UrlBlogGrey

About a year ago, I installed OpenBSD on my spare PC and opened up a hole in our residential firewall to allow SSH traffic from the Internet to pass to the BSD system. My goal was to be able to securely access the BSD system from Internet-accessible systems, such as from work or on the road.

SSH (Secure Shell) is an Internet service suitable for controlling computers remotely through a text-based console. It can also be used to tunnel traffic for other services the the secure channel it establishes between the client and server machines. The SSH service I was running on the BSD system was now open for business, which meant that anyone, including attackers, could access the machine at any time and from anywhere.

I didn't expect to be the target of automated-attacks, but within a matter of hours a couple of machines located in Brazil began a brute-force dictionary attack on the SSH service. The attacks continued for as long as the service was left accessible through the firewall. I kept the BSD system running for a few more days, and then discontinued my experiment mostly due to a loss of interest. Still, the intensity of the attacks left an impression on me.

Recently I opened a hole in our residential firewall to allow external access to the SSH service running on a Linux box I own. However, this time I chose to expose the service on a different Internet port, one not typically used for SSH. A simple port-scan on the firewall would reveal the open port, but it wouldn't be obvious that the port was being used by an SSH service. Surprisingly, there haven't been any attacks launched against the machine since using the non-standard port. Running a service on a non-standard port does not improve the security of the service, but it dramatically reduces the obviousness of the service to people who have no business knowing. If someone else requires access to the SSH service, I can simply inform them of the port number on which it is running.