3 comments

[ 2.7 ms ] story [ 18.5 ms ] thread
Security by obscurity is not security.

Use fail2ban or similar to ip-block brute force attempts, and minimise public services like MySQL, etc by requiring a vpn/ssh tunnel to connect.

How is this idea of using random ports for "security" still a thing?

Do the same people suggest md5 for passwords too?

I wan't focusing on hardening a server, my point was avoiding simple random scans for the sake of log management. Maybe I've used the word "security" too lightheartedly?
Fail2ban still solves that problem. A few entries with failed auth, and hey presto no more log entries because it's rejected by the firewall.

It's a well established pattern for brute force tools to not just try the default port, but perform a port scan to detect listening ports, and then try those.

Putting your services on other ports just makes things inconvenient for the user, nothing more.