|
|
|
|
|
|
by k_roy
582 days ago
|
|
|
> How does anyone know I changed the port to find me more interesting? I responded to this elsewhere. > I just checked the first VoIP server I ever deployed with a non-standard SIP port. It's been up for a decade and provides public facing services so its accessible to the global internet minus whatever systems have found their way in to our denylist over the years. And that is what is called “UDP”. Also the “spray and pray” of the networking world. Meaning, you literally don’t get a response. Fundamental difference. > The thing about non-standard ports is that unless your service identifies itself with a banner or similar upon connection the attacker has to open with a valid request to receive a response. Which is exactly what ssh does and the point of why comparing the two and obscuring the port/IP makes no difference. |
|
|
> Fundamental difference.
And that is what's is called a bad assumption. SIP also uses TCP, and these days it's pretty common for end-user facing services because of both NAT being terrible and more data being crammed in to messages leading to fragmentation issues with UDP. This particular system's services facing the open internet are 100% TCP.
> Which is exactly what ssh does and the point of why comparing the two and obscuring the port/IP makes no difference.
Yes, SSH does have a banner by default, but it's possible to change that behavior.
Sure, if an attacker is specifically targeting your IP and has some ideas what services you might be running then it's hard to entirely hide, but when you're just another system on the internet no one's going to put the effort in to look for services on odd ports.
I have dozens of systems out there running SSH on a port that's not 22 as well and most of them have never logged a SSH ban on fail2ban after years of operation.
The ones that listen on port 22 on the other hand log literally thousands a day.