| > And that is what is called “UDP”. Also the “spray and pray” of the networking world. Meaning, you literally don’t get a response. > Fundamental difference. And that is what's is called a bad assumption. SIP also uses TCP, and these days it's pretty common for end-user facing services because of both NAT being terrible and more data being crammed in to messages leading to fragmentation issues with UDP. This particular system's services facing the open internet are 100% TCP. > Which is exactly what ssh does and the point of why comparing the two and obscuring the port/IP makes no difference. Yes, SSH does have a banner by default, but it's possible to change that behavior. Sure, if an attacker is specifically targeting your IP and has some ideas what services you might be running then it's hard to entirely hide, but when you're just another system on the internet no one's going to put the effort in to look for services on odd ports. I have dozens of systems out there running SSH on a port that's not 22 as well and most of them have never logged a SSH ban on fail2ban after years of operation. The ones that listen on port 22 on the other hand log literally thousands a day. |