SSH hacked?
NoOp
glgxg at sbcglobal.net
Mon Jan 12 23:53:16 UTC 2009
On 01/12/2009 03:45 PM, steve wrote:
> NoOp wrote:
>
>>
>> The only problem that I see with that is 19 is in the well known ports
>> range (1-1023), is used by CHARGEN in linux/unix, and does get hit as well:
>>
>> <http://isc.sans.org/port.html?port=19&repax=1&tarax=2&srcax=2&percent=N&days=70>
>>
>> as it was/is used to attack MS:
>> http://support.microsoft.com/kb/169461
>> [Access Violation in Dns.exe Caused by Malicious Telnet Attack]
>>
>> http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
>> http://en.wikipedia.org/wiki/CHARGEN
>>
>> Were I you, I'd select a different port that is not commonly used.
>>
>>
> isnt it true though that whatever port you use, if you have it forwarded
> from your router, it will show up on a scan of your external ip?
>
In general yes, but it depends on how the firewall is setup. As I
mentioned, using a different port isn't a surefire (or even proper) way
to protect ssh, it only makes it a little harder for someone targeting
port 22 directly from a standard script.
More information about the ubuntu-users
mailing list