Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If they're targetting SSH specifically how are they going to guess i'm running it on port 1690 and not port 22 other than by scanning up in sequence?


Different quality of locks in the ever-escalating arms race. Probably there are many many more sequential scanners out there. For the persistent actors who are doing random ordering or shuffle then you could add port-knocking for the real sshd... but then they just have to find a working client and sniff the connection requests... to which you add a TOTP step for determining which ports to use, and so on...


There is a known upper bound they could randomise the guesses from the range.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: