SSH scanning on port 22

Postby meep » Wed Feb 16, 2011 10:35 pm

This is one of the most common compromises, yet systems administrators continue to use weak passwords on Unix OSes or any other OSes for that matter. :roll:

Check out the data on SANS by Top 10 ports "by Reports" on this date: 2/16/11

Without using the googles, port 1433 is related to SQL, Port 80 is web. 445 is something Windows. I don't know about 17,289.

I will have to research that one. SANS has some commonly exploited ports listed here.

Port / Reports
1. 1433 - 49956
2. 445 - 15553
3. 80 - 12992
4 . 17289 - 7960
5. 22 - 5451
Re: SSH scanning on port 22

Postby AlphaCentauri » Thu Feb 17, 2011 1:35 am

I couldn't find out about 17289 either. If you graph # of sources vs. # of targets on the Storm Center website, it looks like a couple days after a peak in targets, there is a peak in sources. I wonder if it is a port used by peer-to-peer malware of some type looking for its mothership?
