RE: [fw-wiz] Using RDP Port 3389

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 04/27/04

  • Next message: Gwendolynn ferch Elydyr: "Security through Obscurity [was RE: [fw-wiz] Using RDP Port 3389]"
    To: "Justin C. Laporte" <jlaporte@apextechgroup.com>, <woodse@vra.net>, <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 27 Apr 2004 10:40:01 -0400
    
    

    This seems to be a popular tactic among people using Terminal Services
    across the Internet. Just be aware that changing the port number
    doesn't prevent (and probably won't deter) an attacker from locating it.
    It's still easily identifiable via conventional means...

    $ nmap -P0 -sT -sV -p4489 aaa.bbb.ccc.ddd
    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-04-27 10:35
    EDT
    Interesting ports on nunna.yerbeez.wax (aaa.bbb.ccc.ddd):
    PORT STATE SERVICE VERSION
    4489/tcp open unknown Microsoft Terminal Service (Windows 2000
    Server)

    Also, if you're using the Win2K TS client, it's a pain to use a port
    number other than 3389.

    PaulM

    > -----Original Message-----
    > I almost always change the hex value in the registry to
    > change the listening port
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;187623
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Gwendolynn ferch Elydyr: "Security through Obscurity [was RE: [fw-wiz] Using RDP Port 3389]"