On Wed, 2005-12-14 at 19:54, Cameron Simpson wrote: > What nobody has mentioned is that this buys next to no security. A port > scan will find your service regardless of the port. > > Also, changing the port number can make your service hard to reach for > legitimate users; for example from inside my workplace the prxoy would > not permit me to reach a web site served on port 666. > > Moving port numbers around is usually pointless. Not always, just usually. This was discussed at length in several recent threads. But you are correct, at best this is security by obscurity. And any determined hacker will run a full port scan and find the port anyway. What it is good for however is keeping the vast majority of script kiddies from littering your log files with junk. This may be more useful for ssh ports than httpd ports. Plus the OP asked how and he was provided with the answer. :)
