From 7aa5ed3008be4f4ef8a0f17fccba60ee296019d1 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 19 Dec 2008 06:21:22 +0000
Subject: [PATCH] Update the list of cheat TCP ports from the latest
 nmap-services with frequency measurements. These commonly responsive ports
 are moved to the front of the list when randomizing ports to help us quickly
 get some timing feedback and find a timing ping probe.

The previous list was
	{ 21, 22, 23, 25, 53, 80, 113, 256, 389, 443, 554, 636, 1723, 3389 }
The new list is
	{ 80, 23, 443, 21, 22, 25, 3389, 110, 445, 139, 143, 53, 135, 113 }

The ports that were removed are
256     fw1-secureremote
389     ldap
554     rtsp
636     ldapssl
1723    pptp

The ports that were added are
110     pop3
135     msrpc
139     netbios-ssn
143     imap
445     microsoft-ds
---
 portlist.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/portlist.cc b/portlist.cc
index 7cfeedb61..bc96f63f6 100644
--- a/portlist.cc
+++ b/portlist.cc
@@ -760,7 +760,8 @@ void random_port_cheat(u16 *ports, int portcount) {
   int allportidx = 0;
   int popportidx = 0;
   int earlyreplidx = 0;
-  u16 pop_ports[] = { 21, 22, 23, 25, 53, 80, 113, 256, 389, 443, 554, 636, 1723, 3389 };
+  /* Updated 2008-12-18 from nmap-services-all. Top 14 open TCP ports plus 113. */
+  u16 pop_ports[] = { 80, 23, 443, 21, 22, 25, 3389, 110, 445, 139, 143, 53, 135, 113 };
   int num_pop_ports = sizeof(pop_ports) / sizeof(u16);
 
   for(allportidx = 0; allportidx < portcount; allportidx++) {