This seems to be a popular tactic among people using Terminal Services
across the Internet. Just be aware that changing the port number
doesn't prevent (and probably won't deter) an attacker from locating it.
It's still easily identifiable via conventional means...
$ nmap -P0 -sT -sV -p4489 aaa.bbb.ccc.ddd
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-04-27 10:35
EDT
Interesting ports on nunna.yerbeez.wax (aaa.bbb.ccc.ddd):
PORT STATE SERVICE VERSION
4489/tcp open unknown Microsoft Terminal Service (Windows 2000
Server)
Also, if you're using the Win2K TS client, it's a pain to use a port
number other than 3389.
PaulM
> -----Original Message-----
> I almost always change the hex value in the registry to
> change the listening port
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;187623
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 27 2004
Intro
