I wan't focusing on hardening a server, my point was avoiding simple random scans for the sake of log management.
Maybe I've used the word "security" too lightheartedly?
Fail2ban still solves that problem. A few entries with failed auth, and hey presto no more log entries because it's rejected by the firewall.
It's a well established pattern for brute force tools to not just try the default port, but perform a port scan to detect listening ports, and then try those.
Putting your services on other ports just makes things inconvenient for the user, nothing more.
3 comments
[ 2.7 ms ] story [ 18.5 ms ] threadUse fail2ban or similar to ip-block brute force attempts, and minimise public services like MySQL, etc by requiring a vpn/ssh tunnel to connect.
How is this idea of using random ports for "security" still a thing?
Do the same people suggest md5 for passwords too?
It's a well established pattern for brute force tools to not just try the default port, but perform a port scan to detect listening ports, and then try those.
Putting your services on other ports just makes things inconvenient for the user, nothing more.