Appendix B: List of Most Frequently Scanned Ports
| Service | Port | Protocol | Attack probability | Description |
|---|---|---|---|---|
| | ||||
| Reserved | 0 | TCP/UDP | High | This port can't be present—neither as a source nor as a destination port |
| 0-5 | TCP | High | Sscan scanner | |
| Echo | 7 | TCP/UDP | High | UDP attack |
| Systat | 11 | TCP | High | Information about user processes |
| Netstat | 15 | TCP | High | Network state |
| chargen | 19 | TCP/UDP | High | UDP attack |
| ftp | 20, 21 | TCP | Medium | FTP server |
| ssh | 22 | TCP | Medium-High | SSH server |
| ssh | 22 | UDP | Low | Outdated pcAnywhere version |
| telnet | 23 | TCP | High | Telnet server |
| smtp | 25 | TCP | High | Attempt of relaying e-mail or scanning the security system for vulnerabilities |
| domain | 53 | TCP | High | DNS falsification |
| tftpd | 69 | UDP | Medium-High | Alternative FTP server, lacking security mechanisms |
| finger | 79 | TCP | Low | Information about the user |
| pop-3 | 109, 110 | TCP | High | Frequently used for penetration |
| sunrpc | 111 | TCP/UDP | High | Frequently used for penetration |
| nntp | 119 | TCP | Medium-High | News server used for spam |
| ntp | 123 | UDP | Low | Network time synchronization |
| netbios-sn | 137 | TCP/UDP | Medium | Windows systems |
| netbios-dgm | 138 | TCP/UDP | Medium | Windows systems |
| netbios-ssn | 139 | TCP | Medium | Windows systems |
| imap | 143 | TCP | High | Frequently used for penetration |
| snmp | 161, 162 | UDP | Medium | Remote network administration |
| exec | 512 | TCP | High | Intranet only |
| biff | 512 | UDP | High | Intranet only |
| login | 513 | TCP | High | Intranet only |
| who | 513 | UDP | High | Intranet only |
| shell | 514 | TCP | High | Intranet only |
| syslog | 514 | UDP | High | Intranet only |
| printer | 515 | TCP | High | Intranet only |
| talk | 517 | UDP | Medium | Intranet only |
| ntalk | 518 | UDP | Medium | Intranet only |
| route | 520 | UDP | High | Routing |
| UUCP | 540 | TCP | Medium | UUCP |
| mount | 635 | UDP | High | Daemon has vulnerabilities in security system |
| socks | 1080 | TCP | High | Used for spam |
| SQL | 1114 | TCP | High | Sscan |
| openwin | 2000 | TCP | High | Open Windows |
| NFS | 2049 | TCPIUDP | High | Remote access to files |
| pcanywhere | 5632 | UDP | Low | PcAnywhere |
| X11 | 6000+n | TCP | High | X Window |
| NetBus | 12345, 12346, 20034 | TCP | High | Trojan for Windows system |
| BackOrifice | 31337 | UDP | High | Trojan for Windows system |
| Traceroute | 33434-33523 | UDP | Low | Incoming traceroute request (for Unix) |
| Ping | 8 | ICMP | Medium | Incoming ping request |
| Redirect | 5 | ICMP | High | Redirection |
| Traceroute | 11 | ICMP | Low | Outgoing traceroute request |
EAN: 2147483647
Pages: 152