[conspire] Why Bother to Use Other Than Well Known Ports?

Mark Weisler mark at weisler-saratoga-ca.us
Fri Dec 1 08:00:16 PST 2006

Hi All,
I periodically use nmap to examine servers I administer and I am wondering: 
Why bother to use other than well known ports when setting up services such 
as mail, ssh, Web, etc.?

For example, below the dotted line is an excerpt of a recent nmap run clearly 
disclosing that I am running ssh on port 2224 rather than the well known port 
for ssh which is 22. It would seem that using 2224 gives me little security 
from bad guys as I have to assume they would use a tool like nmap to survey 
my (or any) network of interest and quickly obtain the  information below.

So, is there any benefit to using other than the well known ports?


sendto in send_ip_packet: sendto(6, packet, 60, 0,, 16) => 
Operation not permitted
sendto in send_ip_packet: sendto(6, packet, 60, 0,, 16) => 
Operation not permitted
Insufficient responses for TCP sequencing (0), OS detection may be less 
Interesting ports on ServingWench (
Not shown: 64531 closed ports, 1001 filtered ports
25/tcp   open  smtp    Postfix smtpd
80/tcp   open  http    Apache httpd 2.0.55 ((Ubuntu) PHP/5.1.2)
2224/tcp open  ssh     OpenSSH 4.2p1 Debian 7ubuntu3.1 (protocol 2.0)
MAC Address: 00:09:5B:8A:E6:34 (Netgear)
Too many fingerprints match this host to give specific OS details
Service Info: Host:  mail.HolyGrail.biz; OS: Linux

Nmap finished: 1 IP address (1 host up) scanned in 137.158 seconds

Thanks for considering this issue.
Mark Weisler 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20061201/b10a449b/attachment.pgp>

More information about the conspire mailing list