry but that is a retarded idea!
Maybe that is true, but that is no reason to be impolite.
Post a Comment