Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Should I change the default SSH port number?

Should I change the default SSH port number? 7 years 7 months ago #28992

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
I have heard thoughts before regarding the changing of default port numbers.

Do you think it makes a differece? Would this fool a program such as Nmap? Is it worth the time to change them?

What are your thoughts?
The administrator has disabled public write access.

Re: Should I change the default SSH port number? 7 years 7 months ago #29002

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Not sure I got what your aiming at skepticals. Do you want to change the SSH port number in an SSH server to hide it from scanners or intruders? If so yes it could help if you choose a rather unknown port number. But it will probably not stop scanners that scan all possible ports. Still it's not a bad idea to prevent the novice intruder.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Should I change the default SSH port number? 7 years 7 months ago #29004

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
I will try to be more clear.

Overall, is it worth it to change default port numbers? If someone scans all ports with a port scanner, would if find SSH running on a non-standard port?

Obviously, it would stop people from trying to go directly to the SSH default port, but it wouldn't do anything against an all port scan.

Do most people change their ports?
The administrator has disabled public write access.

Re: Should I change the default SSH port number? 7 years 7 months ago #29009

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Yes, I assume it can help. An all ports scanner can know if the port is open or not via a SYN scan. But it would not be obvious for the scanner which service is run on the port if you use a none default one. So if you use a port say 80 for ssh, the scanner might think it's a web service and try attacking/exploiting holes related (which will obviously not work). The scanner needs to do some extra work to find out that the service your running is SSH.

So I think it's a good idea, I might be wrong though. I haven't seen many admins do it. Or you might argue that I don't know many admins ;)

Wholly!!, I just wrecked my syslink wireless repeater while doing a scan on it with nmap. Guess it was too aggressive :o.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Should I change the default SSH port number? 7 years 7 months ago #29021

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
security is about stratifying defense, make it difficult for them to break in , when they break in make it difficult for them to move around.
shut your door you know , then bolt it, if possible with a laser alarm. heee!


sose

The operating system is thesame where ever you go
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

Re: Should I change the default SSH port number? 7 years 7 months ago #29037

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Its going to depend on who is attacking. Proper attackers it would not matter what the port number is as they will have tools within their arsenal that will quite easily determine what services is running on it. There are a few techniques used, the most common is to look at the banner information that is returned. If you telnet to most mail servers on port 25, you will see a banner returned which usually indicates the exact mail server that is running. This can help identify the operating system that the mail server is hosting along with the version of the mailserver software. Once this information is gained, you start looking at known vulnerabilities on these versions and try to exploit them in a hope that noone has patched them.

Also a load of tools such as Nmap, xprobe, xprobe2, etc... can be used to fingerprint operating systems just by monitoring the behavour of scans to them. For example, if you did a port scan with specific TCP flags set, certain operating systems respond differently from others and by sending combinations of these scans, you can sometimes quite accurately identify the operating systems running on servers, firewalls, etc... by the responses.

I would say to move the ports is good to stop people messing about but proper attackers wouldn't really be fooled by this. Its good if you can have firewalls, that can automatically block port scans to stop this (i.e. some firewalls, you can specify a threashold and if a port scan hits this, then it will automatically drop all other traffic for a set period of time, even legitimate traffic)

TTFN
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup