Port 80 and 443 are ports generally associated with "the Internet". Port 443/HTTPS is the HTTP protocol over TLS/SSL. Port 80/HTTP is the World Wide Web. Let's face it, port 80/443 are generally a given for being open on any type of filtering device allowing traffic outbound on your network. If web servers are being hosted, connections will be allowed inbound to those web servers. They are also two ports that pose a significant threat(s) to your network. |
Lorna 165 Posts ISC Handler Oct 26th 2009 |
Thread locked Subscribe |
Oct 26th 2009 1 decade ago |
Totally agree with you, traffic pattern analysis aids a great deal in counter detection. Almost a week ago I saw a spike in port 5900 (seems to cycle every 30 or so days - maybe we can use that fact against them to detect infected machines) That was only discovered through visual pattern analysis..with tools like Sphere of Influence, (note - Im biased as I designed SOI) Rumint and Davix , visualization is becoming a necessity. (hint to SANS - maybe a security course based around visualization would be cool)
thanks |
Anonymous |
Quote |
Oct 26th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!