[conspire] Why Bother to Use Other Than Well Known Ports?

Rick Moen rick at linuxmafia.com
Fri Dec 1 16:07:13 PST 2006

Quoting Mark Weisler (mark at weisler-saratoga-ca.us):

> Hi All,
> I periodically use nmap to examine servers I administer and I am wondering: 
> Why bother to use other than well known ports when setting up services such 
> as mail, ssh, Web, etc.?

Two reasons come to mind:

1.  Some people think it's worthwhile to hide from automated attacks by
moving some network services to unexpected ports.  This leads to a long
ritualised exchange where someone says "That's security through
obscurity, and worthless", someone else says "It's worthwhile if it cuts
the statistical incidence of attacks", blah blah blah for several days
of back and forth.

2.  There are often pragmatic reasons for making a service be reachable
on _additional_ ports alongside the traditional ones.  E.g., I have sshd 
answering on 22 (traditional), plus 23 (normally telnetd), and 8080.  

8080 is for the benefit of one of my users in the UK, who's obliged to
ssh in from such an inanely configured firewall that he's not allowed to
connect to normal ssh/telnet ports at all.  23 is additional insurance
along the same lines, and was available because I don't run a telnetd.

(FYI:  There are perfectly fine telnetd setups with Kerberos or SSL.)

More information about the conspire mailing list