Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: quake3 opportunistic portrule

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 1 Jan 2011 13:34:49 +0200
The previous port popularity had dupes in it. I wrote the code for
dropping duplicates today, and made another scan with the new code.
Here are the results:

14445: 215
14701: 37
14957: 27
15725: 13
15213: 13
17005: 9
15469: 9
34665: 7
19565: 6
17517: 6
15981: 6
17261: 5
16237: 5
17773: 4
56425: 3
42090: 3
36965: 3
30825: 3
18029: 3
16749: 3
16490: 3
12405: 3
53360: 2
50538: 2
33385: 2
24685: 2
18541: 2
18285: 2
16493: 2
14451: 2
8305: 2
2155: 2
64620: 1
62060: 1
61525: 1
61214: 1
59497: 1
59362: 1
59094: 1
58985: 1
58217: 1
56813: 1
56462: 1
55410: 1
54726: 1
54380: 1
53702: 1
53589: 1
53475: 1
53355: 1
53078: 1
52855: 1
52821: 1
52422: 1
51824: 1
51568: 1
51312: 1
51285: 1
50886: 1
50374: 1
49635: 1
49245: 1
49183: 1
49008: 1
48838: 1
48752: 1
47240: 1
46945: 1
46927: 1
45134: 1
43630: 1
43105: 1
42224: 1
40805: 1
39790: 1
39020: 1
37748: 1
35689: 1
35552: 1
35177: 1
33645: 1
33387: 1
33294: 1
33252: 1
33131: 1
32617: 1
32198: 1
31541: 1
31081: 1
29936: 1
29680: 1
27755: 1
27002: 1
26737: 1
26589: 1
26480: 1
26411: 1
25965: 1
24862: 1
24635: 1
24429: 1
23405: 1
22637: 1
22474: 1
22243: 1
21907: 1
20845: 1
20585: 1
19821: 1
19666: 1
19569: 1
19433: 1
18797: 1
18545: 1
18510: 1
18493: 1
16415: 1
14738: 1
14597: 1
14207: 1
13698: 1
13420: 1
13165: 1
12784: 1
12672: 1
12141: 1
12102: 1
11885: 1
9325: 1
8053: 1
7797: 1
7285: 1
5537: 1
4716: 1
4688: 1
4213: 1
3686: 1
3180: 1
1220: 1
555: 1
4: 1
0: 1



On Fri, Dec 31, 2010 at 11:18 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:

On another thread, I was discussing precise scanning of publicly
advertised quake3 servers. The other part of the story involves
detecting and scanning quake3 servers upon stumbling on an open port
during a regular port scan. It seems there is no ultimate default port
for running a quake3 server. However, some ports are more common,
presumably some of them are default configurations of some server
software. Below are some statistics I gathered today regarding the
amount of servers using a specific port number. Now the open question
is, which port numbers should I include in the port rule? The options
might include 1) all of the ports 2) anything used more than once 3)
anything used more than, say 10 times 4) top-3 5) only 14445 6) none

 what do you think?, --Toni

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: