Handler on Duty: Deborah Hale
contact us
contact us
Your session is about to expire. Please reload or submit to avoid getting logged out.
The average time between probes will vary widely from network to network. Some of our submitters subscribe to ISPs which block ports commonly used by worms. As a result, these submitters report a much longer 'survival time'. On the other hand, University Networks and users of high speed internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your 'survival time' will be much smaller.
The main issue here is of course that the time to download critical patches will exceed this survival time. In order to help users setup new systems, refer to our guide: Windows XP: Surviving the First Day
(The 'range' option only works if a single graph is shown)
Some applications may be available on more then one oprating system. However, if they are mostly used on a particular OS, or if exploits in the wild are targeting a specific OS using this application, we add them into the respectice's OS category.
For example, ssh servers are available for Windows and Unix. Most of the ssh scanning is looking for weak passwords, not for problems with a particular ssh implementation. However, most Unix installs enable ssh by default, while for Windows it is a third party add on. Sucessful ssh exploits reported to the ISC are so far limited to Unix. As a result, port 22 is assigned to 'Unix' for the purpose of this report. Port assignments may change over time.
Not all ports are categorized, so the total will not add up to 100%. Over time, we will categorize more ports.
| Port | Service | Name | Category |
|---|---|---|---|
| 21 | ftp | File Transfer [Control] | Application |
| 22 | ssh | SSH Remote Login Protocol | Unix |
| 25 | smtp | Simple Mail Transfer | Application |
| 42 | name | Host Name Server | Windows |
| 53 | domain | Domain Name Server | Unix |
| 80 | www | World Wide Web HTTP | Application |
| 111 | sunrpc | portmapper rpcbind | Unix |
| 113 | auth | ident tap Authentication Service | Application |
| 135 | epmap | DCE endpoint resolution | Windows |
| 137 | netbios-ns | NETBIOS Name Service | Windows |
| 138 | netbios-dgm | NETBIOS Datagram Service | Windows |
| 139 | netbios-ssn | NETBIOS Session Service | Windows |
| 443 | https | HTTP protocol over TLS SSL | Application |
| 445 | microsoft-ds | Win2k+ Server Message Block | Windows |
| 515 | printer | spooler | Unix |
| 1025 | win-rpc | Windows RPC | Windows |
| 1026 | win-rpc | Windows RPC | Windows |
| 1027 | icq | icq instant messanger | Windows |
| 1433 | ms-sql-s | Microsoft-SQL-Server | Windows |
| 1434 | ms-sql-m | Microsoft-SQL-Monitor | Windows |
| 2100 | amiganetfs | amiganetfs | Application |
| 2234 | directplay | DirectPlay | P2P |
| 2967 | ssc-agent | Symantec System Center | Windows |
| 3389 | ms-term-services | MS Terminal Services | Windows |
| 4444 | CrackDown | [trojan] CrackDown | Backdoor |
| 4662 | eDonkey2000 | eDonkey2000 Server Default Port | P2P |
| 4672 | eMule | eMule / eDonkey P2P Software | P2P |
| 5554 | sasser-ftp | [trojan] Sasser Worm FTP Server | Backdoor |
| 5900 | vnc | Virtual Network Computer | Application |
| 5901 | vnc-1 | Virtual Network Computer Display :1 | Application |
| 6129 | dameware | Dameware Remote Admin | Windows |
| 6346 | gnutella-svc | gnutella-svc | P2P |
| 6881 | bittorrent | Bit Torrent P2P | P2P |
| 7561 | emule | E-Mule P2P | P2P |
| 7571 | emule | E-Mule P2P | P2P |
| 9898 | dabber | [trojan] Dabber Worm backdoor | Backdoor |
| 10000 | BackupExec | Veritas Backup Exec | Windows |
