Port Attacks


Internet Storm Center. As part of understanding what is going on, the Internet Storm Center is a pretty amazing site. Tells you what folks are scanning and where the attacks are. Pretty frightening really.
Tells you the top attacked ports and what applications use them. Amazing that most of these are Microsoft ports:
Top Attacked Ports
|program | port |
|epmap |135 |
|netbios-ns |137 |
|ms-sql-m (slammer) |1434 |
|microsoft-ds |445 |
|www |80 |
|netbios-ssn |139 |
|ms-sql-s |1433 |
|ftp |21 |
|CrackDown |4444 |
|rtsp |55 |
"Dshield":http://dshield.org/. This is a site where you can submit your firewall logs and so folks can share intrusion information. Pretty useful. They have a neat map of the world with attacks. Also, they have "client":http://dshield.org/windows_clients.php#universal software written that will troll through logs and submit them automatically. Supports many routers.
I've used WallWatcher from Linksys that does the same thing and it has a submission module as well. They have terrific instructions for how to install a PC daemon that watches the firewall reports and then pushes them up to Dshield or anywhere else for that matter.