Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC Survival Time


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Summary

The survivaltime is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.

The average time between probes will vary widely from network to network. Some of our submitters subscribe to ISPs which block ports commonly used by worms. As a result, these submitters report a much longer 'survival time'. On the other hand, University Networks and users of high speed internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your 'survival time' will be much smaller.

The main issue here is of course that the time to download critical patches will exceed this survival time. In order to help users setup new systems, refer to our guide: Windows Vista: First Steps (a follow on to our guide "Windows XP: Surviving the First Day")

Survival Time Graph

Jan 01 5 min Jan 02 6 min Jan 03 6 min Jan 04 6 min Jan 05 5 min Jan 06 6 min Jan 07 6 min Jan 08 7 min Jan 09 6 min Jan 10 6 min Jan 11 5 min Jan 12 5 min Jan 13 4 min Jan 14 5 min Jan 15 5 min Jan 16 10 min Jan 17 25 min Jan 18 6 min Jan 19 5 min Jan 20 4 min Jan 21 5 min Jan 22 5 min Jan 23 59 min Jan 24 5 min Jan 25 4 min Jan 26 5 min Jan 27 5 min Jan 28 24 min Jan 29 5 min Jan 30 4 min Jan 31 4 min Feb 01 3 min Feb 02 4 min Feb 03 4 min Feb 04 5 min Feb 05 5 min Feb 06 4 min Feb 07 4 min Feb 08 4 min Feb 09 4 min Feb 10 4 min Feb 11 4 min Feb 12 3 min Feb 13 16 min Feb 14 4 min Feb 15 4 min Feb 16 4 min Feb 17 3 min Feb 18 3 min Feb 19 3 min Feb 20 3 min Feb 21 3 min Feb 22 3 min Feb 23 3 min Feb 24 3 min Feb 25 3 min Feb 26 3 min Feb 27 3 min Feb 28 3 min Mar 01 3 min Mar 02 3 min Mar 03 3 min Mar 04 3 min Mar 05 2 min Mar 06 2 min Mar 07 2 min Mar 08 2 min Mar 09 2 min Mar 10 1 min Mar 11 3 min Mar 12 3 min Mar 13 3 min Mar 14 3 min Mar 15 4 min Mar 16 4 min Mar 17 3 min Mar 18 4 min Mar 19 3 min Mar 20 66 min Mar 21 9 min Mar 22 9 min Mar 23 3 min Mar 24 7 min Mar 25 3 min Mar 26 3 min Mar 27 3 min Mar 28 3 min Mar 29 3 min Mar 30 3 min Mar 31 10 min Apr 01 31 min Apr 02 10 min Apr 03 21 min Apr 04 91 min Apr 05 5 min Apr 06 4 min Apr 07 3 min Apr 08 3 min Apr 09 3 min Apr 10 2 min Apr 11 3 min Apr 12 3 min Apr 13 3 min Apr 14 3 min Apr 15 13 min Apr 16 61 min Apr 17 1 min Apr 18 2 min Apr 19 2 min Apr 20 1 min Apr 21 2 min Apr 22 3 min Apr 23 2 min Apr 24 2 min Apr 25 3 min Apr 26 3 min Apr 27 4 min Apr 28 2 min Apr 29 1 min Apr 30 1 min May 01 1 min May 02 1 min May 03 1 min May 04 1 min May 05 1 min May 06 1 min May 07 1 min May 08 1 min May 09 0 min May 10 0 min May 11 0 min May 12 1 min May 13 13 min May 14 1 min May 15 1 min May 16 1 min May 17 1 min May 18 1 min May 19 1 min May 20 1 min May 21 1 min May 22 1 min May 23 1 min May 24 1 min May 25 1 min May 26 2 min May 27 1 min May 28 1 min May 29 2 min May 30 1 min May 31 1 min Jun 01 1 min Jun 02 1 min Jun 03 1 min Jun 04 1 min Jun 05 1 min Jun 06 1 min Jun 07 0 min Jun 08 1 min Jun 09 1 min Jun 10 1 min Jun 11 1 min Jun 12 1 min Jun 13 1 min Jun 14 1 min Jun 15 1 min Jun 16 1 min Jun 17 1 min Jun 18 1 min Jun 19 2 min Jun 20 2 min Jun 21 2 min Jun 22 3 min Jun 23 2 min Jun 24 2 min Jun 25 2 min Jun 26 2 min Jun 27 2 min Jun 28 2 min Jun 29 2 min Jun 30 2 min Jul 01 3 min Jul 02 2 min Jul 03 2 min Jul 04 3 min Jul 05 3 min Jul 06 4 min Jul 07 4 min Jul 08 4 min Jul 09 4 min Jul 10 2 min Jul 11 3 min Jul 12 2 min Jul 13 3 min Jul 14 2 min Jul 15 3 min Jul 16 3 min Jul 17 3 min Jul 18 3 min Jul 19 6 min Jul 20 5 min Jul 21 5 min Jul 22 6 min Jul 23 5 min Jul 24 5 min Jul 25 4 min Jul 26 5 min Jul 27 3 min Jul 28 2 min Jul 29 4 min Jul 30 3 min Jul 31 4 min Aug 01 4 min Aug 02 3 min Aug 03 3 min Aug 04 5 min Aug 05 4 min Aug 06 3 min Aug 07 2 min Aug 08 4 min Aug 09 1 min Aug 10 1 min Aug 11 4 min Aug 12 4 min Aug 13 10 min Aug 14 3 min Aug 15 3 min Aug 16 5 min Aug 17 5 min Aug 18 5 min Aug 19 6 min Aug 20 6 min Aug 21 6 min Aug 22 6 min Aug 23 7 min Aug 24 5 min Aug 25 7 min Aug 26 5 min Aug 27 5 min Aug 28 5 min Aug 29 4 min Aug 30 3 min Aug 31 5 min Sep 01 3 min Sep 02 3 min Sep 03 4 min Sep 04 4 min Sep 05 3 min Sep 06 3 min Sep 07 3 min Sep 08 3 min Sep 09 4 min Sep 10 4 min Sep 11 5 min Sep 12 5 min Sep 13 5 min Sep 14 4 min Sep 15 4 min Sep 16 3 min Sep 17 5 min Sep 18 3 min Sep 19 3 min Sep 20 5 min Sep 21 6 min Sep 22 4 min Sep 23 3 min Sep 24 6 min Sep 25 3 min Sep 26 3 min Sep 27 4 min Sep 28 5 min Sep 29 7 min Sep 30 6 min Oct 01 4 min Oct 02 8 min Oct 03 7 min Oct 04 7 min Oct 05 8 min Oct 06 7 min Oct 07 5 min Oct 08 5 min Oct 09 4 min Oct 10 4 min Oct 11 4 min Oct 12 7 min Oct 13 5 min Oct 14 5 min Oct 15 5 min Oct 16 5 min Oct 17 3 min Oct 18 5 min Oct 19 7 min Oct 20 6 min Oct 21 6 min Oct 22 6 min Oct 23 5 min Oct 24 6 min Oct 25 6 min Oct 26 6 min Oct 27 6 min Oct 28 7 min Oct 29 6 min Oct 30 6 min Oct 31 2 min Nov 01 1 min Nov 02 6 min Nov 03 4 min Nov 04 3 min Nov 05 3 min Nov 06 4 min Nov 07 4 min Nov 08 4 min Nov 09 3 min Nov 10 3 min Nov 11 2 min Nov 12 2 min Nov 13 3 min Nov 14 3 min Nov 15 4 min Nov 16 4 min Nov 17 4 min Nov 18 4 min Nov 19 4 min Nov 20 4 min Nov 21 4 min Nov 22 5 min Nov 23 4 min Nov 24 1 min Nov 25 2 min Nov 26 3 min Nov 27 4 min Nov 28 5 min Nov 29 4 min Nov 30 4 min Dec 01 4 min Dec 02 5 min Dec 03 5 min Dec 04 5 min Dec 05 5 min Dec 06 5 min Dec 07 5 min Dec 08 4 min Dec 09 4 min Dec 10 5 min Dec 11 6 min Dec 12 5 min Dec 13 6 min Dec 14 5 min Dec 15 5 min Dec 16 6 min Dec 17 4 min Dec 18 6 min Dec 19 5 min Dec 20 5 min Dec 21 4 min Dec 22 5 min Dec 23 4 min Dec 24 5 min Dec 25 6 min Dec 26 5 min Dec 27 5 min Dec 28 4 min Dec 29 4 min Dec 30 5 min Dec 31 5 min Feb 29 6 min

(The 'range' option only works if a single graph is shown)

  • Start Date:
  • End Date:
  • Show Range:Yes No
  • show Cumulative graph
  • show Windows graph
  • show Unix graph
  • show Applications graph
  • show P2P graph
  • show Backdoors graph

Categories

Some applications may be available on more then one oprating system. However, if they are mostly used on a particular OS, or if exploits in the wild are targeting a specific OS using this application, we add them into the respectice's OS category.

For example, ssh servers are available for Windows and Unix. Most of the ssh scanning is looking for weak passwords, not for problems with a particular ssh implementation. However, most Unix installs enable ssh by default, while for Windows it is a third party add on. Sucessful ssh exploits reported to the ISC are so far limited to Unix. As a result, port 22 is assigned to 'Unix' for the purpose of this report. Port assignments may change over time.

  • Windows: Windows specific ports (e.g. File sharing)
  • Unix: Unix specific ports (e.g. dns, ssh)
  • Applications: Applications which are used (and vulnerable) on various operating systems
  • P2P: P2P afterglow, and other false postives
  • Backdoors: These ports are commonly used by backdoors and a system has to be infected with a trojan/virus in order to be vulnerable.

Not all ports are categorized, so the total will not add up to 100%. Over time, we will categorize more ports.

Currently Categorized Ports

PortServiceNameCategory
21 ftpFile Transfer [Control]Application
22 sshSSH Remote Login ProtocolUnix
25 smtpSimple Mail TransferApplication
42 nameHost Name ServerWindows
53 domainDomain Name ServerUnix
80 wwwWorld Wide Web HTTPApplication
111 sunrpcportmapper rpcbindUnix
113 authident tap Authentication ServiceApplication
135 epmapDCE endpoint resolutionWindows
137 netbios-nsNETBIOS Name ServiceWindows
138 netbios-dgmNETBIOS Datagram ServiceWindows
139 netbios-ssnNETBIOS Session ServiceWindows
443 httpsHTTP protocol over TLS SSLApplication
445 microsoft-dsWin2k+ Server Message BlockWindows
515 printerspoolerUnix
1025 win-rpcWindows RPCWindows
1026 win-rpcWindows RPCWindows
1027 icqicq instant messangerWindows
1433 ms-sql-sMicrosoft-SQL-ServerWindows
1434 ms-sql-mMicrosoft-SQL-MonitorWindows
2100 amiganetfsamiganetfsApplication
2234 directplayDirectPlayP2P
2967 ssc-agentSymantec System CenterWindows
3389 ms-term-servicesMS Terminal ServicesWindows
4444 CrackDown[trojan] CrackDownBackdoor
4662 eDonkey2000eDonkey2000 Server Default PortP2P
4672 eMuleeMule / eDonkey P2P SoftwareP2P
5554 sasser-ftp[trojan] Sasser Worm FTP ServerBackdoor
5900 vncVirtual Network ComputerApplication
5901 vnc-1Virtual Network Computer Display :1Application
6129 damewareDameware Remote AdminWindows
6346 gnutella-svcgnutella-svcP2P
6881 bittorrentBit Torrent P2PP2P
7561 emuleE-Mule P2PP2P
7571 emuleE-Mule P2PP2P
9898 dabber[trojan] Dabber Worm backdoorBackdoor
10000 BackupExecVeritas Backup ExecWindows

Click to view this page Translation to Ukraining - not hosted by ISC