SSH scanning on port 22

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

SSH scanning on port 22

Postby meep » Wed Feb 16, 2011 10:35 pm

This is one of the most common compromises, yet systems administrators continue to use weak passwords on Unix OSes or any other OSes for that matter. :roll:

Check out the data on SANS by Top 10 ports "by Reports" on this date: 2/16/11

Without using the googles, port 1433 is related to SQL, Port 80 is web. 445 is something Windows. I don't know about 17,289.

I will have to research that one. SANS has some commonly exploited ports listed here.

http://isc.sans.edu/reports.html

Port / Reports
1. 1433 - 49956
2. 445 - 15553
3. 80 - 12992
4 . 17289 - 7960
5. 22 - 5451
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: SSH scanning on port 22

Postby AlphaCentauri » Thu Feb 17, 2011 1:35 am

I couldn't find out about 17289 either. If you graph # of sources vs. # of targets on the Storm Center website, it looks like a couple days after a peak in targets, there is a peak in sources. I wonder if it is a port used by peer-to-peer malware of some type looking for its mothership?
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am


Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest

cron