<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 22 July 2014 00:52, Guy Gold <span dir="ltr"><<a href="mailto:guy1gold@gmail.com" target="_blank">guy1gold@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">Hi Erez,<br><br><div><div class="gmail_extra">On Mon, Jul 21, 2014 at 4:18 AM, Erez D <span dir="ltr"><<a href="mailto:erez0001@gmail.com" target="_blank">erez0001@gmail.com</a>></span> wrote:<br><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><br>
</div>it is not even a dynamic ip, it is a private ip behind a dynamic one<br></blockquote><div><br></div><div>Then, what Eliyahu wrote should serve you a perfect solution. <br><br></div><div>Also, there's not much advantage in the point of hiding behind the "security by obscurity" method (i.e serve SSH at port 9000. or whichever). </div>
</div></div></div></div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>
<div class="gmail_extra">
<div class="gmail_quote"><div>
The increase to security by using that method is in doubt - when taking under consideration tools used by "bad guys (and girls)" nowadays .<br>If you must do it, that's fine, but don't let it be a reason for not using much better methods, as Eliyahu suggested.</div>
</div></div></div></div></blockquote><div><br class="">From personal experience - there is a huge advantage in picking a random port for external SSH (and external HTTP). I always had port scanners on my standard, dynamic ISP ADSL addresses until I moved them to different non-standard ports. Since then my logs are clean, and I'm talking about over 5 years of experience (I don't remember exactly when I did the switch).</div>
<div><br></div><div>This is of course not the only measure I take for security. I still treat them as vulnerable etc. But after years of not having a single probe on the new ports I have to say that it removed the threat of pretty much 100% of the probes on my home network.</div>
<div><br></div><div>Perhaps they are more thorough on static ip addresses, known targets etc., but in my experience this is a very successful step.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div class="gmail_extra"><div class="gmail_quote"><div><span class=""><font color="#888888"><br>
</font></span></div><span class=""><font color="#888888"><div> <br>-- <br></div></font></span></div><span class=""><font color="#888888">Guy Gold
</font></span></div></div></div>
<br>_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<a href="http://www.linkedin.com/in/gliderflyer" target="_blank">
<span>
<img src="http://s4.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png" alt="View my profile on LinkedIn" height="25" width="160">
</span></a></div>
</div></div>