The survivaltime is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.
The average time between probes will vary widely from network to network. Some of our submitters subscribe to ISPs which block ports commonly used by worms. As a result, these submitters report a much longer 'survival time'. On the other hand, University Networks and users of high speed internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your 'survival time' will be much smaller.
The main issue here is of course that the time to download critical patches will exceed this survival time. In order to help users setup new systems, refer to our guide: Windows Vista: First Steps (a follow on to our guide "Windows XP: Surviving the First Day")
Survival Time Graph
(The 'range' option only works if a single graph is shown)
Some applications may be available on more then one oprating system. However, if they are mostly used on a particular OS, or if exploits in the wild are targeting a specific OS using this application, we add them into the respectice's OS category.
For example, ssh servers are available for Windows and Unix. Most of the ssh scanning is looking for weak passwords, not for problems with a particular ssh implementation. However, most Unix installs enable ssh by default, while for Windows it is a third party add on. Sucessful ssh exploits reported to the ISC are so far limited to Unix. As a result, port 22 is assigned to 'Unix' for the purpose of this report. Port assignments may change over time.
- Windows: Windows specific ports (e.g. File sharing)
- Unix: Unix specific ports (e.g. dns, ssh)
- Applications: Applications which are used (and vulnerable) on various operating systems
- P2P: P2P afterglow, and other false postives
- Backdoors: These ports are commonly used by backdoors and a system has to be infected with a trojan/virus in order to be vulnerable.
Not all ports are categorized, so the total will not add up to 100%. Over time, we will categorize more ports.
Currently Categorized Ports
Port Service Name Category 21 ftp File Transfer [Control] Application 22 ssh SSH Remote Login Protocol Unix 25 smtp Simple Mail Transfer Application 42 name Host Name Server Windows 53 domain Domain Name Server Unix 80 www World Wide Web HTTP Application 111 sunrpc portmapper rpcbind Unix 113 auth ident tap Authentication Service Application 135 epmap DCE endpoint resolution Windows 137 netbios-ns NETBIOS Name Service Windows 138 netbios-dgm NETBIOS Datagram Service Windows 139 netbios-ssn NETBIOS Session Service Windows 443 https HTTP protocol over TLS SSL Application 445 microsoft-ds Win2k+ Server Message Block Windows 515 printer spooler Unix 1025 win-rpc Windows RPC Windows 1026 win-rpc Windows RPC Windows 1027 icq icq instant messanger Windows 1433 ms-sql-s Microsoft-SQL-Server Windows 1434 ms-sql-m Microsoft-SQL-Monitor Windows 2100 amiganetfs amiganetfs Application 2234 directplay DirectPlay P2P 2967 ssc-agent Symantec System Center Windows 3389 ms-term-services MS Terminal Services Windows 4444 CrackDown [trojan] CrackDown Backdoor 4662 eDonkey2000 eDonkey2000 Server Default Port P2P 4672 eMule eMule / eDonkey P2P Software P2P 5554 sasser-ftp [trojan] Sasser Worm FTP Server Backdoor 5900 vnc Virtual Network Computer Application 5901 vnc-1 Virtual Network Computer Display :1 Application 6129 dameware Dameware Remote Admin Windows 6346 gnutella-svc gnutella-svc P2P 6881 bittorrent Bit Torrent P2P P2P 7561 emule E-Mule P2P P2P 7571 emule E-Mule P2P P2P 9898 dabber [trojan] Dabber Worm backdoor Backdoor 10000 BackupExec Veritas Backup Exec Windows
Click to view this page Translation to Ukraining - not hosted by ISC