I created the rule on my firewall that e-mails me when somebody tries to connect ot
specific port on specific server.The idea is to choose ports frequently scanned by
hackers and to have e-mail notification if those ports are scanned.Here is the list of
frequently scanned ports I coosed for nt,nt2000 and Solaris servers. Any
recommendation regarding the ports that should be added will be mostly appreciated.
Solaris:
5 rje/tcp
7 echo
13 daytime
21 ftp
22 ssh/tcp
23 telnet
37 tome
63 whois
69 tftp
79 finger
95 supdup
143 imap
161 snmp
389 ldap
512 beef,rexec
514 syslog,rsh
32773-32779 RPC
NT,NT2000
7 echo
13 daytime
15 netstat
21 frp
22 udp(pcanywahre)
23 telnet
37 time
63 whois
69 tftp
79 finger
137,138,139
143 imap
161 snmp
389 ldap
407 timbuktu
445 smb
31337 backorifice
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
