Home » Blog » Security – How to Change the Listening Port for Remote Desktop

Security – How to Change the Listening Port for Remote Desktop

Changing the port that your host computer  listens for remote desktop connections can be an additional layer of security, when you are connecting to a single computer without using a remote desktop gateway. Changing to a non-standard port lessens the chances of bot hackers being able to test your security after the port has been forwarded to the remote pc for authentication. This is in no way a full proof method of not being hacked, but it can  reduce the chances,  as port scanners generally target commonly used ports(condensed list) such as:

  • TCP 20 and 21 (File Transfer Protocol – FTP)
  • TCP 22 (Secure Shell – SSH)
  • TCP 23 (Telnet)
  • TCP 25 (Simple Mail Transfer Protocol – SMTP)
  • TCP and UDP 53 (Domain Name System, – DNS)
  • TCP 80 (Hypertext Transfer Protocol –  HTTP)
  • TCP 110 (Post Office Protocol v3 –  POP3)
  • TCP 119 (Network News Protocol –  NNTP)
  • UDP 161 and 162 (Simple Network Management Protocol – SNMP)
  • UDP 443 (Secure Sockets Layer over HTTP –  https)
  • TCP 3389 and UDP port 3389 (Remote Desktop Protocol – RDP)

Quick Guide

  1. Start Registry Editor.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
  3. On the Edit menu, click Modify, and then click Decimal.
  4. Type the new port number, and then click OK.
  5. Quit Registry Editor.
  6. Restart the computer.
  7. Don’t forget to forward the new port from your router to your computer’s IP.