• boatswain@infosec.pub
    link
    fedilink
    arrow-up
    19
    arrow-down
    3
    ·
    11 months ago

    I see this claim all the time, and it bugs me every time. Obfuscation is a perfectly reasonable part of a defense in depth solution. That’s why you configure your error messages on production systems to give very generic error messages instead of the dev-centric messages with stack traces on lower environments, for example.

    The problem comes when obscurity is your only defense. It’s not a full remediation on its own, but it has a part in defense in depth.

    • dan@upvote.au
      link
      fedilink
      arrow-up
      6
      ·
      11 months ago

      Changing the port isn’t really much obfuscation though. It doesn’t take long to scan all ports for the entire IPv4 range (see masscan)

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        11 months ago

        It helps against stupid automated attacks though.

        If someone has changed the port it’s likely that they have set up a great password or disabled password auth all together.

        It’s worth it for just having cleaner logs and fewer attempts.

        • dan@upvote.au
          link
          fedilink
          arrow-up
          3
          ·
          11 months ago

          It’s worth it for just having cleaner logs

          Those logs are useful to know which IPs to permanently block :)