[conspire] Why Bother to Use Other Than Well Known Ports?
Mark Weisler
mark at weisler-saratoga-ca.us
Fri Dec 1 08:00:16 PST 2006
Hi All,
I periodically use nmap to examine servers I administer and I am wondering:
Why bother to use other than well known ports when setting up services such
as mail, ssh, Web, etc.?
For example, below the dotted line is an excerpt of a recent nmap run clearly
disclosing that I am running ssh on port 2224 rather than the well known port
for ssh which is 22. It would seem that using 2224 gives me little security
from bad guys as I have to assume they would use a tool like nmap to survey
my (or any) network of interest and quickly obtain the information below.
So, is there any benefit to using other than the well known ports?
--------------------------------
sendto in send_ip_packet: sendto(6, packet, 60, 0, 192.168.2.7, 16) =>
Operation not permitted
sendto in send_ip_packet: sendto(6, packet, 60, 0, 192.168.2.7, 16) =>
Operation not permitted
Insufficient responses for TCP sequencing (0), OS detection may be less
accurate
Interesting ports on ServingWench (192.168.2.7):
Not shown: 64531 closed ports, 1001 filtered ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.0.55 ((Ubuntu) PHP/5.1.2)
2224/tcp open ssh OpenSSH 4.2p1 Debian 7ubuntu3.1 (protocol 2.0)
MAC Address: 00:09:5B:8A:E6:34 (Netgear)
Too many fingerprints match this host to give specific OS details
Service Info: Host: mail.HolyGrail.biz; OS: Linux
Nmap finished: 1 IP address (1 host up) scanned in 137.158 seconds
-----------------------------
Thanks for considering this issue.
--
Mark Weisler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20061201/b10a449b/attachment.pgp>
More information about the conspire
mailing list