My opinion on security and obscurity
is that obscurity can in fact help improve an already sound security
posture. That’s keeping in mind that it should never become security
by obscurity — which is definitely bad.
Anyway, I’ve debated this issue for years with many people, and I remain
convinced that my position on the matter is correct. But tonight I decided
to do some very coarse testing of the idea using the SSH daemon.
I decided to configure my SSH daemon to listen on port 24 in addition to its
regular port of 22 so I could see the difference in attempts to guess
credentials on each. My expected result is far fewer attempts to access SSH
on port 24 than port 22, which I equate to less risk to my, or any, SSH
daemon.
It’s quite simple to set this up; you just put two port lines in your config
instead of one, and then restart your daemon:
Port 22 Port 24
Then I added logging to a couple of my firewall rules:
-j LOG --log-level 7 --log-prefix "Logged port 22: " -j LOG --log-level 7 --log-prefix "Logged port 24: "
(log rules go before their associated DROP, REJECT and ACCEPT rules, btw)
…and I’ve let that run for over 8 hours…on an unremarkable Saturday.
Get a weekly breakdown of what’s happening in security and tech—and why it matters.
Well, it’s definitely true that very few people look for SSH on port 24. In
the time that I gathered 7,025 connection attempts to my SSH daemon
on port 22 I received 3 on port 24.
Three.
[UPDATE: The stats over the weekend were over 18,000 connections to
port 22, and five (5) to port 24.]
That’s fine, but the real question is this: would it reduce my risk of
being compromised remotely through my SSH daemon if I were to change the
daemon’s port to 24? I think the answer is yes.
Let’s assume that there’s a new zero day out for OpenSSH that is just owning
boxes with impunity. Is anyone willing to argue that someone unleashing such
an attack would waste significant effort going for non-standard ports? Or
are they more likely to stick with the default port where they’re guaranteed
to find more daemons?
I think we do gain security by moving commonly-attacked listeners to
non-standard ports. And yes, that extra security does come from obscurity.
Remember, even tanks are painted with camouflage. ::
Dive into the comprehensive breakdown of the 2025 Primary Leaving Examinations (PLE) results with our…
The Uganda Primary Leaving Examinations (PLE) represent a significant milestone in your academic journey. Success…
Kampala, Uganda – With the 2026 general elections looming, Uganda finds itself at a crucial…
The Uganda National Examinations Board (UNEB) examinations are a significant milestone in every student's academic…
The Future of Learning: Education Technologies Poised to Transform Education by 2026The education landscape is…
Kampala, Uganda – DFCU Bank has announced the launch of "School Fiiz," a nationwide campaign…
Leave a Comment