Why you should be clever, and shouldn’t use default ports [RESPONSE TO SHODAN]

From a security point of perspective, I do not understand why Shodan claims that it is wise to use default and standard ports, using default ports only makes it harder for security professionals to find anomalies in their network.

Lets for example take the SSH service. The SSH service usually runs on port 22, this is widely known by people which are actively involved in the IT world. So, it is not a big wonder, that a lot of malicious scanners (hackers) will scan the web for vulnerable SSH services which run on port 22.

ssh blocklist

But if we go a step further, once you take a look at the behavior of malware, you will see that a lot of malware will try to connect to the threat actors C&C by using default ports. So an IT environment which does not use default ports, will allow the security professional to identify the malware connection in a faster pace by searching for “default” ports and anomalies in the network connections which are not used in the IT environment.