Kind of - I obfuscate the port because it won’t show up on the list of well known TCP and UDP ports[0], but be in ephemeral region. To attack this port they would have to guess the number or do a full wide port scan of the system which will waste a large amount of their time. Though granted, they need probably less than a week.
I’ve honestly never understood the defaults of fail2ban, which seemed to do nothing on every system I’ve tried it on. I get much better results by parsing the journalctl logs, and grouping the ips and then passing them directly into iptables or UFW.
Kind of - I obfuscate the port because it won’t show up on the list of well known TCP and UDP ports[0], but be in ephemeral region. To attack this port they would have to guess the number or do a full wide port scan of the system which will waste a large amount of their time. Though granted, they need probably less than a week.
I’ve honestly never understood the defaults of fail2ban, which seemed to do nothing on every system I’ve tried it on. I get much better results by parsing the journalctl logs, and grouping the ips and then passing them directly into iptables or UFW.
You’re probably right. What is shodan?
0: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers