I wan't focusing on hardening a server, my point was avoiding simple random scans for the sake of log management.
Maybe I've used the word "security" too lightheartedly?
Fail2ban still solves that problem. A few entries with failed auth, and hey presto no more log entries because it's rejected by the firewall.
It's a well established pattern for brute force tools to not just try the default port, but perform a port scan to detect listening ports, and then try those.
Putting your services on other ports just makes things inconvenient for the user, nothing more.
It's a well established pattern for brute force tools to not just try the default port, but perform a port scan to detect listening ports, and then try those.
Putting your services on other ports just makes things inconvenient for the user, nothing more.