Some Common High-Risk Ports
In PacketViper we will often use deception and dynamic perimeter technology to trap, observe, alert, and respond to certain patterns of traffic. One of the most invaluable tools in that sort of pattern analysis is the target or destination port that is being addressed by attackers and compromised devices.
To that end, we present some commonly targeted ports that we identify as High-Risk. These are ports that provide access to vulnerable services that host known vulnerabilities. Please note that this listing is not intended to be exhaustive or complete, but to provide a jumping off point for the creation of Triggers and Custom Rules to protect your network. See here for examples of Trigger configs.
NOTE: Some of these ports may be required for operations at your particular enterprise or in your particular industry. Always use caution when implementing rules that can ultimately block access through PacketViper!
Our High-Risk Port listing follows:
- 22/tcp (ssh/sftp)
- 23/tcp (telnet)
- 445/tcp (microsoft-ds)
- 1080/tcp (socks)
- 1433-1434/tcp (ms-sql-s)
- 1433-1434/udp (ms-sql-s)
- 3306/tcp (mysql)
- 3306/udp (mysql)
- 3389/tcp (rdp)
- 5060-5061/udp (sip)
- 53413/udp (netis)
Feel free to reach out to our support team if you feel that a service/port above has been listed in error or if you feel that our list would benefit from any additions.
Custom Rules: Purpose of Interception Rules
Within the Custom Rules, you can create rules that intercept specific types of connections. In addition craft a custom message for the source which matches the custom rules. In order for the interception to function properly, an IP address must be ...
Custom Rules: Dragging and Dropping Rules
Watch Video Within Traffic Control --> Custom Rules you can drag rules from one group to another. Simply Go to Custom Rules Left click on the rule you wish to move, hold mouse button down Drag it to the grouping and release the mouse You rule will ...
Creating a Grouping for High Risk Network Ports
PacketViper can create Network Port Groupings to apply to Countries, Global Network Lists, Custom Rules, and triggers. Below is a list of well-known malicious ports you may want to consider creating a grouping. While you could simply block these ...
Custom Rules: Attach Country/Company Grouping
Watch Video Using Custom Rules you can attach a custom grouping to the rule if you wish to filter multiple countries and companies. You can use this method to should you want to add more control above the country and company level filtering. Use ...
Q&A Can I add multiple IP addresses in Custom Rules or Triggers
Yes. You have to create a Network Grouping, then Apply is to the source or destination network/IP. You can not separate IP addresses with commas within Source/Destination network/IP fields.