Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Modifying default port / Port scan

Posted on 2006-06-20
8
Medium Priority
?
440 Views
Last Modified: 2010-04-11
If I were to change my default port for Remote Desktop from 3389 to 10000, for example, how easily can the RDP service (or any other service for that matter) be discovered?  If someone were to scan all 65K ports and came across port 10,000, is there a tool that tells you what service is running there, and not just give you a 'Well this is port 10000, so it MUST be the XYZ service' response.  Aside from Windows updates, a firewall, and a strong password, is this just a false sense of security?
0
Comment
Question by:bleujaegel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 16949333
No the person or any tools wont come to know if you change ports and using the service in some different port.

If you have read remote desktop web connection article from microsoft in that it is mentioned if the port is being block by the isp you can select different port to establish connection.

So it concludes that if we change ports the isp wont come to know about a service running in different port

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
link of remote desktop web connection

Reps

0
 
LVL 5

Accepted Solution

by:
kevinf40 earned 2000 total points
ID: 16949560
Yes.

Tools such as nmap etc can check for the response from a port and report what service is actually running on that port, not just whether the port is open.

There is some limited security through obscurity by using a non standard port - e.g. it may not be noticed in a very limited port scan, but this is no real measure of security - the main reason this feature is available is to enable rdp to work in environments where only certain ports are permitted to be open on firewalls.

cheers

Kevin
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16951487
Changing port numbers of services is known, as kevinf40 noted, as "security through obscurity". It's like wetting your pants while wearing dark clothes - it feels good, but nobody notices.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 2

Author Comment

by:bleujaegel
ID: 16952657
I just tried nmap, and it correctly identified the services running on the non-standard ports.  Ok, that anwsers my question.  

What is the likelihood that crackers would actually scan all 65K ports?  I don't know how long that would take, but I can't imagine anyone would have that much patience unless they were intentionally trying to break into a specific computer.
0
 
LVL 5

Expert Comment

by:kevinf40
ID: 16952808
That depends

Many scans are for specific ports or services, which may miss you changed port, but anyone actually interested in connecting to your machine will likely be more thorough.

Hence the term security through obscurity - things that fall into this camp can offer limited protection from someone having a quick look (e.g. locking your door but hiding the key under the mat), but as soon as someone looks a little deeper they offer no real protection and you may as well have left your door open.

Real protection would be to harden and patch your server and use the highest encryption options available to rdp (if you are using a 2003 server you can actually require certificates for authentication before the connection is permitted).

cheers

Kevin
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 16952969
Do you know offhand if the header information can be spoofed so if they found the RDP service, it would return something different, such as telnet to throw them off?
0
 
LVL 5

Expert Comment

by:kevinf40
ID: 16953124
Not off the top of my head, I would imagine this would be very difficult as the system needs to respond in a certain way due to the client expecting a set response to it's connection initiation.  Without the expected response it is likely that the client would report an error and fail to connect.

If you properly harden you machine and use strong passwords (if certs are not an option) it isn't wholly unsafe to make an rdp port available online.

Do you always connect from known IP addresses? - if this is the case you could restrict access at the firewall level to only allow rdp connections from these addresses.
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 16953431
Good point.  I typically connect via DHCP type ISP connections, but it's something to keep in mind.

I think I'll install the cert server and setup a certificate for my laptop.  I use it for remote management.  It's a test lab, so it isn't a huge deal if it's compromised, but good for security.  Thanks for the help.  Great port scanner BTW.  I'll have to add it to the arsenal.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question