Imagine a house who's outside walls were nothing but
doors-after-doors, wall-to-wall, corner to corner. Most
fake, and only one real one. On a normal house, thief
tries front or back door (or breaks window) to enter
house (or uses some other vector). He still has to try a
key, pick it, or bust down the correct door when he finds
it.
Not quite a good analogy in this case. A thief would
normally recon the area and determine the suitable target. Say,
he selects your house. Seeing that many doors, he wouldn't know
which one to break or open. But like I mentioned, he would do a
reconnaissance. Check out who goes in and comes out and from which
door. Then he'd concentrate his efforts on that particular door.
A (slightly) clever thief will go for the door with the worn path
leading to it. At first glance, that doesn't analogize well to the
digital world, but in practice renumbered service ports are sometimes
made easier to use by the implementation of service-location or
redirection services which make the intruder's job just as easy.
(Renaming the administrator account doesn't achieve much is you still
permit anonymous enumeration of accounts, for instance.)
--
Much mention has been made in this thread of the Slammer worm. It's
easy to forget that many victims were utterly unaware that they had
authorized Microsoft -- or had authorized someone else to authorize
Microsoft! -- to build an SQLserver wing onto their house. They'd
no idea that that (unlocked) door *existed*, let alone whether anything
(besides the worm) would break if they reconfigured its port number.
David Gillett
