Jump to content
Sign in to follow this  
Fiservedpi

**ANSWERED** How Do "They" find my Uncommon SSH

5 posts in this topic Last Reply

Recommended Posts

Posted (edited)

I've forwarded my SSH port for personal use to something uncommon how do "they" find it?, or how are they hitting my logs 
 

Edited by Fiservedpi
Internet Scanners :(

Share this post


Link to post

Automated port scans.

 

VPN server hosted on your router or similar is a better option.

Share this post


Link to post

You really can't leave it open on any port- they will find it.  Jonathan is right- vpn into your network for ssh access.  Alternately, if you are a linux master and know snort at all- you can setup a port knocking scheme that would hit one port- then another- and it would open a new port of your choosing- then close it when the connection is over.  Fun to play with that kind of stuff if you have the aptitude. Just google port knocking, there are tons of tools to help with setup.

Share this post


Link to post

some firewalls have the ability to ignore scans if a given source hits XX number of ports. Sophos has that ability.

Share this post


Link to post
13 hours ago, jordanmw said:

Alternately, if you are a linux master and know snort at all- you can setup a port knocking scheme that would hit one port- then another- and it would open a new port of your choosing- then close it when the connection is over.  Fun to play with that kind of stuff if you have the aptitude. Just google port knocking, there are tons of tools to help with setup.

Can this be accomplished without a Sophos or Snort internet connection.  What about those who have brain dead Comcast, Roadrunner, Verizon etc routers and can't or don't want to replace them.  Can this be accomplished completely in unRaid iptables after opening up a bunch of ports on the router?

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this