Resolved RDP Port 3389

We are considering changing port 3389 to something else to decrease the chances of someone hacking into our nine leased servers.

So the question is - what's a good number to use.

List of TCP and UDP port numbers

The above list explains alot... Is it safe to say that if a port number isn't listed that it's OK to use?

Years ago, we did a similar thing for the standard SQL port 1433 - we used 2091...

I'm thinking about using 22091 for RDP...

Thanks in advance.

 

Any port will work provided your servers are not running another service on its default port, e.g. port 80 will work so long as the servers are not running a Web server and the router(s) are not using port 80 for their Web interface. (but don't use port 80!)

However, I don't believe changing the default port will make a difference against real criminals, the hackers that could cause damage. A simple tool like nmap scans common ports and can also scan port ranges. Thus, if a default scan detects port 80, 21, 22, 3389 and common NT services' ports, but no RDP port, he can then scan the full 65,000 ports and find oddball port assignments. The initial default scan can also determine the server operating system, after which the one can scan additional known ports the system uses.

But changing the port will deter script kiddies and Chinese students in Beijing. Port 22019 will suffice just fine.

You can further check stats of any port here:
https://isc.sans.edu//port.html?port=22019

 

Thanks Tony.
Three of our nine servers were hacked and used to sent emails..... Hacked by the same people... We found the same new Win User Profiles and apps like MassSender.exe ....

We're about 99% sure we've stopped them for now... I have an IT company doing a eval of the machines and will be making recommendations etc.