This topic lists services that Illumio considers to be at risk. For information on the Traffic page and Risk Reports, see Traffic. For instructions on how to use the search function in the Traffic page, see Search Traffic.
Ransomware Risky Services
The following is a list of services that Illumio considers to be at risk for ransomware penetration and lateral movement.
| Service | Service Name | Protocol | Port Number | Severity |
|---|---|---|---|---|
| HTTP | S-HTTP | TCP | 80 | Medium |
| LLMNR | S-LLMNR | UDP | 5355 | Medium |
| NFS | S-NFS | TCP/UDP | 2049 | Medium |
| RDP | S-RDP | TCP/UDP | 3389 | Critical |
| MSFT RPC | S-RPC | TCP | 135 | Critical |
| SMB | S-SMB | TCP/UDP | 445 | Critical |
| SSH | S-SSH | TCP/UDP | 22 | Medium |
| WinRM | S-WINRM | TCP | 5985 | Critical |
| WinRM Secure | S-WINRM-SECURE | TCP | 5986 | Critical |
| FTP Data | S-FTP-DATA | TCP | 20 | Medium |
| FTP Control | S-FTP-CONTROL | TCP | 21 | Medium |
| METASPLOIT | S-METASPLOIT | TCP/UDP | 4444 | Low |
| Multicast DNS | S-MDNS | UDP | 5353 | Medium |
| NetBIOS | S-NETBIOS | UDP
TCP |
137, 138
137, 139 |
High |
| POP3 | S-POPV3 | TCP | 110 | Low |
| PPTP | S-PPTP | TCP/UDP | 1723 | Low |
| SSDP | S-SSDP | UDP | 1900 | Medium |
| SunRPC | S-SUNRPC | TCP/UDP | 111 | Low |
| TeamViewer | S-TEAMVIEWER | TCP/UDP | 5938 | High |
| Telnet | S-TELNET | TCP/UDP | 23 | Medium |
| VNC | S-VNC | TCP/UDP | 5900 | High |
| WSD | S-WSD | TCP/UDP | 3702 | Medium |
Traffic Supported Resource Types
See Traffic Supported Resources. For a list of resources against which you can write policy, see Resources that Support Policy.