Plus, once I get the extensions of my Open Port Button [TM] working right, not only will it open ports on my ISA firewall, it'll allow me to open ports on *your* firewall, regardless of vendor. :-) Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, April 13, 2005 9:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org Normally I don't disagree with Tim cuz he's bigger than me, but given that port scanning is absurdly simple (every script-kiddie worth their salt can do it in their sleep) I can't see the value in port changing for its own sake. Even I can write a tool that will scan all 65365 TCP and UDP ports in less than 10 seconds. It takes very little more to make a few fingerprinting tests that will tell me what lives at a listening port. The time it takes to make sure everyone and everything involved knows how to use it and that it's properly documented, etc., etc. just makes it not worth the time any more. If you have to do this because of resource restrictions, then so be it; but don't play "port-games" just because you can. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, April 13, 2005 18:08 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org Joking aside, there is actually a very valid reason to change default ports for services where applicable, and that is to avoid "standard" scanning and/or worm activity. Greg is absolutely correct in that obscuring a service via port change will not thwart a directed attack, but security through obscurity does work as long as the target remains obscure. RDP services on alt ports are difficult to detect unless you can hit the box with RCP and are an admin (without port scanning by instantiating a TS handle), or unless you can hit the box with NetBIOS and proxy requests for server registration through the Master Browser (even with null sessions on weak Win2k installs). To speak to that old argument, I would say to do *both* if you can. Of course, you are right in that some programs don't like alt ports (or more directly, some *clients* don't like alt ports) but when it comes to remote admin of servers, I have no problem at all, and in fact would recommend, changing the default ports just to add that extra level of raising the fruit. (That's not a Navy term, Jim!) T ----- Original Message ----- From: Ball, Dan To: [ISAserver.org Discussion List] Sent: Wednesday, April 13, 2005 5:17 PM Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org Yep, goes back to the same old argument, do you hide the port to make it harder to find, or just rely upon the security in place to make a known port safe? I prefer to leave "most" things at their default port, makes it easier for me to do my job, some programs don't like using alternate ports. From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx] Sent: Wednesday, April 13, 2005 18:12 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org True, but if your going to leave rdp unprotected, or anything for that matter, we'll find it.. no matter what port you hide it on. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx