DOCSLIB.ORG

A Botnet Needle in a Virtual Haystack

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Botnet Needle in a Virtual Haystack ANGLIA RUSKIN UNIVERSITY FACULTY OF SCIENCE AND TECHNOLOGY A BOTNET NEEDLE IN A VIRTUAL HAYSTACK MARK GRAHAM A thesis in partial fulfilment of the requirements of Anglia Ruskin University for the degree of Doctor of Philosophy Submitted: June 2017 Acknowledgements This dissertation was prepared in part fulfilment of the requirements of the degree of Doctor of Philosophy under the supervision of Adrian Winckles and Dr Erika Sanchez-Velazquez at Anglia Ruskin University. This Ph.D. journey would not have been possible without the support that I have received from many people. In particular, I express huge gratitude to my first supervisor Adrian Winckles for his inspiration and support. Adrian has been a mentor to me for many years. A huge thank you also to my second supervisor Dr. Erika Sanchez for her encouragement and motivation. I also extend my thanks to Chris Holmes for his friendship and companionship during my years spent at Anglia Ruskin University. I gratefully acknowledge the funding I received for my Ph.D. from Anglia Ruskin University. Sincere thanks goes to my head of department, Professor Marcian Cirstea for his guidance and advice. May I express my thanks to other members of the department, especially my fellow Ph.D. students; Mohamed Kettouch and Dr. Arooj Fatima. This work is dedicated to Samantha who is always there to listen. i ANGLIA RUSKIN UNIVERSITY ABSTRACT FACULTY OF SCIENCE AND TECHNOLOGY DOCTOR OF PHILOSOPHY Abstract A BOTNET NEEDLE IN A VIRTUAL HAYSTACK MARK GRAHAM JUNE 2017 The Cloud Security Alliance’s 2015 Cloud Adoption Practices and Priorities Survey reports that 73% of global IT professionals cite security as the top challenge holding back cloud services adoption. Malware with the capabilities to jump between the abstracted virtual infrastructures found within cloud service provider networks heightens the threat from botnet attack upon a cloud infrastructure. This research project aimed to provide a novel methodological approach for capturing communication traffic between botnets. The originality of this study comes from the application of standards-based IPFIX flow export protocol as a traffic capture mechanism. The first contribution to knowledge is a critical investigation into how IPFIX export overcomes the limitations of traditional NetFlow-based botnet communication traffic capture in cloud provider networks. The second contribution is the BotProbe IPFIX template, comprising eleven IANA IPFIX information elements. Field occupancy count and Spearman’s Rank correlation on 25 million botnet flows created an IPFIX template tailored specifically for botnet traffic capture. The third contribution is BotStack, a modular, non-intrusive IPFIX monitoring framework, created upon Xen hypervisor and virtual switched platforms, to incorporate IPFIX export into existing cloud stacks. The fourth contribution is compelling empirical evidence from weighted- factor observation across multiple network vantage points, that siting IPFIX exporters on the host hypervisor provides maximum traffic visibility. BotProbe performs on average 26.73%±0.03% quicker than traditional NetFlow v5, with 14.06%±0.01% less storage requirements. BotProbe can be extended with additional application layer attributes, for use in less privacy sensitive environments. Both novel IPFIX templates were tested on the BotStack framework, capturing four distinct traffic profiles in the life cycle of a Zeus botnet. The techniques developed in this research can be repurposed to create IPFIX traffic capture templates for most Cybersecurity threats, including DDoS and spam, turning behavioural-based traffic capture from a big data challenge into a manageable data solution. Keywords: botnet detection, cloud service provider, ipfix, netflow, traffic capture ii Contents Abstract ........................................................................................................................... ii List of Figures .................................................................................................................. v List of Tables ................................................................................................................... vi List of Acronyms ............................................................................................................ vii List of Publications ....................................................................................................... viii Copyright ........................................................................................................................ ix 1. Introduction ................................................................................................................ 1 1.1 Motivation ..................................................................................................................... 2 1.2 Research Aim ................................................................................................................. 4 1.3 Research Hypothesis, Objectives and Boundaries ......................................................... 4 1.4 Research Methodology .................................................................................................. 6 1.5 Ethical Considerations ................................................................................................... 9 1.6 A Summary of the Contributions to Knowledge .......................................................... 10 1.7 Thesis Structure and Organisation ............................................................................... 11 2. Technological Review ................................................................................................ 12 2.1 Introduction ................................................................................................................. 12 2.2 Botnet Fundamentals .................................................................................................. 13 2.3 A Review of the Limitations of Botnet Detection Techniques ..................................... 14 2.4 A Review of Botnet Mitigation Legislation and Responsibility .................................... 16 2.5 A Review of the Cloud as an Attack Platform .............................................................. 17 2.6 A Review of the Cloud as an Attack Surface ................................................................ 19 2.7 A Model for Attacking a Cloud Infrastructure ............................................................. 21 2.8 Summary ...................................................................................................................... 24 3. An Overview of Flow Export ...................................................................................... 25 3.1 Introduction ................................................................................................................. 25 3.2 A Brief History of Flow ................................................................................................. 26 3.3 Flow Export Architecture ............................................................................................. 27 3.4 IPFIX Compared with NetFlow ..................................................................................... 28 3.5 Flow Export Compared with Packet Capture ............................................................... 36 3.6 Flow-Based Botnet Detection ...................................................................................... 38 3.7 Summary ...................................................................................................................... 45 4. BotProbe: A Novel IPFIX Template for Botnet Traffic Capture ................................. 47 4.1 Introduction ................................................................................................................. 47 4.2 IPFIX Template Customisation ..................................................................................... 48 4.3 BotProbe IPFIX Template Creation Methodology........................................................ 49 4.4 Information Elements Results ...................................................................................... 58 4.5 Enterprise Elements Results ........................................................................................ 63 4.6 Presenting the BotProbe IPFIX Templates ................................................................... 72 4.7 Discussion of the BotProbe IPFIX Templates ............................................................... 74 4.8 BotProbe Performance Test Methodology .................................................................. 86 4.9 BotProbe Performance Results .................................................................................... 95 4.10 Discussion of BotProbe Performance ........................................................................ 97 iii 4.11 Summary .................................................................................................................... 99 5. BotStack: A Novel IPFIX Framework ........................................................................ 101 5.1 Introduction ............................................................................................................... 101 5.2 Design Considerations for IPFIX Export in a CSP Environment .................................. 101 5.3 Presenting BotStack: An IPFIX Framework for CSPs .................................................. 113 5.4 Probe Positioning Test Methodology
Load more

Recommended publications
  • Cheat Sheet – Common Ports (PDF)
    COMMON PORTS packetlife.net TCP/UDP Port Numbers 7 Echo 554 RTSP 2745 Bagle.H 6891-6901 Windows Live 19 Chargen 546-547 DHCPv6 2967 Symantec AV 6970 Quicktime 20-21 FTP 560 rmonitor 3050 Interbase DB 7212 GhostSurf 22 SSH/SCP 563 NNTP over SSL 3074 XBOX Live 7648-7649 CU-SeeMe 23 Telnet 587 SMTP 3124 HTTP Proxy 8000 Internet Radio 25 SMTP 591 FileMaker 3127 MyDoom 8080 HTTP Proxy 42 WINS Replication 593 Microsoft DCOM 3128 HTTP Proxy 8086-8087 Kaspersky AV 43 WHOIS 631 Internet Printing 3222 GLBP 8118 Privoxy 49 TACACS 636 LDAP over SSL 3260 iSCSI Target 8200 VMware Server 53 DNS 639 MSDP (PIM) 3306 MySQL 8500 Adobe ColdFusion 67-68 DHCP/BOOTP 646 LDP (MPLS) 3389 Terminal Server 8767 TeamSpeak 69 TFTP 691 MS Exchange 3689 iTunes 8866 Bagle.B 70 Gopher 860 iSCSI 3690 Subversion 9100 HP JetDirect 79 Finger 873 rsync 3724 World of Warcraft 9101-9103 Bacula 80 HTTP 902 VMware Server 3784-3785 Ventrilo 9119 MXit 88 Kerberos 989-990 FTP over SSL 4333 mSQL 9800 WebDAV 102 MS Exchange 993 IMAP4 over SSL 4444 Blaster 9898 Dabber 110 POP3 995 POP3 over SSL 4664 Google Desktop 9988 Rbot/Spybot 113 Ident 1025 Microsoft RPC 4672 eMule 9999 Urchin 119 NNTP (Usenet) 1026-1029 Windows Messenger 4899 Radmin 10000 Webmin 123 NTP 1080 SOCKS Proxy 5000 UPnP 10000 BackupExec 135 Microsoft RPC 1080 MyDoom 5001 Slingbox 10113-10116 NetIQ 137-139 NetBIOS 1194 OpenVPN 5001 iperf 11371 OpenPGP 143 IMAP4 1214 Kazaa 5004-5005 RTP 12035-12036 Second Life 161-162 SNMP 1241 Nessus 5050 Yahoo! Messenger 12345 NetBus 177 XDMCP 1311 Dell OpenManage 5060 SIP 13720-13721
    [Show full text]
  • Netcat and Trojans/Backdoors
    Netcat and Trojans/Backdoors ECE4883 – Internetwork Security 1 Agenda Overview • Netcat • Trojans/Backdoors ECE 4883 - Internetwork Security 2 Agenda Netcat • Netcat ! Overview ! Major Features ! Installation and Configuration ! Possible Uses • Netcat Defenses • Summary ECE 4883 - Internetwork Security 3 Netcat – TCP/IP Swiss Army Knife • Reads and Writes data across the network using TCP/UDP connections • Feature-rich network debugging and exploration tool • Part of the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions. • UNIX and Windows versions available at: http://www.atstake.com/research/tools/network_utilities/ ECE 4883 - Internetwork Security 4 Netcat • Designed to be a reliable “back-end” tool – to be used directly or easily driven by other programs/scripts • Very powerful in combination with scripting languages (eg. Perl) “If you were on a desert island, Netcat would be your tool of choice!” - Ed Skoudis ECE 4883 - Internetwork Security 5 Netcat – Major Features • Outbound or inbound connections • TCP or UDP, to or from any ports • Full DNS forward/reverse checking, with appropriate warnings • Ability to use any local source port • Ability to use any locally-configured network source address • Built-in port-scanning capabilities, with randomizer ECE 4883 - Internetwork Security 6 Netcat – Major Features (contd) • Built-in loose source-routing capability • Can read command line arguments from standard input • Slow-send mode, one line every N seconds • Hex dump of transmitted and received data • Optional ability to let another program service established connections • Optional telnet-options responder ECE 4883 - Internetwork Security 7 Netcat (called ‘nc’) • Can run in client/server mode • Default mode – client • Same executable for both modes • client mode nc [dest] [port_no_to_connect_to] • listen mode (-l option) nc –l –p [port_no_to_connect_to] ECE 4883 - Internetwork Security 8 Netcat – Client mode Computer with netcat in Client mode 1.
    [Show full text]
  • Tecnología Thin Client Sistemas Informáticos
    2010 Tecnología Thin Client Sistemas Informáticos Luis Miguel Moya Moirón G990192 25/01/2010 SSII – Tecnología Thin Clients Página 1 Indice Sistema Informático desarrollado……………………………………………………………….......3 Objetivo…………………………………………………………………………………………………………….7 Introducción: ¿Qué es un Thin Client?...................................................................7 Visión general de la tecnología Thin Client………………………………………………………..8 Arquitectura en Red………………………………………………………………………………………….9 Hardware de un Thin Client……………………………………………………………………………..15 Software Thin Client………………………………………………………………………………………..22 Fundamentos Thin Client………………………………………………………………………………...25 Arranque por red…………………………………………………………………………………….…25 Sesión Remota…………………………………………………………………………………………..29 Ventajas de los Thin Client………………………………………………………………………………35 Desventajas de los Thin Client…………………………………………………………………………39 Escenarios Thin Client……………………………………………………………………………………..41 Protocolos Thin Client……………………………………………………………………………………..44 Protocolos para el arranque por red…………………………………………………………..44 Protocolo PXE……………………………………………………………………………………….44 Protocolo DHCP…………………………………………………………………………………….45 Protocolo TFTP……………………………………………………………………………………..47 Funcionamiento del protocolo PXE……………………………………………………….49 NBP………………………………………………………………………………………………………51 Protocolos para sesiones de escritorio remoto…………………………………………..51 X-Window System / XDMCP………………………………………………………………….52 VNC………………………………………………………………………………………………………59 Terminal Services / RDP………………………………………………………………………..60 Tecnología NX……………………………………………………………………………………….63
    [Show full text]
  • BINGHE) in a Client-Server Network
    ISSN: 2319-8753 International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 3, Issue 1, January 2014 An Integrated Framework for Detecting and prevention of Trojan Horse (BINGHE) in a Client-Server Network Ahmed Aliyu1, Sani Danjuma2, Bo Dai 3, Usman Waziri4, Abubakar Ado5 Lecturer, Mathematical Sciences, Bauchi State University, Gadau, Bauchi State, Nigeria 1 Lecturer, Computer Science, Sa‟adatu Rimi College of Education, Kumbotso, Kano State, Nigeria 2 Professor, Electrical/Electronics, Liaoning University of Technology, Jinzhou, Liaoning Province, China3 Lecturer, Mathematical Sciences, Bauchi State University, Gadau, Bauchi State, Nigeria 4 Student, Computer Science and, Liaoning University of Technology, Jinzhou, Liaoning Province, China5 Abstract: Due to the advancement of malware which gains privileges to the operating system and drops a malicious code, and allowing unauthorized access to the target computer networks. One of this malware includes a Trojan horse which has access to computer or network with the aid of a user, whether knowingly or unknowingly. This paper presents a frame work of detecting a Trojan horse in network environment (client/server) so as to tackle present kind of Trojan horses (BINGHE). The result of the experiment shows a great potential of the method in allowing the detection and analysing different behaviour and attack of Trojan horse malware in computer and client/server network. Keywords: Trojan horse, Malware, network, client server I. INTRODUCTION A Trojan horse is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer [1].
    [Show full text]
  • Hacknotes : Network Security Portable Reference
    HackNote / HackNotes Network Security Portable Reference / Horton & Mugge / 222783-4 / Color profile: Generic CMYK printer profile Composite Default screen blind folio i HACKNOTES™ “Surprisingly complete. I have found this book to be quite useful and a great time-saver. There is nothing more irritating than thrashing in a search engine trying to remember some obscure tool or an obscure tool’s obscure feature. A great reference for the working security consultant.” —Simple Nomad, Renowned Security Researcher and Author of The Hack FAQ “While a little knowledge can be dangerous, no knowledge can be deadly. HackNotes: Network Security Portable Reference covers an immense amount of information readily available that is required for network and system administrators, who need the information quickly and concisely. This book is a must-have reference manual for any administrator.” —Ira Winkler, Chief Security Strategist at HP, security keynote speaker and panelist “HackNotes puts readers in the attacker’s shoes, perhaps a little too close. Security pros will find this reference a quick and easily digestible explanation of common vulnerabilities and how hackers exploit them. The step-by-step guides are almost too good and could be dangerous in the wrong hands. But for those wearing white hats, HackNotes is a great starting point for understanding how attackers enumerate, attack and escalate their digital intrusions.” —Lawrence M. Walsh, Managing Editor, Information Security Magazine “A comprehensive security cheat sheet for those short on time.
    [Show full text]
  • Hacking Windows95/98 Andme
    Color profile: GenericHacking CMYK/ Hackingprinter profile Exposed: Network Security Secrets & Solutions / McClure, Scambray, Kurtz / 222742-7 / Chapter 4 Composite Default screen CHAPTER 4 Hacking Windows 95/98 and Me 129 P:\010Comp\Hacking\742-7\ch04.vp Thursday, January 30, 2003 10:32:23 AM Color profile: GenericHacking CMYK/ Hackingprinter profile Exposed: Network Security Secrets & Solutions / McClure, Scambray, Kurtz / 222742-7 / Chapter 4 Composite Default screen 130 Hacking Exposed: Network Security Secrets & Solutions he most important thing for a network administrator or end user to realize about Windows 95/95B/98/98SE and their updated counterpart Windows Millennium TEdition (hereafter Win9x/Me, or the “DOS Family”) is that their architecture was not designed to incorporate security from the ground up like Microsoft’s other Windows lineage, the Windows NT Family. Throughout this book, we use the phrase “NT Family” to refer to all systems based on Microsoft’s New Technology (NT) platform, including Win NT 3.x–4.x, Windows 2000, Windows XP, and Windows .NET Server (see Chapter 5). Where necessary, we will differentiate between desktop and server versions. In contrast, we will refer to the Microsoft DOS/Windows 1.x/3.x/9x/Me lineage as the “DOS Family.” In fact, it seems that Microsoft went out of its way in many instances to sacrifice secu- rity for ease of use when planning the architecture of Win9x/Me. This becomes double jeopardy for administrators and security-unaware end users. Not only is Win9x/Me easy to configure, but the people most likely to be configuring it are also unlikely to take proper precautions (such as good password selection).
    [Show full text]
  • Comparison of Remote Desktop Software - Wikipedia
    9/29/2020 Comparison of remote desktop software - Wikipedia Comparison of remote desktop software This page is a comparison of remote desktop software available for various platforms. Contents Remote desktop software Operating system support Features Terminology See also Notes References Remote desktop software https://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software 1/9 9/29/2020 Comparison of remote desktop software - Wikipedia First Latest Free for Free for public Software Protocols Creator stable year, License personal commercial release version use use date AetherPal Proprietary AetherPal Inc. 2011 2016, Valet Proprietary No No Ammyy Admin Proprietary Ammyy Inc. 2007 2015, 3.5[1] Proprietary Yes No AnyDesk Software 2020-07-28, AnyDesk Proprietary 2015 Proprietary Yes No GmbH 6.0.7 Anyplace Control Anyplace Control Proprietary 2002 2012, 5.4.0.0 Proprietary No No Software AnywhereTS RDP, ICA Qzone ? 2009, 3.4 Proprietary Yes Yes Apple Remote Desktop RFB (VNC) Apple 2002 2017, 3.9[2] Proprietary No No Apple Screen Sharing (iChat) Proprietary, RFB (VNC) Apple 2007 2014, 1.6 Proprietary Yes Yes AppliDis RDP Systancia ? 2013, 4 SP3 Proprietary No No BeAnywhere Support Proprietary BeAnywhere 1996 2015, 6.00 Proprietary No No Express 2020-07-29, Cendio ThinLinc RFB (VNC) Cendio AB 2003 Proprietary Yes[a] Yes[a] 4.12.0 Chicken of the VNC RFB (VNC) ? 2002 2011-02, 2.1.1 GPL Yes Yes BSD Client, 2018, Chrome Remote Desktop Chromoting Google 2011 Proprietary Yes Yes 70.0.3538.21 Server CloudBerry Lab (CloudBerry May 25, Proprietary
    [Show full text]
  • Chapter 10 Phase 4: Maintaining Access
    Chapter 10 Phase 4: Maintaining Access Trojan Horses ♦ Software program containing a concealed malicious capability but appears to be benign, useful, or attractive to users Backdoor ♦ Software that allows an attacker to access a machine using an alternative entry method ♦ Installed by attackers after a machine has been compromised ♦ May Permit attacker to access a computer without needing to provide account names and passwords ♦ Used in movie “War Games” ♦ Can be sshd listening to a port other than 22 ♦ Can be setup using Netcat Netcat as a Backdoor ♦ A popular backdoor tool ♦ Netcat must be compiled with “GAPING_SECURITY_HOLE” option ♦ On victim machine, run Netcat in listener mode with –e flag to execute a specific program such as a command shell ♦ On attacker’s machine run Netcat in client mode to connect to backdoor on victim Running Netcat as a Backdoor on Unix Note: on attacker’s machine, run “nc victim 12345” Running Netcat as a Backdoor on WinNT/2000 Trojan Horse Backdoors ♦ Programs that combine features of backdoors and Trojan horses – Not all backdoors are Trojan horses – Not all Trojan horses are backdoors ♦ Programs that seem useful but allows an attacker to access a system and bypass security controls Categories of Trojan Horse Backdoors ♦ Application-level Trojan Horse Backdoor – A separate application runs on the system that provides backdoor access to attacker ♦ Traditional RootKits – Critical operating system executables are replaced by attacker to create backdoors and facilitate hiding ♦ Kernel-level RootKits – Operating
    [Show full text]
  • The Gateway Trojan
    THE GATEWAY TROJAN Volume 1, Version 1 TABLE OF CONTENTS About This Report ....................................................................................................................................1 Why This Malware?..................................................................................................................................2 The Basic Questions About RATs..........................................................................................................2 Different Breeds of RATs ........................................................................................................................5 Symantec’s Haley Subcategories of RATs .........................................................................................6 Dissecting a RAT .......................................................................................................................................7 Category II: Common RATs ....................................................................................................................9 Back Orifice ...........................................................................................................................................9 Bifrost ................................................................................................................................................. 10 Blackshades ....................................................................................................................................... 11 DarkTrack .........................................................................................................................................
    [Show full text]
  • The Challenges of Network Security Remediation at a Regional University
    East Tennessee State University Digital Commons @ East Tennessee State University Electronic Theses and Dissertations Student Works 5-2005 The hC allenges of Network Security Remediation at a Regional University. William R. Simons East Tennessee State University Follow this and additional works at: https://dc.etsu.edu/etd Part of the Computer Sciences Commons Recommended Citation Simons, William R., "The hC allenges of Network Security Remediation at a Regional University." (2005). Electronic Theses and Dissertations. Paper 987. https://dc.etsu.edu/etd/987 This Thesis - Open Access is brought to you for free and open access by the Student Works at Digital Commons @ East Tennessee State University. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons @ East Tennessee State University. For more information, please contact [email protected]. The Challenges of Network Security Remediation at a Regional University A thesis presented to the faculty of the Department of Computer and Information Sciences East Tennessee State University In partial fulfillment of the requirements for the degree Master of Science in Computer Science by William R. Simons May 2005 Dr. Qing Yuan, Chair Dr. Phillip Pfeiffer Mr. Steven Jenkins Keywords: computer, system security, network security, security audit, security hardening, vulnerability, remediation, Nessus, Nmap ABSTRACT The Challenges of Network Security Remediation at a Regional University by William R. Simons This thesis describes challenges encountered during a year-long effort to improve the security of the 3,300 node administrative computer network at East Tennessee State University. The key remediation strategies used included employing the vulnerability scanner Nessus to profile the network, analyzing the scan results, and attempting to remove the most critical vulnerabilities found.
    [Show full text]
  • Definition: What Is a Trojan Horse and What Are It's Capabilities?
    Definition: What is a trojan horse and what are it’s capabilities? A Trojan Horse is a program, which appears to be a useful tool but is able to do various things hidden in the background without the computer owner knowing. Trojan Horses have been named after the “Trojan Horse” in Greek Mythology; a wooden horse was left behind by Troy’s besiegers. Not knowing that the Greek had been hiding inside the horse. The people of Troy moved the horse to the inside of the town to celebrate their victory. Once within Trojan walls, the enemies left their hiding place to conquer the city. Nowadays, virtual Trojan Horse attacks work in a similar way. Trojan Horses are often incorrectly treated like viruses. This is only true to a certain extend;as opposed to viruses, their main purpose is not to destroy any kind of information stored on a computer, but to transmit this data to the initiator of the attack for abusing purposes or to get control over infected computers. Since the amount of data transmitted to the initiator is often too unfathomable, many Trojan Horses offer much more intelligent options. These so called Backdoor Trojans enable attackers to take control of foreign computers to do whatever they desire. It’s just like as if the attacker would be sitting in front of the infected computer. Well known Trojan Horses like Sub7, Netbus or Back Orifice consist of three parts: 1. Serverfile This is the file which has to be installed on the computer, the attacker wants to control.
    [Show full text]
  • Port Description Status 1024/TCP,UDP Reserved[1] Official
    Port Description Status 1024/TCP,UDP Reserved[1] Official 1025/TCP NFS-or-IIS Unofficial 1026/TCP Often utilized by Microsoft DCOMservices Unofficial 1029/TCP Often utilized by Microsoft DCOMservices Unofficial 1058/TCP,UDP nim, IBM AIX Network Installation Manager (NIM) Official 1059/TCP,UDP nimreg, IBM AIX Network Installation Manager (NIM) Official 1080/TCP SOCKS proxy Official 1085/TCP,UDP WebObjects Official 1098/TCP,UDP rmiactivation, RMI Activation Official 1099/TCP,UDP rmiregistry, RMI Registry Official 1109/TCP,UDP Reserved[1] Official 1109/TCP Kerberos Post Office Protocol (KPOP) Unofficial EasyBits School network discovery protocol (for Intel’s 1111/UDP Unofficial CMPC platform) 1140/TCP,UDP AutoNOC protocol Official 1167/UDP phone, conference calling Unofficial 1169/TCP,UDP Tripwire Official 1176/TCP Perceptive Automation Indigo Home automation server Official 1182/TCP,UDP AcceleNet Intelligent Transfer Protocol Official 1194/TCP,UDP OpenVPN Official The cajo project Free dynamic transparent distributed 1198/TCP,UDP Official computing in Java scol, protocol used by SCOL 3D virtual worlds server to 1200/TCP Official answer world name resolution client request[26] scol, protocol used by SCOL 3D virtual worlds server to 1200/UDP Official answer world name resolution client request 1200/UDP Steam Friends Applet Unofficial 1214/TCP Kazaa Official 1220/TCP QuickTime Streaming Serveradministration Official TGP, TrulyGlobal Protocol, also known as “The Gur 1223/TCP,UDP Official Protocol” (named for Gur Kimchi of TrulyGlobal) 1234/UDP
    [Show full text]