The survivaltime is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.
The average time between probes will vary widely from network to network. Some of our submitters subscribe to ISPs which block ports commonly used by worms. As a result, these submitters report a much longer 'survival time'. On the other hand, University Networks and users of high speed internet services are frequently targeted with additional scans from malware like bots. If you are connected to such a network, your 'survival time' will be much smaller.
The main issue here is of course that the time to download critical patches will exceed this survival time. In order to help users setup new systems, refer to our guide: Windows Vista: First Steps (a follow on to our guide "Windows XP: Surviving the First Day")
Survival Time Graph
(The 'range' option only works if a single graph is shown)
Some applications may be available on more then one oprating system. However, if they are mostly used on a particular OS, or if exploits in the wild are targeting a specific OS using this application, we add them into the respectice's OS category.
For example, ssh servers are available for Windows and Unix. Most of the ssh scanning is looking for weak passwords, not for problems with a particular ssh implementation. However, most Unix installs enable ssh by default, while for Windows it is a third party add on. Sucessful ssh exploits reported to the ISC are so far limited to Unix. As a result, port 22 is assigned to 'Unix' for the purpose of this report. Port assignments may change over time.
- Windows: Windows specific ports (e.g. File sharing)
- Unix: Unix specific ports (e.g. dns, ssh)
- Applications: Applications which are used (and vulnerable) on various operating systems
- P2P: P2P afterglow, and other false postives
- Backdoors: These ports are commonly used by backdoors and a system has to be infected with a trojan/virus in order to be vulnerable.
Not all ports are categorized, so the total will not add up to 100%. Over time, we will categorize more ports.
Currently Categorized Ports
|21||ftp||File Transfer [Control]||Application|
|22||ssh||SSH Remote Login Protocol||Unix|
|25||smtp||Simple Mail Transfer||Application|
|42||name||Host Name Server||Windows|
|53||domain||Domain Name Server||Unix|
|80||www||World Wide Web HTTP||Application|
|113||auth||ident tap Authentication Service||Application|
|135||epmap||DCE endpoint resolution||Windows|
|137||netbios-ns||NETBIOS Name Service||Windows|
|138||netbios-dgm||NETBIOS Datagram Service||Windows|
|139||netbios-ssn||NETBIOS Session Service||Windows|
|443||https||HTTP protocol over TLS SSL||Application|
|445||microsoft-ds||Win2k+ Server Message Block||Windows|
|1027||icq||icq instant messanger||Windows|
|2967||ssc-agent||Symantec System Center||Windows|
|3389||ms-term-services||MS Terminal Services||Windows|
|4662||eDonkey2000||eDonkey2000 Server Default Port||P2P|
|4672||eMule||eMule / eDonkey P2P Software||P2P|
|5554||sasser-ftp||[trojan] Sasser Worm FTP Server||Backdoor|
|5900||vnc||Virtual Network Computer||Application|
|5901||vnc-1||Virtual Network Computer Display :1||Application|
|6129||dameware||Dameware Remote Admin||Windows|
|6881||bittorrent||Bit Torrent P2P||P2P|
|9898||dabber||[trojan] Dabber Worm backdoor||Backdoor|
|10000||BackupExec||Veritas Backup Exec||Windows|
Click to view this page Translation to Ukraining - not hosted by ISC