this post was submitted on 14 Dec 2023
198 points (98.1% liked)

Asklemmy

43856 readers
1879 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] boatswain@infosec.pub 15 points 11 months ago (2 children)

I see this claim all the time, and it bugs me every time. Obfuscation is a perfectly reasonable part of a defense in depth solution. That's why you configure your error messages on production systems to give very generic error messages instead of the dev-centric messages with stack traces on lower environments, for example.

The problem comes when obscurity is your only defense. It's not a full remediation on its own, but it has a part in defense in depth.

[–] dan@upvote.au 7 points 11 months ago (1 children)

Changing the port isn't really much obfuscation though. It doesn't take long to scan all ports for the entire IPv4 range (see masscan)

[–] lud@lemm.ee 5 points 11 months ago (1 children)

It helps against stupid automated attacks though.

If someone has changed the port it's likely that they have set up a great password or disabled password auth all together.

It's worth it for just having cleaner logs and fewer attempts.

[–] dan@upvote.au 3 points 11 months ago

It’s worth it for just having cleaner logs

Those logs are useful to know which IPs to permanently block :)

[–] peter 2 points 11 months ago

Technically a password is obfuscation anyway