**ANSWERED** How Do "They" find my Uncommon SSH

[Fiservedpi]

I've forwarded my SSH port for personal use to something uncommon how do "they" find it?, or how are they hitting my logs 
 

Edited June 7, 2019 by Fiservedpi
Internet Scanners :(

[JonathanM]

Automated port scans.

 

VPN server hosted on your router or similar is a better option.

[jordanmw]

You really can't leave it open on any port- they will find it.  Jonathan is right- vpn into your network for ssh access.  Alternately, if you are a linux master and know snort at all- you can setup a port knocking scheme that would hit one port- then another- and it would open a new port of your choosing- then close it when the connection is over.  Fun to play with that kind of stuff if you have the aptitude. Just google port knocking, there are tons of tools to help with setup.

[1812]

some firewalls have the ability to ignore scans if a given source hits XX number of ports. Sophos has that ability.

[tr0910]

13 hours ago, jordanmw said:

Alternately, if you are a linux master and know snort at all- you can setup a port knocking scheme that would hit one port- then another- and it would open a new port of your choosing- then close it when the connection is over.  Fun to play with that kind of stuff if you have the aptitude. Just google port knocking, there are tons of tools to help with setup.

Can this be accomplished without a Sophos or Snort internet connection.  What about those who have brain dead Comcast, Roadrunner, Verizon etc routers and can't or don't want to replace them.  Can this be accomplished completely in unRaid iptables after opening up a bunch of ports on the router?