Why rely on your firewall to tell you when ports are being hit? What will
happen when the next "latest and greatest" exploit comes out and it isn't in
your ACL? You will not know when you are being scanned.
If you really want to know when you are being port scanned, you should run
something on the host machine, like port sentry.
-----Original Message-----
From: Eliyah Lovkoff [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 12:31 PM
To: [EMAIL PROTECTED]
Subject: Frequently scanned ports
I created the rule on my firewall that e-mails me when somebody tries to
connect ot specific port on specific server.The idea is to choose ports
frequently scanned by hackers and to have e-mail notification if those ports
are scanned.Here is the list of frequently scanned ports I coosed for
nt,nt2000 and Solaris servers. Any recommendation regarding the ports that
should be added will be mostly appreciated.
Solaris:
5 rje/tcp
7 echo
13 daytime
21 ftp
22 ssh/tcp
23 telnet
37 tome
63 whois
69 tftp
79 finger
95 supdup
143 imap
161 snmp
389 ldap
512 beef,rexec
514 syslog,rsh
32773-32779 RPC
NT,NT2000
7 echo
13 daytime
15 netstat
21 frp
22 udp(pcanywahre)
23 telnet
37 time
63 whois
69 tftp
79 finger
137,138,139
143 imap
161 snmp
389 ldap
407 timbuktu
445 smb
31337 backorifice
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
