Some Common High-Risk Ports
In PacketViper we will often use deception and dynamic perimeter technology to trap, observe, alert, and respond to certain patterns of traffic. One of the most invaluable tools in that sort of pattern analysis is the target or destination port that is being addressed by attackers and compromised devices.
To that end, we present some commonly targeted ports that we identify as High-Risk. These are ports that provide access to vulnerable services that host known vulnerabilities. Please note that this listing is not intended to be exhaustive or complete, but to provide a jumping off point for the creation of Triggers and Custom Rules to protect your network. See here for examples of Trigger configs.
NOTE: Some of these ports may be required for operations at your particular enterprise or in your particular industry. Always use caution when implementing rules that can ultimately block access through PacketViper!
Our High-Risk Port listing follows:
- 22/tcp (ssh/sftp)
- 23/tcp (telnet)
- 445/tcp (microsoft-ds)
- 1080/tcp (socks)
- 1433-1434/tcp (ms-sql-s)
- 1433-1434/udp (ms-sql-s)
- 3306/tcp (mysql)
- 3306/udp (mysql)
- 3389/tcp (rdp)
- 5060-5061/udp (sip)
- 53413/udp (netis)
Feel free to reach out to our support team if you feel that a service/port above has been listed in error or if you feel that our list would benefit from any additions.
Custom Rules: Purpose of Interception Rules
Within the Custom Rules, you can create rules that intercept specific types of connections. In addition craft a custom message for the source which matches the custom rules. In order for the interception to function properly, an IP address must be ...
Custom Rules: Dragging and Dropping Rules
Watch Video Within Traffic Control --> Custom Rules you can drag rules from one group to another. Simply Go to Custom Rules Left click on the rule you wish to move, hold mouse button down Drag it to the grouping and release the mouse You rule will ...
Creating a Grouping for High Risk Network Ports
PacketViper can create Network Port Groupings to apply to Countries, Global Network Lists, Custom Rules, and triggers. Below is a list of well-known malicious ports you may want to consider creating a grouping. While you could simply block these ...
NetCheck: Click and Create Rules
When you click on an IP address anywhere within PacketViper, you will launch NetCheck. Within NetCheck you can create instant rules. Once you have NetChecked an IP address you can create two types of Custom Rules, Single IP or for the network(s) it ...
PacketViper Admin Guide - Version 5.9
The v5 Admin Guide contains how-to information on configuration and policy creation scenarios as well as usage details to customize your PacketViper solution. Published: June, 2023