[Buluemoon]

Below is a list of ports being exploited in the US on Jan. 11 2004 and the number ofattacks according to:
http://www.dshield.o...hp?continent=NA
*The known service or Hack was added from info gathered during research with google.

Ports being hacked:



PORT----------# of Attacks-----KNOWN Service or Hack

25--------------43387 -----------SMTP (Send Mail Transfer Protocol)
53--------------128664-----------DNS (Domain Name Service)
80--------------137420-----------HTTP (HyperText Transfer Protocol)
81--------------15064
123------------31240-------------NTP (Network Time Protocol)
135------------2704749
137------------297933-----------NetBIOS-ns
139------------92696-------------NetBIOS
389------------37762-------------LDAP (Lightweight Directory Access Protocol)
445------------210449------------SMB (NetBIOS over TCP)
554------------12857-------------Real Time Stream Control Protocol (RTSP)
593------------122949
901------------91484
1024-----------14706
1214-----------13895
1433-----------266351-----------Microsoft SQL Server
1434-----------218249-----------Microsoft SQL Monitor
2503-----------43114
3531-----------34000
4000-----------41466-------------ICQ, port4000
4444-----------19433-------------Backdoor.Oracle
6129-----------202047------------Dameware
6346-----------16390
6667-----------13059
7000-----------12967-------------Andrew File System (AFS) file server
173000--------104596
27374----------41929
32780----------19546
41170----------691228


I would like to make this complete by finding out which Exploits are being
used on each of these ports. I believe this could be used as a good tool to
learn more about these exploits and security issues related to securingour computers. I will update this list as my research and your feedback
produce new info.

There were several other ports listed but I have only listed those with 10,000
or more attacks.

Thanks for any and all feedback and help.

[PSR]

Gargamel, on Jan 12 2004, 10:01 AM, said:

as i understand you search for what the ports are?!

search in google for portlist and you will find it...

e.g.: http://www.diabolo66...tools/ports.htm

no that not what he wants to know . it's just a list with ports which exploits connect on and thats what the list is for. something like a reference guide.

[andydis]

off top of my head, 6667 irc, 27374 backoriface i think 135 is netbios again (dcom exploit) 81 is also http,

[pinky]

27374 was the default port for sub7 version 2.1 and lower but lower than version 1.7 was port 1243
version 2.2 changed to 6667

i think

Sub7, ahh them were the days :)

[pinky]

Found this site, thought it might be useful

http://www.bekkoame.ne.jp/~s_ita/port/

[raif]

or....if you are in linux, just do this:

cat /etc/services

it will tell you what services normally go with what ports ;)