Top Scanned Ports: Week 2
Patrick Hamilton
CTO Internet 2.0 | Director & Boardmember (US) | Cybersecurity & Technology Expert | Machine Learning & Neural Network Specialist | Financial Institutions & Critical Infrastructure | Solution Architect | CISSP ?
Top Scanned Ports: Week 2
And so is of the second week, the latest of the Top Scanned Ports, and there are several change ups to the rankings.
Port 23 (Telnet) still has the lead, but Port 22 (SSH) has pull into the 6th Position, bumping out Port 80 (HTTP). Port 443 (HTTPS) has slid down to 13. Port 2222 has now risen up, coming in at 17.
Officially, Port 2222 is registered for use of EtherNet/IP-1; but this is not likely the reasoning for the scans. Rather this port is used by some systems, such as for DirectAdmin control panel for websites. Also, this port has had some use with Trojans. There appears to be no vulnerability to DirectAdmin, which increase scans could allude to. Perhaps just a check for such systems if they are in use.
Another new comer to the Top 20 is Port 8443, which is commonly associated as the default Port for Apache Tomcat. So may be good idea, if using Apache Tomcat, to check its settings and see if it may need an update or is all good to go.
The Latest Ranking of Scanned Ports for the Past Week:
Rank Port?? Ratio?? Service*
23 33044 11.26 Telnet
445 13195 4.50 NetBIOS and Microsoft SMB, Active Directory
1433 9202 3.14 MS-SQL Server Standard Port
6379 8569 2.92 Redis Server (Remote Directory Server – Database & Messaging)
3306 7563 2.58 MySQL Server
22 6705 2.28 SSH – Secured Shell for remote access
80 5888 2.01 HTTP (Unsecured general web traffic)
5555 4610 1.57 Android Debug Bridge (ADB) and Datagram Protocol
8088 4559 1.55 A popular port used for communications, such as log forwarding
8090 4549 1.55 A popular alternative to Port 80, also used for log forwarding
3389 3343 1.14 Microsoft Remote Desktop Protocol (RDP)
8080 3093 1.05 A popular alternative to Port 80
443 2935 1.00 HTTPS (Secured general web traffic)
8443 2628 0.90 Used by Apache Tomcat for SSL text service
139 2361 0.80 NetBIOS and MS-SMB
81 2334 0.80 Commonly used for VPNs, also for IoT Devices (ex: Cameras)
2222 1834 0.62 EtherNet/IP-1 and remote access systems
8081 1533 0.52 Alternate to Port 80, Admin Control for a number of services
2375 1507 0.51 Docker unencrypted communication
7547 1308 0.45 TR-069 Protocol, used for remote access to routers3
* The Listing of Services is not limited to what is provided in the table. These Services provided are of the most common and being the most likely targeted.
Will be coming up with an article about the Recyber Project, the top dog for scanning IPs in the etherspace.