Changing port numbers

From Sysadmin

Jump to: navigation, search

A common recommendation made is to change the listening ports of certain services. This is most often applied to ssh but is also often applies to backend services such as MySQL.

It is recommended not to change the standard listening ports as this causes problems with access.

  • A legitimate client doesn't know the port ahead of time and either needs to be told or scan for it to find it
  • Access may be limited as intervening firewalls may block the non-standard port. It is common for corporate firewalls to limit outbound connections to a limited set of destination ports.

Alternatives

There are several good alternatives to changing a port number. Options including use of a firewall to block access to the port from most or all source addresses and port knocking.

The Future

The use of SRV records within DNS will completely change the landscape of port allocations.


See Also

This page is a stub. Robert will add additional information to the page later.

Retrieved from "http://www.practicalsysadmin.com/wiki/index.php/Changing_port_numbers"
Personal tools