MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Fri, Feb 13, 2004 10:33 pm


The Internet Storm Center is listing the following as the top ten attacked ports today:

Top Attacked Ports
mydoom 3127
epmap 135
ms-sql-m 1434
netbios-ns 137
www 80
SubSeven 27374
microsoft-ds 445
socks 1080
squid-http 3128
amanda 10080

Several of these ports are assoicated with the MyDoom worm. When a system is infected by the MyDoom.A variant of the worm, the worm opens TCP ports 3127 through 3198, which explains why both of those ports are listed in the top ten attacked ports for today. A later variant of the worm, MyDoom.B may use TCP ports 80, 1080, 3128, 8080 and 10080, which may be why all of those ports, but port 8080, appear in the top ten list for today, though I would expect port 80 attacks to be high even without this worm, since port 80 is the port most commonly used by webservers.

Ports 1080 and 10080, like port 80, have additional uses other than providing a mechanism for the MyDoom worm to provide a backdoor into systems. Port 80 is used for the socks protocol. Socks is an Internet Engineering Task Force (IETF) standard proxy protocol for IP applications. The Advanced Maryland Automatic Network Disk Archiver(AMANDA) uses UDP port 10080, but not TCP port 10080. Amanda is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape drive.

[/security] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo