Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Cyber Security Awareness Month - Day 10 - The Questionsable Ports - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Month - Day 10 - The Questionsable Ports

The Internet Storm Center is focusing on IP ports for the month of October.  I am going to continue the theme, but with a bit of a twist.  I am going to talk about a few of the ports that are usually not desirable to appear in a traffic analysis.  There are many more than I could list, the majority associated with malware.  But not all of them.  Here we go:

1214 - Limewire/Kazaa (A Peer-to-Peer application.  Not by definition malware, but not something desirable in an enterprise)

2773 - SubSeven (Trojan)

5631 - pcAnywhere (A commercial remote control application)

1863 - Numerous Microsoft applications

I want to emphasize that these listed are not necessarily bad.  The point here is awareness.  Knowledge, and management, of the ports required and permitted in the enterprise, and at home, will lead to an overall improvement of the security posture of a network.  This is where syslogs, traffic analysis, and documentation will tie everything together.

I welcome any and all thoughts, comments, questions, queries, concerns, etc.  I will post updates to this story as comments come in to the ISC.

tony d0t carothers @ isc d0t sans d0t org

Tony

150 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!