Re: FTP port number
From: Alun Jones [MS MVP] (alun_at_texis.invalid)
Date: 03/22/04
- Previous message: William Morris: "Re: FTP port number"
- In reply to: ovs8: "FTP port number"
- Next in thread: ovs8: "Re: FTP port number"
- Reply: ovs8: "Re: FTP port number"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 22 Mar 2004 23:38:50 GMT
In article <6A13AC3D-233B-4C8A-83CA-0A932748C085@microsoft.com>,
"=?Utf-8?B?b3ZzOA==?=" <anonymous@discussions.microsoft.com> wrote:
>I'd like to create a little FTP server for a few clients of ours. I'd like to
> avoid using the port 21 for security reasons. I was wondering though, if I can
> use one of the Unassigned REGISTERED ports or only the PRIVATE ports for that?
Are you sure that's really a good security measure?
Hiding a server like that is really not all that strong of a security
change. Hackers run port-scans all the time, and judging from the number of
incoming HTTP-requests I get on my FTP server, it's clear that when a hacker
has a hack-tool, he'll try it on all ports that will answer him.
Similar arguments go against the old idea of protecting your server by
changing the banner information, so that it doesn't reveal which brand of
server (you do know that IIS isn't the only FTP server around, right? :-))
you're running.
You'll also have to spend some time explaining how to configure FTP clients
to anyone that connects to you, because of course, they all use different
syntax for specifying port numbers.
Add to this the problem of NAT routers causing trouble with servers running
at non-standard ports, and firewalls that are set up to allow FTP traffic,
but decide what is 'FTP traffic' by whether it's on port 21 or not, and you
start to find that moving the server's port is only useful in one case -
when you're trying to hide your server's presence from your ISP. [And even
then, it's not a very good measure]
Just secure your server, rather than trying to hide it. Leave it where it
is, unless it actually conflicts with something that deserves that place
better.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
- Previous message: William Morris: "Re: FTP port number"
- In reply to: ovs8: "FTP port number"
- Next in thread: ovs8: "Re: FTP port number"
- Reply: ovs8: "Re: FTP port number"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
