by   May 02 2012   
Port Scans, Port Probes, Port Discovery, Port Silent, Port Open, Port Closed, Ports and Ports of Call. Scans are going to happen no matter what you do. Are you monitoring the trends? I mean really looking at what they are looking for? Notice anything lately? No? Check again. You might be overlooking some security details.

Probe, 1, Probe, 2, Probe, 3, Repeat, Sound Off Ports!

What interest does the following probe have with ports 2301,2479,3246,8000,8090 etc.

(7-20-2011 Reposted from achieves because the trend this year is very different.)

To help keep IT Administrators and Technical professionals in the business up on their game we need to review current issues and share information. Here is one of the questions we have seen asked by many IT Pros. Now it might be a good time to answer them

No trick questions here.

What are the following port probes looking for?

2301,2479,3246,8000,8085,8090,9000,9090,9415,27977

Post your answer or answers in the comments box.

This should be something you see each and every day.

Also post your method of closing, hiding, blocking ports in Windows.

From WikiPedia

PORT Description and Useage of UDP and TCP ports
2301 TCP HP System Management Redirect to port 2381 (Unofficial)
2479  
3246  
8000
  1. UDP iRDMI (Intel Remote Desktop Management Interface)[65]sometimes erroneously used instead of port 8080 Official
  2. iRDMI (Intel Remote Desktop Management Interface)[65] sometimes erroneously used instead of port 8080 Official
  3. TCP Commonly used for internet radio streams such as those using SHOUTcast
8085  
9000
  1. TCP Buffalo LinkSystem Web access Unofficial
  2. TCP DBGp Unofficial
  3. TCP SqueezeCenter web server and streaming Unofficial
9090
  1. TCP Webwasher, Secure Web, McAfee Web Gateway - Default Proxy Port Unofficial
  2. Openfire Administration Console Unofficial
  3. SqueezeCenter control (CLI) Unofficial
9415  
27977 (Most likely a online game port.)
5222 Google Chrome bookmarks, etc. sync.
   
   
   
   
   
   
   
   
   

The above reference is from Wikipedia.org.

Update: I've gone back over about 12 years worth of logs and thought it might be a good idea to do some pattern matching. Not that I can match a pattern but I sure can see when ports come up on the radar it normally means something behind them isn't right. How about you? Find any interesting ports that your network depends on?

That's the drawback to it all, if you use the ports you don't monitor them like you would monitor ports you don't use. So why not monitor my ports that I don't monitor and I'll do the same for you? Wait, that means a second monitoring system and another log in the main logging server. I think I have it, a box setup on the ports you use but not used.
Now I remember....

It's called a Honey Pot!

Coming soon to a router, firewall near you and reports will be published so be good and go easy on the research.

 

 

Port Scans, Port Probes, Port Discovery, Port Silent, Port Open, Port Closed, Ports and Ports of Call. Scans are going to happen no matter what you do. Are you monitoring the trends? I mean really looking at what they are looking for? Notice anything lately? No? Check again. You might be overlooking some security details.