Eliyah,
www.incidents.org and http://www.dshield.com/topports.html have lists of
the ten most scanned ports.
-- Joe
At 01:31 PM 5/11/01, Eliyah Lovkoff wrote:
>I created the rule on my firewall that e-mails me when somebody tries to
>connect ot specific port on specific server.The idea is to choose ports
>frequently scanned by hackers and to have e-mail notification if those
>ports are scanned.Here is the list of frequently scanned ports I coosed
>for nt,nt2000 and Solaris servers. Any recommendation regarding the ports
>that should be added will be mostly appreciated.
>
>Solaris:
>5 rje/tcp
>7 echo
>13 daytime
>21 ftp
>22 ssh/tcp
>23 telnet
>37 tome
>63 whois
>69 tftp
>79 finger
>95 supdup
>143 imap
>161 snmp
>389 ldap
>512 beef,rexec
>514 syslog,rsh
>32773-32779 RPC
>
>NT,NT2000
>7 echo
>13 daytime
>15 netstat
>21 frp
>22 udp(pcanywahre)
>23 telnet
>37 time
>63 whois
>69 tftp
>79 finger
>137,138,139
>143 imap
>161 snmp
>389 ldap
>407 timbuktu
>445 smb
>31337 backorifice
>
>
>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
