In the past two weeks I set up a new VPS, and I run a small experiment. I share the results for those who are curious.
Consider that this is a backup server only, meaning that there is no outgoing traffic unless a backup is actually to be recovered, or as we will see, because of sshd.
I initially left the standard "port 22 open to the world" for 4-5 days, I then moved sshd to a different port (still open to the whole world), and finally I closed everything and turned on tailscale. You find a visualization of the resulting egress traffic in the image. Different colors are different areas of the world. Ignore the orange spikes which were my own ssh connections to set up stuff.
Main points:
-
there were about 10 Mb of egress per day due just to sshd answering to scanners. Not to mention the cluttering of access logs.
-
moving to a non standard port is reasonably sufficient to avoid traffic and log cluttering even without IP restrictions
-
Tailscale causes a bit of traffic, negligible of course, but continuous.
I am not in IT, what does this mean ?
Computers communicate across networks using ports. Port 22 is a commonly used remote administration port called ssh. Bots go around probing computers with an open port 22 hoping to find badly secured or outside misconfigured ssh servers to turn them into bots and crypto miners, etc.
Its crazy people can do all these stuff. I can't even edit my word document. Being said that I want to learn IT but looks hell stressful for $100-$200k job. I was in content & marketing making $130k and we used to discuss about shades of color to use in a font for 3-4 weeks. Its crazy how you guys have to fix issues within minutes on those tickets. The more i learn about IT, I feel like I should stay away from it.
Not everyone in IT needs to fix tickets or work in a high-stress environment. In one of my previous roles, I was a projects engineer, and I was basically given a bunch of projects to work on (like there was a small python-based project - they needed to automate something; then there was one to get them into a hybrid cloud setup; another project to upgrade something and so on). I didn't really have any break-fix tickets to work on, although I was occasionally asked if I could help, when there was some spare time or if it was something high-level the ops guys couldn't fix. Basically a total chill job, I was free to allocate time on my projects as I saw fit, no hard deadlines, no SLAs to meet, and the best part - no users to deal with.
Of course, it wasn't always like this. To get here, I had to do those grunt roles first, those stressful jobs with tickets that needed to be fixed in minutes, dealing with angry users and stuff. But thankfully my career has progressed past that stage now.