[conspire] Why Bother to Use Other Than Well Known Ports?

jim stockford jim at well.com
Fri Dec 1 08:39:28 PST 2006 

    someone pitched me the plan for using high
number ports, at least for ssh:
    sshd is normally off.
    there is some daemon that listens for a code
from trusted hosts.
    upon verification of the code, the daemon
turns sshd on at a high number port, and the
user then logs in.
    the "daemon" could  be sshd itself, I suppose,
if somehow the authentication scheme can be
implemented (sshd listens on 22, authenticates,
then one way or another accepts login on the
high number port).

    well, that's my understanding of their plan.


On Dec 1, 2006, at 8:00 AM, Mark Weisler wrote:

> Hi All,
> I periodically use nmap to examine servers I administer and I am 
> wondering:
> Why bother to use other than well known ports when setting up services 
> such
> as mail, ssh, Web, etc.?
>
> For example, below the dotted line is an excerpt of a recent nmap run 
> clearly
> disclosing that I am running ssh on port 2224 rather than the well 
> known port
> for ssh which is 22. It would seem that using 2224 gives me little 
> security
> from bad guys as I have to assume they would use a tool like nmap to 
> survey
> my (or any) network of interest and quickly obtain the  information 
> below.
>
> So, is there any benefit to using other than the well known ports?
>
>
> --------------------------------
>
> sendto in send_ip_packet: sendto(6, packet, 60, 0, 192.168.2.7, 16) =>
> Operation not permitted
> sendto in send_ip_packet: sendto(6, packet, 60, 0, 192.168.2.7, 16) =>
> Operation not permitted
> Insufficient responses for TCP sequencing (0), OS detection may be less
> accurate
> Interesting ports on ServingWench (192.168.2.7):
> Not shown: 64531 closed ports, 1001 filtered ports
> PORT     STATE SERVICE VERSION
> 25/tcp   open  smtp    Postfix smtpd
> 80/tcp   open  http    Apache httpd 2.0.55 ((Ubuntu) PHP/5.1.2)
> 2224/tcp open  ssh     OpenSSH 4.2p1 Debian 7ubuntu3.1 (protocol 2.0)
> MAC Address: 00:09:5B:8A:E6:34 (Netgear)
> Too many fingerprints match this host to give specific OS details
> Service Info: Host:  mail.HolyGrail.biz; OS: Linux
>
> Nmap finished: 1 IP address (1 host up) scanned in 137.158 seconds
> -----------------------------
>
> Thanks for considering this issue.
> -- 
> Mark Weisler
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

More information about the conspire mailing list