[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
exit counts by port number over 61 days
I thought I'd post the results of a 61-day period of running my exit
node in case they are of interest to others and because some that seem
anomalous to me might then turn up explanations. The first list is sorted
by port number, and the second is the same list resorted by exit count in
descending order. Note that three port numbers (80, 1443, and 8080) are
greatly restricted, so those counts should not be considered significant
for many purposes. If I've counted correctly, my exit policy allows exits
to a total of 328 ports, 10 of which do not appear to have been used during
the sample time period from 10 February 2009 to 12 April 2009. The counts
are in the leftmost column.
Counts sorted by ascending port number
492 port 2 compressnet
196 port 3 compressnet
232 port 4
261 port 5 rje
109 port 6
76 port 17 quota
1067 port 20 ftp-data
32621 port 21 ftp
7991 port 22 ssh
906 port 23 telnet
375 port 33 dsp
1178147 port 43 nicname whois
3 port 48 auditd
18 port 49 tacacs
92 port 52 xns-time
1461 port 53 domain
53 port 54 xns-ch
205 port 55 isi-gl
23 port 56 xns-auth
23 port 63 xns-auth
121 port 66 sql*net
993 port 70 gopher
186 port 79 finger
2712 port 80(*) http
8362 port 88 kerberos-sec
3877 port 98 tacnews
4195 port 101 hostname hostnames
772 port 106 pop3pw 3com-tsmux
1164 port 108 snagas
1890 port 109 pop2 postoffice
30767 port 110 pop3
187 port 112 mcidas
23 port 114 audionews
32 port 115 sftp
67 port 117 uucp-path
23 port 118 sqlserv
62010 port 119 nntp
126 port 123 ntp
29 port 126 unitary
91 port 130 cisco-fna
20 port 131 cisco-tna
5 port 132 cisco-sys
5 port 133 statsrv
17 port 134 ingres-net
1073 port 143 imap imap2 imap4
5 port 144 NeWS
286 port 150 sql-net
13 port 152 bftp
13 port 153 sgmp
25 port 156 sqlsrv
1 port 158 pcmail-srv
29 port 160 sgmp-traps
22 port 165 xns-courier
67 port 170 print-srv
5 port 174 mailq
13 port 177 xdmcp
16 port 178 NextStep
76 port 179 bgp
128 port 180 ris
322 port 188 mumps
21 port 189 qft
8 port 194 irc
10 port 209 qmtp
65 port 210 z39.50 wais
6 port 213 ipx
22 port 215 softpc
7 port 217 dbase
128 port 221 fln-spx
561 port 222 rsh-spx
17 port 223 cdc
83 port 246 dsp3270
6 port 258 yak-chat
8 port 262 arcisdms
1 port 308 novastorbakcup
89 port 345 pawserv
1 port 346 zserv
12 port 347 fatserv
10 port 360 scoi2odialog
66 port 389 ldap
17 port 396 netware-ip
4 port 401 ups
4 port 402 genie
11 port 406 imsp
352350 port 443 https
44 port 453 creativeserver
1 port 454 contentserver
26 port 455 creativepartnr
20 port 457 scohelp
24 port 458 appleqtc
23 port 464 kpasswd kpasswd5
1076 port 465 urd
1 port 473 hybrid-pop
2 port 475 tcpnethaspsrv
3 port 488 gss-http
82 port 512 exec biff comsat
14 port 515 printer spooler
6 port 517 talk
16 port 518 ntalk
2 port 519 utime unixtime
7 port 523 ibm-db2
5 port 524 ncp
4 port 525 timed timeserver
1 port 529 irc-serv
2 port 531 conference chat
4 port 532 netnews readnews
10 port 537 netwall
19 port 540 uucp uucpd
59 port 541 uucp-rlogin
7 port 543 klogin
71 port 544 kshell krcmd
129 port 545 appleqtcsrvr
27 port 548 afpovertcp
305 port 554 rtsp
70 port 556 remotefs rfs rfs_server
7119 port 563 nntps snntp
18 port 564 9pfs
53 port 565 whoami
1 port 583 philips-vc
20904 port 587 submission
198 port 591 http-alt
16 port 592 eudora-set
5 port 607 nqs
56 port 614 sshell
4 port 636 ldaps sldap
2 port 754 tell
17 port 758 nlogin
3 port 760 ns, krbupdate
6 port 765 webster
31 port 767 phonebook
6 port 871 supfilesrv
28 port 873 rsync
106 port 989 ftps-data
127 port 990 ftps
69 port 992 telnets
3508 port 993 imaps imap4
10 port 994 ircs
30626 port 995 pop3s
824 port 1025 blackjack
12187 port 1080 socks
89 port 1085 webobjects
154 port 1110 nfsd-status
76 port 1127 supfiledbg
105 port 1155 nfa
35 port 1167 phone
15 port 1347 bbn-mmc
44 port 1348 bbn-mmx
75 port 1351 equationbuilder
249 port 1352 lotusnote
29 port 1366 netware-csp
33 port 1376 ibm-pps
58 port 1396 dvl-activemail
73 port 1397 audio-activmail
44 port 1398 video-activmail
117 port 1424 hybrid
80 port 1426 sas-1
470 port 1433 ms-sql-s
42 port 1434 ms-sql-m
28 port 1435 ibm-cics
61 port 1436 sas-2
66 port 1443(**) ies-lm
177 port 1450 dwf
38 port 1451 infoman
21 port 1477 ms-sna-server
62 port 1478 ms-sna-base
41 port 1498 watcom-sql
248 port 1501 sas-3
89 port 1506 utcd
60 port 1524 ingreslock
28 port 1527 tlisrv
144 port 1529 support prmsd gnatsd, coauthor
70 port 1652 xnmp
142 port 1661 netview-aix-1
207 port 1662 netview-aix-2
40 port 1663 netview-aix-3
78 port 1664 netview-aix-4
79 port 1665 netview-aix-5
254 port 1666 netview-aix-6
82 port 1667 netview-aix-7
124 port 1668 netview-aix-8
66 port 1669 netview-aix-9
29 port 1670 netview-aix-10
29 port 1671 netview-aix-11
34 port 1672 netview-aix-12
6214 port 1723 pptp
318 port 2003 cfingerd
159 port 2007 dectalk
118 port 2014 troff
156 port 2019 whosockami
123 port 2026 scrabble
303 port 2027 shadowserver
75 port 2028 submitserver
270 port 2032 blackboard
48 port 2033 glogger
64 port 2034 scoremgr
106 port 2035 imsldoc
6129 port 2041 interbase
91 port 2049 nfsd nfs
70 port 2105 eklogin
96 port 2106 ekshell
946 port 2108 rkinit
1006 port 2401 cvspserver
157 port 2600 zebrasrv
45 port 2601 zebra
27 port 2602 ripd
41 port 2603 ripngd
43 port 2604 ospfd
49 port 2605 bgpd
33 port 2606 ospf6d
34 port 2628 dict
26 port 2766 listen
46 port 2784 www-dev
117 port 3050 gds_db
38 port 3264 ccmail
2372 port 3333 dec-notes
6833 port 3389 rdp
36 port 3493 nut
149 port 3653 tsp
85 port 3690 svn
50 port 4045 lockd
1631 port 4321 rwhois
609 port 4557 fax
78 port 4559 hylafax
9625 port 4672 rfa
1477 port 5002 rfe
23251 port 5050 mmcc
5851 port 5190 aol
548 port 5191 aol-1
60 port 5192 aol-2
203 port 5193 aol-3
736 port 5353 mdns
816 port 5432 postgresql
36 port 5713 proshareaudio
100 port 5714 prosharevideo
63 port 5715 prosharedata
95 port 5716 prosharerequest
148 port 5717 prosharenotify
629 port 5999 cvsup
7516 port 6000 x11
2205 port 6001 x11
1274 port 6002 x11
532 port 6003 x11
314 port 6004 x11
522 port 6005 x11
222 port 6006 x11
137 port 6007 x11
186 port 6008 x11
133 port 6009 x11
2302 port 6010 x11, x1-ssh
137 port 6011 x11
227 port 6012 x11
124 port 6013 x11
76 port 6014 x11
111 port 6015 x11
43 port 6016 x11
61 port 6017 x11
93 port 6018 x11
84 port 6019 x11
300 port 6020 x11
158 port 6021 x11
107 port 6022 x11
108 port 6023 x11
155 port 6024 x11
241 port 6025 x11
121 port 6026 x11
101 port 6027 x11
77 port 6028 x11
73 port 6029 x11
152 port 6030 x11
106 port 6031 x11
85 port 6032 x11
92 port 6033 x11
121 port 6034 x11
105 port 6035 x11
294 port 6036 x11
43 port 6037 x11
75 port 6038 x11
53 port 6039 x11
107 port 6040 x11
58 port 6041 x11
71 port 6042 x11
40 port 6043 x11
119 port 6044 x11
126 port 6045 x11
64 port 6046 x11
44 port 6047 x11
280 port 6048 x11
78 port 6049 x11
153 port 6050 x11
121 port 6051 x11
58 port 6052 x11
64 port 6053 x11
24 port 6054 x11
55 port 6055 x11
40 port 6056 x11
135 port 6057 x11
39 port 6058 x11
244 port 6059 x11
5964 port 6060 x11
167 port 6061 x11
66 port 6062 x11
55 port 6063 x11
950 port 6110 softcm
849 port 6111 spc
111 port 6558 xdsxdm
585 port 6660 [ircd]
893 port 6661 [ircd]
10995 port 6662 [ircd]
337 port 6663 [ircd]
293 port 6664 [ircd]
1777 port 6665 [ircd]
5358 port 6666 [ircd]
78836 port 6667 ircd
698 port 7010 afs3-resserver, ups-onlinet
677 port 7100 font-service
559 port 8021 ftp-proxy
45 port 8080(**) bittorrent
2540 port 9001 [tor-or]
9437 port 9030 [tor-dir]
------------------------------------------------
Counts sorted by descending exit count
1178147 port 43 nicname whois
352350 port 443 https
78836 port 6667 ircd
62010 port 119 nntp
32621 port 21 ftp
30767 port 110 pop3
30626 port 995 pop3s
23251 port 5050 mmcc
20904 port 587 submission
12187 port 1080 socks
10995 port 6662 [ircd]
9625 port 4672 rfa
9437 port 9030 [tor-dir]
8362 port 88 kerberos-sec
7991 port 22 ssh
7516 port 6000 x11
7119 port 563 nntps snntp
6833 port 3389 rdp
6214 port 1723 pptp
6129 port 2041 interbase
5964 port 6060 x11
5851 port 5190 aol
5358 port 6666 [ircd]
4195 port 101 hostname hostnames
3877 port 98 tacnews
3508 port 993 imaps imap4
2712 port 80(*) http
2540 port 9001 [tor-or]
2372 port 3333 dec-notes
2302 port 6010 x11, x1-ssh
2205 port 6001 x11
1890 port 109 pop2 postoffice
1777 port 6665 [ircd]
1631 port 4321 rwhois
1477 port 5002 rfe
1461 port 53 domain
1274 port 6002 x11
1164 port 108 snagas
1076 port 465 urd
1073 port 143 imap imap2 imap4
1067 port 20 ftp-data
1006 port 2401 cvspserver
993 port 70 gopher
950 port 6110 softcm
946 port 2108 rkinit
906 port 23 telnet
893 port 6661 [ircd]
849 port 6111 spc
824 port 1025 blackjack
816 port 5432 postgresql
772 port 106 pop3pw 3com-tsmux
736 port 5353 mdns
698 port 7010 afs3-resserver, ups-onlinet
677 port 7100 font-service
629 port 5999 cvsup
609 port 4557 fax
585 port 6660 [ircd]
561 port 222 rsh-spx
559 port 8021 ftp-proxy
548 port 5191 aol-1
532 port 6003 x11
522 port 6005 x11
492 port 2 compressnet
470 port 1433 ms-sql-s
375 port 33 dsp
337 port 6663 [ircd]
322 port 188 mumps
318 port 2003 cfingerd
314 port 6004 x11
305 port 554 rtsp
303 port 2027 shadowserver
300 port 6020 x11
294 port 6036 x11
293 port 6664 [ircd]
286 port 150 sql-net
280 port 6048 x11
270 port 2032 blackboard
261 port 5 rje
254 port 1666 netview-aix-6
249 port 1352 lotusnote
248 port 1501 sas-3
244 port 6059 x11
241 port 6025 x11
232 port 4
227 port 6012 x11
222 port 6006 x11
207 port 1662 netview-aix-2
205 port 55 isi-gl
203 port 5193 aol-3
198 port 591 http-alt
196 port 3 compressnet
187 port 112 mcidas
186 port 79 finger
186 port 6008 x11
177 port 1450 dwf
167 port 6061 x11
159 port 2007 dectalk
158 port 6021 x11
157 port 2600 zebrasrv
156 port 2019 whosockami
155 port 6024 x11
154 port 1110 nfsd-status
153 port 6050 x11
152 port 6030 x11
149 port 3653 tsp
148 port 5717 prosharenotify
144 port 1529 support prmsd gnatsd, coauthor
142 port 1661 netview-aix-1
137 port 6007 x11
137 port 6011 x11
135 port 6057 x11
133 port 6009 x11
129 port 545 appleqtcsrvr
128 port 180 ris
128 port 221 fln-spx
127 port 990 ftps
126 port 123 ntp
126 port 6045 x11
124 port 1668 netview-aix-8
124 port 6013 x11
123 port 2026 scrabble
121 port 66 sql*net
121 port 6026 x11
121 port 6034 x11
121 port 6051 x11
119 port 6044 x11
118 port 2014 troff
117 port 1424 hybrid
117 port 3050 gds_db
111 port 6015 x11
111 port 6558 xdsxdm
109 port 6
108 port 6023 x11
107 port 6022 x11
107 port 6040 x11
106 port 989 ftps-data
106 port 2035 imsldoc
106 port 6031 x11
105 port 1155 nfa
105 port 6035 x11
101 port 6027 x11
100 port 5714 prosharevideo
96 port 2106 ekshell
95 port 5716 prosharerequest
93 port 6018 x11
92 port 52 xns-time
92 port 6033 x11
91 port 130 cisco-fna
91 port 2049 nfsd nfs
89 port 345 pawserv
89 port 1085 webobjects
89 port 1506 utcd
85 port 3690 svn
85 port 6032 x11
84 port 6019 x11
83 port 246 dsp3270
82 port 512 exec biff comsat
82 port 1667 netview-aix-7
80 port 1426 sas-1
79 port 1665 netview-aix-5
78 port 1664 netview-aix-4
78 port 4559 hylafax
78 port 6049 x11
77 port 6028 x11
76 port 17 quota
76 port 179 bgp
76 port 1127 supfiledbg
76 port 6014 x11
75 port 1351 equationbuilder
75 port 2028 submitserver
75 port 6038 x11
73 port 1397 audio-activmail
73 port 6029 x11
71 port 544 kshell krcmd
71 port 6042 x11
70 port 556 remotefs rfs rfs_server
70 port 1652 xnmp
70 port 2105 eklogin
69 port 992 telnets
67 port 117 uucp-path
67 port 170 print-srv
66 port 389 ldap
66 port 1443(**) ies-lm
66 port 1669 netview-aix-9
66 port 6062 x11
65 port 210 z39.50 wais
64 port 2034 scoremgr
64 port 6046 x11
64 port 6053 x11
63 port 5715 prosharedata
62 port 1478 ms-sna-base
61 port 1436 sas-2
61 port 6017 x11
60 port 1524 ingreslock
60 port 5192 aol-2
59 port 541 uucp-rlogin
58 port 1396 dvl-activemail
58 port 6041 x11
58 port 6052 x11
56 port 614 sshell
55 port 6055 x11
55 port 6063 x11
53 port 54 xns-ch
53 port 565 whoami
53 port 6039 x11
50 port 4045 lockd
49 port 2605 bgpd
48 port 2033 glogger
46 port 2784 www-dev
45 port 2601 zebra
45 port 8080(**) bittorrent
44 port 453 creativeserver
44 port 1348 bbn-mmx
44 port 1398 video-activmail
44 port 6047 x11
43 port 2604 ospfd
43 port 6016 x11
43 port 6037 x11
42 port 1434 ms-sql-m
41 port 1498 watcom-sql
41 port 2603 ripngd
40 port 1663 netview-aix-3
40 port 6043 x11
40 port 6056 x11
39 port 6058 x11
38 port 1451 infoman
38 port 3264 ccmail
36 port 3493 nut
36 port 5713 proshareaudio
35 port 1167 phone
34 port 1672 netview-aix-12
34 port 2628 dict
33 port 1376 ibm-pps
33 port 2606 ospf6d
32 port 115 sftp
31 port 767 phonebook
29 port 126 unitary
29 port 160 sgmp-traps
29 port 1366 netware-csp
29 port 1670 netview-aix-10
29 port 1671 netview-aix-11
28 port 873 rsync
28 port 1435 ibm-cics
28 port 1527 tlisrv
27 port 548 afpovertcp
27 port 2602 ripd
26 port 455 creativepartnr
26 port 2766 listen
25 port 156 sqlsrv
24 port 458 appleqtc
24 port 6054 x11
23 port 56 xns-auth
23 port 63 xns-auth
23 port 114 audionews
23 port 118 sqlserv
23 port 464 kpasswd kpasswd5
22 port 165 xns-courier
22 port 215 softpc
21 port 189 qft
21 port 1477 ms-sna-server
20 port 131 cisco-tna
20 port 457 scohelp
19 port 540 uucp uucpd
18 port 49 tacacs
18 port 564 9pfs
17 port 134 ingres-net
17 port 223 cdc
17 port 396 netware-ip
17 port 758 nlogin
16 port 178 NextStep
16 port 518 ntalk
16 port 592 eudora-set
15 port 1347 bbn-mmc
14 port 515 printer spooler
13 port 152 bftp
13 port 153 sgmp
13 port 177 xdmcp
12 port 347 fatserv
11 port 406 imsp
10 port 209 qmtp
10 port 360 scoi2odialog
10 port 537 netwall
10 port 994 ircs
8 port 194 irc
8 port 262 arcisdms
7 port 217 dbase
7 port 523 ibm-db2
7 port 543 klogin
6 port 213 ipx
6 port 258 yak-chat
6 port 517 talk
6 port 765 webster
6 port 871 supfilesrv
5 port 132 cisco-sys
5 port 133 statsrv
5 port 144 NeWS
5 port 174 mailq
5 port 524 ncp
5 port 607 nqs
4 port 401 ups
4 port 402 genie
4 port 525 timed timeserver
4 port 532 netnews readnews
4 port 636 ldaps sldap
3 port 48 auditd
3 port 488 gss-http
3 port 760 ns, krbupdate
2 port 475 tcpnethaspsrv
2 port 519 utime unixtime
2 port 531 conference chat
2 port 754 tell
1 port 158 pcmail-srv
1 port 308 novastorbakcup
1 port 346 zserv
1 port 454 contentserver
1 port 473 hybrid-pop
1 port 529 irc-serv
1 port 583 philips-vc
(*) Port 80 is restricted to a limited list of IP addresses.
(**) Ports 1443 and 8080 are each restricted to a single IP address.
The statistics above immediately bring the following questions to
mind, and I hope someone on the list can provide answers or reasonable
hypotheses.
1) Why is the nicname/whois port the most heavily used? In fact,
why is it getting much use at all?
2) Why are there so many exits to the standard socks port? It
seems kind of strange to go all the way through the tor network
fully encrypted, only to exit in the clear to a port somewhere
else for re-encryption. Similarly, what about pptp?
3) Why are there so many exits to the default ports for tor's
ORPort and DirPort?
4) Who still uses RFS? Didn't that die out a *long* time ago?
(The rfs port had 70 exits.)
I suspect that list readers will notice other oddities in the data
presented here. Please feel free to discuss those, too.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************