Steve: Developing on the Edge - Ports in Use
Steve: Developing on the Edge
Thoughts on development, Web-services, technology and mountains.
16Jul
Wed2008
Ports in Use
Ruwan Linton covers the process used to get an IANA-assigned port for Apache Synapse.

I don't think I've ever bothered to talk to IANA for a port for any of my applications.

  1. It's a hint. If someone is using your port -even if it's IANA assigned- you have to be the one to deal with it. So your port must always be a configurable option.
  2. A lot of ops teams like to change ports around, to add a bit of obscurity to the game. There's no need to run SSH over port 22, for example, and doing so on remotely visible machines just increases your server load as machines around the world try and guess the password for likely accounts.
  3. The real ports you have to avoid are those used by the trojans, by Storm (port 7871 BTW) and other worms. Because the security scanners will throw a wobbly when any scanned machine has those ports open; its taken as a sign of being 0wned. And of course, the malware authors never bother to go through IANA to pick a port.

One thing that flexible applications can do is not require a specific port. This is what the portmapper daemon can do. It's a shame that this tool/binding protocol has fallen into effective disuse.

Posted by steve at 09:51

Comments

We also support changing the portsreply to this thread
On 18 July 2008 at 10: 03 Ruwan Linton commented:
Hi Steve,
We Apache Synapse [http://synapse.apache.org] allows you to change the ports via the axis2.xml file resides on the conf folder of the distribution. But this registration is done just for the default ports. You can download the product and you can just run it with these registered ports.
Well, being said that your point is valid, because IANA is not taking any action over using the registered ports with another product.
On 18 July 2008 at 11: 32 Steve Loughran commented:
well, a key thing to do is don't just rely on IANA, but look at the SANS malware port list (linked to off this post) and change your IANA-assigned port if it is already used by some kind of trojan/remote access app. Because the one thing you really, really don't want to do is get mistaken for malware by IT security tools. It creates unhappiness all round.
On 21 July 2008 at 08: 59 Ruwan Linton commented:
Steve,
Could you please provide the link to the list of ports used by the malwares?
Thanks,
Ruwan
(C) 2003-2005 1060 Research Limited
1060 Registered Trademark and NetKernel Trademark of 1060 Research Limited