Let us show you how PacketViper can immediately improve performance, reduce and identify threats faster, lessen logging and alerting burdens, without replacing anything. No risk or commitment required!
The data has been submitted.
The graphs presented here display high risk networks ports which have been identified and dropped on Packetviper contributors or our global honeypots.
Port Risks Explained:
RDP Could Allow Remote Code Execution Port 3389
The RDP vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. Systems that do not have the RDP server service enabled are not at risk.
SQL Injection Port 1433:
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
Portmapper Port 111
Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service.
Some broadband routers run a web server on port 8080 for remote management. WAN Administration can (and should, in most cases) be disabled using the Web Admin interface.
If you're not running web services, keep in mind that some trojans also use these ports: Reverse WWW Tunnel Backdoor - remote access/tunneling software coded in Perl, uses ports 80, 3128, 8080. Works on Unix, Linux, Solaris, AIX and OpenBSD. RingZero (a.k.a. Ring0, Trojan.PSW.Ring, RingZero.gen, Ring) - uses ports 80, 3128, 8080. Affects Windows 9x. Screen Cutter (a.k.a. Backdoor.Screencut) - uses ports 80, 8080. Mydoom.B (2004.01.28) - mass-mailing worm that opens a backdoor into the system. The backdoor makes use of TCP ports 80, 1080, 3128, 8080, and 10080.
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. References: [CVE-2012-1222] [BID-52061]
Session Initiation Protocol (SIP) (official) - SIP VoIP phones and providers use this port. Asterisk server, X-ten Lite/Pro, Ooma, Vonage (ports 5060,5061,10000-20000), Apple iChat, iTalkBB, Motorola Ojo, OpenWengo, TalkSwitch, IConnectHere, Lingo VoIP (ports 5060-5065)
Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672. References: [CVE-2011-3280]
MySQL database server connections - http://www.mysql.com
Caesar IV uses this port.
Port also used by Nemog backdoor (discovered 2004.08.16) - a backdoor trojan horse that allows an infected computer to be used as an email relay and HTTP proxy, dropped by W32.Mydoom.Q@mm. It can use one of the following ports: 3306,4242,4646,4661,6565,8080