On 26-Jun-01 Geordon VanTassle wrote:
Does anyone know where I can find a listing of ports that are commonly (known) as far as attack attempts?
If you're looking for statistics showing the most recent port probes/scans currently found on the internet you may want to take a look at www.cert.org/current/current_activity.html . Nicely formatted tables, together with links to CERT vulnerability notes and more.
I know that /etc/services.ini is where I can find what I'm supposed to have LOCALLY, but I'm looking for "more" information. I hope that makes sense to someone other than me...
There seems to be an ongoing misunderstanding of the file /etc/services. This file does not, in any way whatsoever, actively start/stop or provide any services at all. From the services(5) man page: "services is a plain ASCII file providing a mapping between friendly textual names for internet services, and their underlying assigned port numbers and protocol types. Every networking program should look into this file to get the port number (and protocol) for its service."
Any suggestions would be appreciated.
For a complete listing of all well-known/assigned ports, look at IANA's web pages at www.iana.org/assignments/port-numbers .
Thanks, Geordon
---
Boris Lorenz