tag:blogger.com,1999:blog-37798047.post5458419545047194959..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: From scratch: why these mass scans are importantDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-37798047.post-51895350111987347612016-06-04T17:12:08.799-04:002016-06-04T17:12:08.799-04:00"For no good reason, early Internet pioneers ..."For no good reason, early Internet pioneers split up that 32-bit number into four 8-bit numbers" <br /><br />Was always under the impression that as most of the very early donkey work was done in the '70's on 8 and 16bit micro processor architectures then being able to address the memory which contains the address is considerably easier and more importantly quicker (we are talking of a clock speed measured in the single MHz region) if you have 4 8 bit numbers, which can be read serially directly to the register, rather than buffered and accessed via pointer...<br /><br />As a fringe benefit we get human readable/memorable identifiers, but really its down to physical engineering limits and optimised memory access.nakchakhttps://www.blogger.com/profile/11468405131428991559noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-54123288749125478672016-06-02T10:17:17.510-04:002016-06-02T10:17:17.510-04:00"For no good reason, early Internet pioneers ..."For no good reason, early Internet pioneers split up that 32-bit number into four 8-bit numbers"<br /><br />For human easy reading that's why. <br />The 4 values make sense because of how the addressing is split in powers of two.<br />Good luck identifying ranges with a 32 bits number.<br /><br />But I guess you know that, so why do you say that ?<br /><br />Having a human format <b>that doesn't impact</b> the native machine format is only a plus.Simonhttps://www.blogger.com/profile/15120859432770817509noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-62413407080894101172016-06-02T10:01:57.959-04:002016-06-02T10:01:57.959-04:00This comment has been removed by the author.Simonhttps://www.blogger.com/profile/15120859432770817509noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-61257191740794767202016-06-01T01:30:40.115-04:002016-06-01T01:30:40.115-04:00It's quite remarkable that you're finding ...It's quite remarkable that you're finding 15 times as many SSH servers on non-standard ports than on port 22. That's exactly counter to what I would've expected. I realize that it's fairly widespread advice for admins to put SSH on a non-standard port to reduce noise from script kiddies, but I would've expected that there are far more people who simply run "apt-get/yum install openssh-server" and forget about it, than who actually have heard and follow that advice.<br /><br />Have you by chance spotted any patterns that may suggest why these SSH servers on non-standard ports are so prevalent? A default configuration of some particular system(s) by chance? On the other hand, a large enough proportion of the results in your screenshot appear to be the run-of-the-mill "Ubuntu", "Debian", etc. banners you'd expect from popular desktop/server Linux distros, so maybe it really is true that people are manually following this "rule of thumb" on a widespread basis. It still seems counterintuitive, though. Users are too lazy for that. :-)<br /><br />Conversely, is there something about your method that might be undersampling port 22 by chance?Anonymoushttps://www.blogger.com/profile/01417638210775130514noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-28506130942988103342016-05-31T17:55:41.205-04:002016-05-31T17:55:41.205-04:00There's a couple other reasons why SSH might b...There's a couple other reasons why SSH might be on another port, as you know. One reason is that their ISP (or corporate employer) might have a blunt or dumb firewall that blocks port 22. Another reason is that they use port forwarding combined with their NAT to forward to ssh on various devices with private IP addresses. John Thackerhttps://www.blogger.com/profile/15269867695937765049noreply@blogger.com