I've bookmarked http://www.sys-security.com/html/papers/trojan_list.html and
http://www.isi.edu/in-notes/iana/assignments/port-numbersas my standard
places to check for trojans and registered ports. You might want to check
there and see if any names pop out that you'd want to add to your list. It
seems to me, however, that you're just setting yourself up to receive tons
of mail with, I'm guessing, little payback in worthwhile information for the
hassle of going through it. I get a few scans a day for some of these ports
on my cable modem at home. If you are setting this up for a network with
registered IP addresses, you'll probably get overwhelmed quickly. Maybe I'm
wrong, but this idea seems to be of marginal value to me.
Randy Graham
--
You're kind of trying to pick between "horible disaster" and "attrocious
disaster" -- Paul D. Robertson (on VNC vs. PPTP)
> -----Original Message-----
> From: Eliyah Lovkoff [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 11, 2001 10:31 AM
> To: [EMAIL PROTECTED]
> Subject: Frequently scanned ports
>
>
> I created the rule on my firewall that e-mails me when
> somebody tries to connect ot specific port on specific
> server.The idea is to choose ports frequently scanned by
> hackers and to have e-mail notification if those ports are
> scanned.Here is the list of frequently scanned ports I coosed
> for nt,nt2000 and Solaris servers. Any recommendation
> regarding the ports that should be added will be mostly appreciated.
>
> Solaris:
> 5 rje/tcp
> 7 echo
> 13 daytime
> 21 ftp
> 22 ssh/tcp
> 23 telnet
> 37 tome
> 63 whois
> 69 tftp
> 79 finger
> 95 supdup
> 143 imap
> 161 snmp
> 389 ldap
> 512 beef,rexec
> 514 syslog,rsh
> 32773-32779 RPC
>
> NT,NT2000
> 7 echo
> 13 daytime
> 15 netstat
> 21 frp
> 22 udp(pcanywahre)
> 23 telnet
> 37 time
> 63 whois
> 69 tftp
> 79 finger
> 137,138,139
> 143 imap
> 161 snmp
> 389 ldap
> 407 timbuktu
> 445 smb
> 31337 backorifice
>
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
