RE: Roger's last comment on changing Port defaults

["David Gillett" <gillettdavid () fhda edu>]

> > Imagine a house who's outside walls were nothing but 
> > doors-after-doors, wall-to-wall, corner to corner.  Most 
> > fake, and only one real one. On a normal house, thief 
> > tries front or back door (or breaks window) to enter
> > house (or uses some other vector).  He still has to try a 
> > key, pick it, or bust down the correct door when he finds 
> > it.  
>
> Not quite a good analogy in this case.  A thief would 
> normally recon the area and determine the suitable target.  Say, 
> he selects your house.  Seeing that many doors, he wouldn't know 
> which one to break or open.  But like I mentioned, he would do a 
> reconnaissance.  Check out who goes in and comes out and from which 
> door.   Then he'd concentrate his efforts on that particular door.

  A (slightly) clever thief will go for the door with the worn path
leading to it.  At first glance, that doesn't analogize well to the
digital world, but in practice renumbered service ports are sometimes
made easier to use by the implementation of service-location or
redirection services which make the intruder's job just as easy.
(Renaming the administrator account doesn't achieve much is you still
permit anonymous enumeration of accounts, for instance.)

--

  Much mention has been made in this thread of the Slammer worm.  It's
easy to forget that many victims were utterly unaware that they had
authorized Microsoft -- or had authorized someone else to authorize
Microsoft! -- to build an SQLserver wing onto their house.  They'd
no idea that that (unlocked) door *existed*, let alone whether anything
(besides the worm) would break if they reconfigured its port number.

David Gillett