SSH hacked?

[Bart Silverstrim]

Rashkae wrote:

> Disclaimer: I do not personally move my ssh ports, nor do I advocate the
> practice.  I consider it security theater on par with confiscating
> bottles of water at airports.  There is a rationale however, which has
> been overlooked.
> 
> The theory is that attackers, as well as trying common username/password
> combos (which really should not be mistaken for a brute force attack by
> any stretch) are also keeping records of which hosts have which ports
> open by which applications.  In theory, armed with this list, when an
> exploit is uncovered (and exploits are always being uncovered) they have
> a ready to go database of hosts that are likely to be vulnerable on zero
> day.
> 
> The drive by port scanning, however, is normally restricted to the
> common service ports (22, 25, 80, etc.)  since probing all ports of
> every IP takes too long to be as effective.  Therefore, moving your ssh
> port, if ssh is your only open port, for example, will keep you off
> these lists.

My philosophy is that if you take basic precautions, you will be pretty 
secure from scripted attacks, the source of probably 95% of attacks on 
the webbertubes.

If you're being targeted by someone for some reason, you're really going 
to be kinda screwed. They'll be trying to crack your wireless, your 
emails, port scanning all ports, poking archives for your posts to lists 
where you asked for advice for hints of what you're doing...and most 
likely if you're a person of this kind of interest, you're already 
hardening your system from the attacks people are asking about here.

Or you just shut off the service.

How many people are sweating over SSH while their Apache server's being 
hacked or DNS redirected for attacks anyway? :-)