TcpPortAlias Enumeration

C#

public enum TcpPortAlias : System.Enum

Member	Description
AIM_5190	The AOL Instant Messenger (AIM) - Port 5190
ApacheCassandra_9042	Apache ApacheCassandra - Port 9042
ApacheCassandraSSL_9142	Apache Cassandra encrypted and unencrypted port
ApacheZooKeeper_2181	Apache ApacheZooKeeper - Port 2181
BattleNet_1119	The battle net game server - port 1119
DB2_Console_50000	IBM DB2 Sametime System Console - Port 50000
DNS_53	Domain Name System - Port 53
Echo_7	Ping - port 7
Elasticsearch_9200	Elasticsearch - Port 9200
EtherNetIP_44818	PLC EtherNet/IP (Allen-Bradley/Rockwell) - Port 44818
Finger_79	The Finger User Information Protocol
FTP1_20	File transfer protocol - port 20
FTP2_21	File transfer protocol - port 21
FTPSSL_989	FTP over Secure Socket Layer (SSL) - Port 989
FTPTLS_990	FTP over TLS Transport Layer Security (TLS)- Port 990
GIT_9418	GIT - Port 9418
H323_VIDEO_1720	H.323 TCP (Telecommunications) - Port 1720
H323_VOIP_1719	H.323 UDP (Telecommunications) - Port 1719
HP_AnywareCAS_PDC_636	The hp anyware CAS PDC server
HP_AnywarePCoIP_Physical_60443	The HP Anyware encrypted pixels protocol for physical workstations
HP_AnywarePCoIP_Virtual_4172	The HP Anyware encrypted pixels protocol for virtual workstations
HP_EmbeddedWebServer_9281	The hp embedded web server port 1
HP_EmbeddedWebServer_9282	The hp embedded web server port 2
HP_ParallelPrinter_9101	The hp parallel printer on port 9101
HP_ParallelPrinter_9102	The hp parallel printer on port 9102
HP_Printer_9100	The hp printer on port 9100
HP_Scanner_9280	The hp scanner for embedded web-server on port 9280
HTTP_80	HyperText Transfer Protocol (do not use when you expose port 80)
IMAP_143	Internet Message Access Protocol - Port 134
IMAP_993	Internet Messaging Protocol IMAP encrypted
Ingenico_12000	PoS Systems Ingenico Management Port - Port 12000
IPSec1_50	Internet Protocol Security - Port 50
IPSec2_51	Internet Protocol Security - Port 51
Kerberos_88	Kerberos - Port 88
Kerberos_Admin_749	Kerberos (kadmin) - Port 749
LDAP_389	Lightweight Directory Access Protocol - Port 389
Lotus_Notes_1352	Lotus Notes - Port 1352
Memcached_11211	Memcached - Port 11211
Mitsubishi_MELSEC_5006	Mitsubishi MELSEC PLC - Port 5006
Modbus_502	Modbus PLC Management Port - Port 502
MongoDB_27017	The Mongo database - Port 27017
MongoDB_Cluster_27018	The Mongo database shared cluster - Port 27017
MS_DirectoryServices_445	Microsoft-DS (Active Directory and other Windows services) - Port 445
MS_RPC_135	Microsoft RPC Endpoint Mapper - Port 135
MSGIPC_29	Internet Cache Protocol (ICP)
MSNM_1863	The Microsoft Notification Protocol (MSNM) - Port 1863
MYSQL_3306	MySQL database port 3306
NetBIOS_136	NetBIOS (Profile Name Service)- Port 136
NetBIOS_137	NetBIOS (CIFS)- Port 137
NetBIOS_138	NetBIOS - Port 138
NNTP_119	Network News Transport Protocol -Port 119
None	indicated that the value was not configured
OpenEdge_20931	open edge database
Oracle_1521	oracle server
Oracle_WebLogic_7001	Oracle WebLogic - Port 7001
PC_EFTPOS_2010	PoS Systems PC-EFTPOS Management Port - Port 2010
POP3_110	Post Office Protocol
PostgreSQL_5432	PostgreSQL - Port 5432
PSN_3478	The PlayStation Network Remote Play Device - port 3478
RADIUS_Acct_1813	RADIUS Accounting - Port 1813
RADIUS_Auth_1812	RADIUS Authentication - Port 1812
RDP_3389	Remote Desktop Protocol - Port 3389
Redis_6379	Redis in memory cash service port - 6379
RTP_5004	The Real-time Transport Protocol (RTP) - Port 5004
RTP_5005	The Real-time Transport Protocol (RTP) - 5005
RTSP_554	The RTSP streaming port 554
Siemens_S7_102	Siemens S7 PLC - Port 102
SIP_5060	Session Initiation Protocol (SIP) - Port 5060
SMTP_25	Simple Mail Transfer Protocol - port 25
SNMP_161	Simple Network Management Protocol - Port 161
SNMP_162	Simple Network Management Protocol - Port 162
Splunkd_8089	Splunkd Management - Port 8089
SQL_Monitor_1434	Microsoft SQL Monitor - Port 1434
SSH_22	Secure Shell port 22
SSL_443	HTTP with Secure Sockets Layer - Port 443
Steam_27015	The steam UDP - UDP Port 27015
Sybase_2638	Sybase database
Syslog_514	Syslog - Port 514
Systat_11	The Systat/ Active Users - Port 11
Telnet_23	Telnet -port 23
TFTP_69	Trivial File Transfer Protocol (TFTP) - Port 69
Tomcat_8443	The default port for Apache Tomcat
TSQL_1433	Microsoft SQL server
UserDefined	A user defined port
Verifone_8001	PoS Systems Verifone Management Port - Port 8001
WAC_6516	The windows administration center
WakeOnLan_9	WoL - Port 5
XboxLive_3074	The XBOX live - port 3074

Each port number identifies a distinct service, this enum's list the services with the default port mapped. you can create a alias on your GateWay and map the ports not external used to the firewall and the firewall will detect them, ideally you would map them from the default port to a detect port not used by the server to avoid conflicts, you can map ports to a maximum value of value of 65,535

You can use the firewall's disk reporting NuGet package to generate PoweShell script to block and unblock the IP address are seeking exploits

The Firewall and HoneyPotService exposes the OnPortAccessDetected that can be used for controlling the detected signal in real-time

port monitoring in services configuration

C#

services.UsePortScannerProtection(options => {
                  /* Map the service ports to a local port on your computer
                  *  Redirect the requests to your computer and open the firewall
                  *  for the redirected ports 
                  *
                  * In this sample you'd map original port to a custom port to not interfere with the 
                  * original service on your servers firewall open the ports 64000-64006 to enable detection
                  */
                  options.SSH    = 64000; // map port 22 to port 64000 on your router
                  options.TSQL   = 64001; // map port 1433 to port 64001 on your router
                  options.Telnet = 64002; // map port 23 to port 64002 on your router
                  options.MYSQL  = 64005; // map port 3306 to port 64005 on your router
                  options.DNS    = 64006; // map port 53 to port 64005 on your router
            
                  /*you can manually map port aliases in the range from 0 till 65535*/
                  options.AddOrUpdate(externalPort: 587, internalPort:4007, name:"ESMTP Extended Simple Mail Transfer Protocol");
                  options.AddOrUpdate(externalPort: 647, internalPort:4008, name:"DHCP Fail-over");
            
                  /*Record up-to 8,000 character when someone is trying to attack the service for legal reporting*/
                  options.MaximumDataSizeToAccept = 254;
            
                  /*Look between every 100ms and 30000ms if someone is trying to gain access to the system */
                  options.PoolFrequency = 100;
            
                  /* Add a default reply to any connection, you can send a auto reply
                   * You can use the template values:
                   * {IP}  - the attackers IP address
                   * {Port}- the port being attacked
                   * {Name}- the name of the alias being used
                   * {ISP} - the name of the Internet service provider that the attacker is using will be injected
                   * {Country} - the country name will be injected
                   * to personalize the message or leave it blank to record silently*/
                  options.DefaultReply = "This service is being monitored and we have detected your intentions attack {Name}" +
                                         " via {IP}:{Port} to gain unlawful access to the system, please note that any unlawful" +
                                         " activity will be reported to {ISP} as well as the relevant authorities in {Country}";
            
              })

System.Object
   System.ValueType
      System.Enum
         Walter.BOM.TcpPortAlias

Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

Reference

Walter.BOM Namespace