[ISN] 5 Protocols That Should Be Closely Watched

http://www.darkreading.com/monitoring/5-protocols-that-should-be-closely-watch/240164357 By Robert Lemos Dark Reading November 30, 2013 For decades, opportunistic attackers have scanned the Internet for open ports through which they can compromise vulnerable applications. Such scanning has only gotten easier: The Shodan search engine regularly scans the Internet and stores the results for anyone to search; researchers from the University of Michigan have refined techniques to allow for fast, comprehensive scans of a single port across the Internet; and programs, such as NMap, allow anyone to scan for open, and potentially vulnerable, ports. While the most commonly attacked ports are those used by Secure Shell (SSH), the file transfer protocol (FTP), the remote desktop protocol (RDP), and Web servers (HTTP), companies need to monitor network activity aimed at less common protocols and ports, say security experts. Attackers will likely increasingly look for vulnerabilities in less common ports, says HD Moore, chief research officer for vulnerability-management firm Rapid7, which has made a name for itself scanning the Internet for just those ports. “This stuff is not in the top bucket, in terms of priority, but it tends to bite people because they are not keeping an eye on it,” he says. […]