Comment Re:Solution: Public Key Auth (Score 1) 327
So then brute force attacks would be preceded by an open port check?
Unless you use some kind of port knocking attempt, that wouldn't solve much of anything for long.
Two points:
1: Port knocking or single-packet authentication really paired with the aforementioned port change really is a remarkably effective solution.
2: The article is discussing attempts to break into a large mass of computers, not targeted attacks on a single box. To add the considerable increase in overhead and visibility inherent in running port scans over a public network would be quite expensive, both in terms of the decrease in the number of boxes you can hit per minute and the risk of nodes in the botnet being cleaned up and removed sooner than they might otherwise have been. The former is doubly troubling to a botnet owner when you consider the cost of trying to identify the protocol in use on all the open ports other than 22, or of wasting an attempt to open a TCP connection on each of the ports.