Update the list of cheat TCP ports from the latest nmap-services with frequency

measurements. These commonly responsive ports are moved to the front of the list when randomizing ports to help us quickly get some timing feedback and find a timing ping probe. The previous list was { 21, 22, 23, 25, 53, 80, 113, 256, 389, 443, 554, 636, 1723, 3389 } The new list is { 80, 23, 443, 21, 22, 25, 3389, 110, 445, 139, 143, 53, 135, 113 } The ports that were removed are 256 fw1-secureremote 389 ldap 554 rtsp 636 ldapssl 1723 pptp The ports that were added are 110 pop3 135 msrpc 139 netbios-ssn 143 imap 445 microsoft-ds
2025-12-31 20:09:02 +00:00 · 2008-12-19 06:21:22 +00:00
parent eb7fda541e
commit 7aa5ed3008
1 changed files with 2 additions and 1 deletions
--- a/portlist.cc
+++ b/portlist.cc
@@ -760,7 +760,8 @@ void random_port_cheat(u16 *ports, int portcount) {
  int allportidx = 0;
  int popportidx = 0;
  int earlyreplidx = 0;
-  u16 pop_ports[] = { 21, 22, 23, 25, 53, 80, 113, 256, 389, 443, 554, 636, 1723, 3389 };
+  /* Updated 2008-12-18 from nmap-services-all. Top 14 open TCP ports plus 113. */
+  u16 pop_ports[] = { 80, 23, 443, 21, 22, 25, 3389, 110, 445, 139, 143, 53, 135, 113 };
  int num_pop_ports = sizeof(pop_ports) / sizeof(u16);

  for(allportidx = 0; allportidx < portcount; allportidx++) {