PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
December 2003

Thwart attacks by switching vulnerable SSH daemon to random ports

A colleague recently suggested that I move my SSH daemon from TCP port 22 to a randomly chosen port. Does this protect me from hackers? Won't they just find the daemon on that port? You can change the port if you can easily communicate the new port to your users, and if they can configure their clients to use that new port. You can easily tell the five users logging in via SSH to one system to use SSH's -p flag. But does this increase security? Let's consider the case where we change the port number on a potentially vulnerable SSH daemon. We face danger from three main attack classes: worms, script-kiddies and sophisticated attackers. Worms create havoc because they spread quickly, often taking over most machines on a LAN before security managers can address the first compromise. What happens if we change our SSH daemon's port from the standard port 22? Well, most worms probe only the standard port when looking for vulnerable machines. Smarter ones might connect to a few ports, say, ports 80, 8080 and 8000 for Web servers...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue