> So, given this highly effective armor, would the danger to the tank somehow increase if it were to be painted the same color as its surroundings?
If there were a crowd of script kiddies rapping on the armour of every tank they could see, then yes, making your tank less visible would endanger it. The internet is different from the battlefield.
> Is anyone willing to argue that someone unleashing such an attack would be equally likely to launch it against non-standard port vs. port 22? If not, then your risk goes down by not being there, it’s that simple.
Yes, I'm willing to argue that. It sounds like you were being attacked by 17,995 dumb bots and 5 somewhat less dumb bots and/or genuinely sophisticated attackers. The former aren't going to pick up the zero-day.
> at some point of diminishing return for impact reduction it is likely to become a good idea to reduce likelihood as well.
Disagree. Obscurity-based methods have such a poor cost/benefit that they're likely to never be a good choice.
> If there were a crowd of script kiddies rapping on the armour of every tank they could see, then yes, making your tank less visible would endanger it.
I don't follow. If your tank is less visible, it gets seen (and thus interacted with) less on average, regardless of how many people are looking for tanks.
It gets interacted with less by the less sophisticated attackers. But you want those attackers to be targeting you, because they'll find holes and use them for relatively harmless things. Whereas if your only attackers are the sophisticated ones, the holes in your security will be used only for serious attacks.
runnning a service on an alternate port is generally extremely easy to do and has several benefits
1) It makes it easy to pick out the serious attackers. If you run SSH on 34985/TCP for example and start getting password brute force, you've got an idea it's a targeted attack, whereas on 22/TCP you get hammered by dumb bots all the time.
2) If someone is slamming round as fast as possible popping boxes with an 0-day they'll likely only bother with default ports (e.g. SMB worms, they compromised a lot of systems, but only on default ports)
>If there were a crowd of script kiddies rapping on the armour of every tank they could see, then yes, making your tank less visible would endanger it.
How do you figure? You're not ignoring it by changing the colour and saying that's well enough, you're making it to where you can focus more clearly on the ones that do knock on it despite the colour change.
If there were a crowd of script kiddies rapping on the armour of every tank they could see, then yes, making your tank less visible would endanger it. The internet is different from the battlefield.
> Is anyone willing to argue that someone unleashing such an attack would be equally likely to launch it against non-standard port vs. port 22? If not, then your risk goes down by not being there, it’s that simple.
Yes, I'm willing to argue that. It sounds like you were being attacked by 17,995 dumb bots and 5 somewhat less dumb bots and/or genuinely sophisticated attackers. The former aren't going to pick up the zero-day.
> at some point of diminishing return for impact reduction it is likely to become a good idea to reduce likelihood as well.
Disagree. Obscurity-based methods have such a poor cost/benefit that they're likely to never be a good choice.