Recently I have analyzed scanning activity from the Internet on our ASBR routers.
Here are the most popular TCP ports being scanned (>1% of all scan attempts):
Some ports and their purpose are unknown to me.
P.S. I have found this useful resource on port scanning statistics.
P.P.S. Top scanning providers: chinanet.cn.net (21%), cnnic.cn (10%), chinaunicom.cn (8%), chinamobile.com (3%).
Here are the most popular TCP ports being scanned (>1% of all scan attempts):
| Port | Service | Percent | Purpose |
|---|---|---|---|
| 22 | ssh | 12.6877 | Shell access |
| 23 | telnet | 9.4989 | Shell access |
| 1433 | SQL server | 7.13683 | Data compromise, exploits |
| 21320 | SpyBot proxy | 5.80395 | Spam |
| 3389 | Remote Desktop | 5.71959 | Desktop access |
| 3128 | Squid Proxy | 3.88055 | Spam |
| 8080 | potential HTML proxy | 3.82993 | Spam |
| 3306 | MySQL | 3.74557 | Data compromise |
| 445 | SMB | 1.56909 | File compromise |
| 103 | ? | 1.48473 | |
| 8888 | potential HTML proxy? | 1.45099 | Spam |
| 110 | POP3 | 1.36663 | E-Mail compromise, spam |
| 20 | FTP-data | 1.33288 | FTP exploit? |
| 8000 | DVR control port | 1.14729 | DVR access |
| 3398 | ? | 1.14729 | |
| 79 | finger | 1.13042 | User identity leak |
| 789 | ? | 1.09668 | |
| 3397 | ? | 1.0798 | |
| 119 | nntp | 1.06293 | NNTP exploit |
| 3396 | ? | 1.04606 | |
| 21 | FTP | 1.04606 | File compromise |
| 465 | smtps | 1.02919 | Spam |
Some ports and their purpose are unknown to me.
P.S. I have found this useful resource on port scanning statistics.
P.P.S. Top scanning providers: chinanet.cn.net (21%), cnnic.cn (10%), chinaunicom.cn (8%), chinamobile.com (3%).
