** This file is old and outdated, has not been maintained since we no 
longer run the initialattacks honeynet.. **

--h0e

  [ TCP common attacked 'legitiamte' ]
21 FTP
22 SSH
23 TELNET
53 DNS
79 FINGER
80 HTTP
109 POPv2
110 POPv3
111 PORTMAP
113 AUTH/IDENT
119 NNTP
139 SAMBA
143 IMAP
445 SAMBA
513 RSH
514 RLOGIN
515 LPD
1433 MS SQL
3128 SQUID
3389 Terminal server win2k+
5555 NAPSTER
5632 PC ANYWHERE
6000 X11
6667-6669 IRCD
6666 NAPSTER
6699 NAPSTER
7777 NAPSTER
8875 NAPSTER
8080 SQUID/PROXY
8888 NAPSTER


  [ TCP & UDP remote admin ports. ]
 22 tcp PC ANYWHERE
 22 udp PC ANYWHERE
 407 tcp TIMBUKTU
 407 udp TIMBUKTU
 799 tcp CONTROL IT
 800 tcp CONTROL IT
 800 udp CONTROL IT
 1494 tcp CITRIX ICA
 1494 udp CITRIX ICA
 2000 tcp REMOTELY ANYWHERE
 2001 tcp REMOTELY ANYWHERE
 3127-3198 tcp MyDOOM
 3389 tcp TERMINAL SERVER
 4899 tcp RADMIN
 5800-5801 tcp VNC
 5900-5901 tcp VNC
 5631 tcp PCANYWHERE
 5632 tcp PCANYWHERE
 5632 udp PCANYWHERE
 43188 tcp REACH OUT
 65301 tcp PCANYWHERE



  [ Common used TCP & UDP for worms etc. ]
 21 tcp ADMw0rm
 23 tcp w00w00
 23 tcp R00T
 23 tcp rewt
 23 tcp sm4ck
 23 tcp HidePak
 23 tcp HideSOurce
 79 tcp CDK
 80 tcp Backorafice
 139 tcp QAZ worm
 139 tcp Win Nuke
 146 tcp Infector
 445 tcp alot of worms
 555 tcp PhazeZero
 617 tcp Arkiea dos
 666 tcp satan backdoor
 666 tcp back construction
 1054 tcp ACKcmdC
 2140 udp DeepThroat
 2773 tcp Sub7 keystroke logger
 3150 udp DeepThroat
 3344 tcp MATRIX
 3345 tcp MATRIX
 4120 udp DeepThroat
 2589 tcp Dagger
 5401 tcp BackConstruction
 5402 tcp BackConstruction
 5714 tcp WinCrash
 6789 tcp DOLY
 6838 udp MSSTREAM DOS
 6969 tcp gate crasher
 7215 tcp sub7 remote terminal
 7597 tcp QAZ worm
 10498 udp MSSTREAM DOS
 12345 tcp netbus
 12346 tcp netbus
 12754 tcp MSSTREAM DOS
 15104 tcp MSSTREAM DOS
 18753 udp shaft ddos
 20034 tcp netbus
 20432 tcp shaft ddos
 20433 tcp shaft ddos
 21554 tcp girlfriend access
 23476 tcp donald dick
 27374 tcp sub7
 27444 udp Trin00
 27665 tcp Trin00
 30100 tcp NetSphere
 30101 tcp NetSphere
 30102 tcp NetSphere
 31335 udp Trin00
 31337 udp Back orrifce
 31785 udp Hack Attack
 54238 tcp sub7 remote app eavesdrop
 54320 udp Bo2k
 54321 udp Bo2k


   [ Source port on attacks. ]
 ACKcmdC port 80 tcp
 QAZ worm port 110 tcp
 Infector port 1000-1300 tcp
 Satans Backdoor port 1204 tcp
 Daggar port 2589 tcp 
 Matrix port 3344 tcp
 Matrix port 3345 tcp
 NetMetro port 5031 tcp
 NetMetro port 5032 tcp
 Sub7 port 16959 tcp
 Sub7 port 27374 tcp
 DeepThroat port 6000 udp