Question about visibility

Paul Kosinski bind at iment.com
Wed Oct 24 16:24:03 UTC 2018 

Maybe port scanners will find open ports pretty quickly, but I've found
that using non-standard ports is helpful in reducing traffic, at least.
For example, SSH on port 22 gets lots of SYNs but moving it elsewhere,
and making 22 totally unresponsive discourages most such attempts. This
increases security slightly a priori, and may also improve security by
simplifying the firewall log(s).

When using OpenVPN over UDP, the standard port 1194 can be subject to
random and/or attack packets. These have to be processed and rejected
(since their HMACs etc. hopefully won't pass decryption). This won't
occur in TCP mode, of course, but UDP tends to be more efficient,
especially since TCP over TCP tends to clog up.

P.S. When you come right down to it, *all* computer (software) security
is "security by obscurity", whether the obscurity of passwords, private
keys, etc. For example, DES is no longer used because 56-bit keys are no
longer obscure enough to hide from modern computers.


On Wed, 24 Oct 2018 13:24:41 +0000
Timothy Metzinger <tim.metzinger at outlook.com> wrote:

> There's no security in obscurity.  Automated port scanners will sweep
> your system in a couple of seconds.
> 
> Tim Metzinger
> 
> From: bind-users <bind-users-bounces at lists.isc.org> on behalf of G.W.
> Haywood via bind-users <bind-users at lists.isc.org> Sent: Wednesday,
> October 24, 2018 12:15:10 PM To: bind-users at lists.isc.org
> Subject: Re: Question about visibility
> 
> Hi there,
> 
> On Wed, 24 Oct 2018, Hardy, Andrew wrote:
> 
> > Further to the original post, as well as not creating a DNS record
> > and "possibly" adding robot.txt with appropriate content, as
> > discussed, I presume that if I run the http server on a personally
> > selected unprivileged port then it is very "unlikely" the site pages
> > will be indexed/discovered/etc surely?
> >
> > Thoughts?
> 
> A server on a non-standard port is often neglected.  Its security may
> be less well maintained than one that is intentionally public.
> 
> That's just the sort of thing that criminals are looking for.  They'll
> probably find it, and then they'll attack it.
> 
> --
> 
> 73,
> Ged.
> _______________________________________________
> Please visit
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
> to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
> 
> Tim Metzinger
> 703.963.3015
>

More information about the bind-users mailing list