I built a new inbound ports display https://gw.ampr.org/router/ports.svg which shows a significant amount of traffic that SANS and others identify as being aimed at vulnerable ports on various pieces of equipment.
I don't want to just block them, as they have legitimate uses, but if you're running your own firewall, you might want to block them yourself if you don't have any need for the legitimate use. - Brian
are these the top active 22 ?
How the mechanism work ? are u enter a table of what port to display ? or it displayed the most 20 active ?
if it is frpm a type of manual table is there any way to get the real 22 active ports/protocole ?
is there any option to make it a bit more wide say 100 most active ports ?
________________________________
I built a new inbound ports display https://gw.ampr.org/router/ports.svg
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Fri, May 19, 2017 at 09:31:10AM +0000, R P wrote:
are these the top active 22 ? How the mechanism work ? are u enter a table of what port to display ? or it displayed the most 20 active ? if it is frpm a type of manual table is there any way to get the real 22 active ports/protocole ? is there any option to make it a bit more wide say 100 most active ports ?
It is a listing of the ports which contributed 1% or more of the inbound activity during the sample. - Brian
I've changed that to 0.5% and more port bars appeared in the chart. Any smaller limit led to too crowded a display. - Brian
On Fri, May 19, 2017 at 03:31:34AM -0700, Brian Kantor wrote:
It is a listing of the ports which contributed 1% or more of the inbound activity during the sample.
-
Brian Kantor -
R P