We're updating the issue view to help you get more done. 

Commonly Used Port

Description

Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as

  • TCP:80 (HTTP)

  • TCP:443 (HTTPS)

  • TCP:25 (SMTP)

  • TCP/UDP:53 (DNS)

They may use the protocol associated with the port or a completely different protocol.

For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), examples of common ports are

  • TCP/UDP:135 (RPC)

  • TCP/UDP:22 (SSH)

  • TCP/UDP:3389 (RDP)

id

T1043

tactic

command-and-control

datasources

Process monitoring
Netflow/Enclave netflow
Process use of network
Packet capture

maturity

Not Tracked

Assignee

Unassigned
Configure