- Posts: 783
- Thank you received: 0
Should I change the default SSH port number?
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
15 years 10 months ago #28992
by skepticals
Should I change the default SSH port number? was created by skepticals
I have heard thoughts before regarding the changing of default port numbers.
Do you think it makes a differece? Would this fool a program such as Nmap? Is it worth the time to change them?
What are your thoughts?
Do you think it makes a differece? Would this fool a program such as Nmap? Is it worth the time to change them?
What are your thoughts?
15 years 10 months ago #29002
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Should I change the default SSH port number?
Not sure I got what your aiming at skepticals. Do you want to change the SSH port number in an SSH server to hide it from scanners or intruders? If so yes it could help if you choose a rather unknown port number. But it will probably not stop scanners that scan all possible ports. Still it's not a bad idea to prevent the novice intruder.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
15 years 10 months ago #29004
by skepticals
Replied by skepticals on topic Re: Should I change the default SSH port number?
I will try to be more clear.
Overall, is it worth it to change default port numbers? If someone scans all ports with a port scanner, would if find SSH running on a non-standard port?
Obviously, it would stop people from trying to go directly to the SSH default port, but it wouldn't do anything against an all port scan.
Do most people change their ports?
Overall, is it worth it to change default port numbers? If someone scans all ports with a port scanner, would if find SSH running on a non-standard port?
Obviously, it would stop people from trying to go directly to the SSH default port, but it wouldn't do anything against an all port scan.
Do most people change their ports?
15 years 10 months ago #29009
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Should I change the default SSH port number?
Yes, I assume it can help. An all ports scanner can know if the port is open or not via a SYN scan. But it would not be obvious for the scanner which service is run on the port if you use a none default one. So if you use a port say 80 for ssh, the scanner might think it's a web service and try attacking/exploiting holes related (which will obviously not work). The scanner needs to do some extra work to find out that the service your running is SSH.
So I think it's a good idea, I might be wrong though. I haven't seen many admins do it. Or you might argue that I don't know many admins
Wholly!!, I just wrecked my syslink wireless repeater while doing a scan on it with nmap. Guess it was too aggressive .
So I think it's a good idea, I might be wrong though. I haven't seen many admins do it. Or you might argue that I don't know many admins
Wholly!!, I just wrecked my syslink wireless repeater while doing a scan on it with nmap. Guess it was too aggressive .
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
15 years 10 months ago #29021
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Should I change the default SSH port number?
security is about stratifying defense, make it difficult for them to break in , when they break in make it difficult for them to move around.
shut your door you know , then bolt it, if possible with a laser alarm. heee!
sose
The operating system is thesame where ever you go
shut your door you know , then bolt it, if possible with a laser alarm. heee!
sose
The operating system is thesame where ever you go
sose
Network Engineer
analysethis.co/index.php/forum/index
15 years 10 months ago #29037
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Should I change the default SSH port number?
Its going to depend on who is attacking. Proper attackers it would not matter what the port number is as they will have tools within their arsenal that will quite easily determine what services is running on it. There are a few techniques used, the most common is to look at the banner information that is returned. If you telnet to most mail servers on port 25, you will see a banner returned which usually indicates the exact mail server that is running. This can help identify the operating system that the mail server is hosting along with the version of the mailserver software. Once this information is gained, you start looking at known vulnerabilities on these versions and try to exploit them in a hope that noone has patched them.
Also a load of tools such as Nmap, xprobe, xprobe2, etc... can be used to fingerprint operating systems just by monitoring the behavour of scans to them. For example, if you did a port scan with specific TCP flags set, certain operating systems respond differently from others and by sending combinations of these scans, you can sometimes quite accurately identify the operating systems running on servers, firewalls, etc... by the responses.
I would say to move the ports is good to stop people messing about but proper attackers wouldn't really be fooled by this. Its good if you can have firewalls, that can automatically block port scans to stop this (i.e. some firewalls, you can specify a threashold and if a port scan hits this, then it will automatically drop all other traffic for a set period of time, even legitimate traffic)
TTFN
Also a load of tools such as Nmap, xprobe, xprobe2, etc... can be used to fingerprint operating systems just by monitoring the behavour of scans to them. For example, if you did a port scan with specific TCP flags set, certain operating systems respond differently from others and by sending combinations of these scans, you can sometimes quite accurately identify the operating systems running on servers, firewalls, etc... by the responses.
I would say to move the ports is good to stop people messing about but proper attackers wouldn't really be fooled by this. Its good if you can have firewalls, that can automatically block port scans to stop this (i.e. some firewalls, you can specify a threashold and if a port scan hits this, then it will automatically drop all other traffic for a set period of time, even legitimate traffic)
TTFN
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.143 seconds