[conspire] Why Bother to Use Other Than Well Known Ports?
Daniel Gimpelevich
daniel at gimpelevich.san-francisco.ca.us
Fri Dec 1 10:14:18 PST 2006
That's called "xinetd" FYI.
On Fri, 01 Dec 2006 08:39:28 -0800, jim stockford wrote:
>
> someone pitched me the plan for using high
> number ports, at least for ssh:
> sshd is normally off.
> there is some daemon that listens for a code
> from trusted hosts.
> upon verification of the code, the daemon
> turns sshd on at a high number port, and the
> user then logs in.
> the "daemon" could be sshd itself, I suppose,
> if somehow the authentication scheme can be
> implemented (sshd listens on 22, authenticates,
> then one way or another accepts login on the
> high number port).
>
> well, that's my understanding of their plan.
>
>
> On Dec 1, 2006, at 8:00 AM, Mark Weisler wrote:
>
>> Hi All,
>> I periodically use nmap to examine servers I administer and I am
>> wondering:
>> Why bother to use other than well known ports when setting up services
>> such
>> as mail, ssh, Web, etc.?
>>
>> For example, below the dotted line is an excerpt of a recent nmap run
>> clearly
>> disclosing that I am running ssh on port 2224 rather than the well
>> known port
>> for ssh which is 22. It would seem that using 2224 gives me little
>> security
>> from bad guys as I have to assume they would use a tool like nmap to
>> survey
>> my (or any) network of interest and quickly obtain the information
>> below.
>>
>> So, is there any benefit to using other than the well known ports?
>>
>>
>> --------------------------------
>>
>> sendto in send_ip_packet: sendto(6, packet, 60, 0, 192.168.2.7, 16) =>
>> Operation not permitted
>> sendto in send_ip_packet: sendto(6, packet, 60, 0, 192.168.2.7, 16) =>
>> Operation not permitted
>> Insufficient responses for TCP sequencing (0), OS detection may be less
>> accurate
>> Interesting ports on ServingWench (192.168.2.7):
>> Not shown: 64531 closed ports, 1001 filtered ports
>> PORT STATE SERVICE VERSION
>> 25/tcp open smtp Postfix smtpd
>> 80/tcp open http Apache httpd 2.0.55 ((Ubuntu) PHP/5.1.2)
>> 2224/tcp open ssh OpenSSH 4.2p1 Debian 7ubuntu3.1 (protocol 2.0)
>> MAC Address: 00:09:5B:8A:E6:34 (Netgear)
>> Too many fingerprints match this host to give specific OS details
>> Service Info: Host: mail.HolyGrail.biz; OS: Linux
>>
>> Nmap finished: 1 IP address (1 host up) scanned in 137.158 seconds
>> -----------------------------
>>
>> Thanks for considering this issue.
>> --
>> Mark Weisler
>> _______________________________________________
>> conspire mailing list
>> conspire at linuxmafia.com
>> http://linuxmafia.com/mailman/listinfo/conspire
More information about the conspire
mailing list