alt Hacker NewsIME, moving ssh off the standard port reduces bot scanning traffic by >99%. Not only it means less noise in the logs (and thus higher SNR), but also lowers the chance you're hit by spray-and-pray in case there's a zero day in sshd (or any other daemon really).
Replies
lelanthran • last Sunday at 9:50 AM
> IME, moving ssh off the standard port reduces bot scanning traffic by >99%.
Depends on the site I expect. My low value domains get NO ssh attempts on my random ports. The high value ones get a few each week.
godelski • last Monday at 12:40 AM
You could also always add port knocking or something like that.
➕ show 1 reply
True, but I hardly open any ssh to the wide world. I would only allow it inside a closed network anyways. HTTP on the other hand _needs_ to be exposed on 80 or 443 (not technically, but in practice)