Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why do people use non-standard ports for public internet-facing services?

To me it just smells of "we don't have enough public IP's, and still manage our network with port-forwarding rather than a proper application level loadbalancer".

That matches my observations that 'ancilery'services frequently seem to be on non-standard ports - like the employee login portal, the company webchat service, the analytics service, etc.



> we don't have enough public IP's

I mean, we kinda knew that already. Port numbers give you a free 16-bit address space per public IP, that's nothing to sneeze at.


Security through obscurity is one reason. A lot of script kiddies will blast away at services on well known ports. Simply changing the port off the default cuts down on a lot of script based attacks, inhibits generic port scans, and makes it easier to differentiate a deliberate, human attacker from a script.

In this specific case, I don't know. Perhaps rotating through ephemeral ports is done to mess with simple traffic filtering rules on firewalls?


To me it smells of "we are running some random app server as a non-profit user and need to bind to a high numbered port"


I didn't know non-profits weren't allowed high number ports! Jk but funny typo.


I think he actually meant non-prophet, as only the privileged priest caste are allowed to use those lower ports.


Old school network engineers are more comfortable with firewall rules and routing tables than nginx configs?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: