Updated on 2024-09-25 GMT+08:00

Viewing Server Asset Fingerprints

HSS can collect server asset fingerprints, including information about ports, processes, web applications, web services, web frameworks, and auto-started items. You can centrally check server asset information and detect risky assets in a timely manner based on the server fingerprints. Asset management only detects risks. You need to manually handle suspicious assets.

This section describes how to view the collected server asset fingerprints on the console. For more information, see Collecting Server Asset Fingerprints.

Prerequisite

HSS enterprise edition, premium edition, WTP edition, or container edition has been enabled for the server.

Viewing Asset Information of All Servers

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. Choose Asset Management > Server Fingerprints to view all server assets.

    If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.

  4. (Optional) remove unsafe assets.

    If you find unsafe assets after counting, remove them in a timely manner. You are advised to handle risky ports as follows:

    • If HSS detects open high-risk ports or unused ports, check whether they are really used by your services.
    • If a detected high-risk port is actually a normal port used for services, you can ignore it. Ignored alarms will neither be recorded as unsafe items and nor trigger alarms.

    For more information, see High-risk port list.

Viewing Asset Information of a Single Server

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Servers & Quota. Click the Servers tab.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  4. Click the name of the target server. On the server details page that is displayed, choose Asset Fingerprints > Servers.
  5. Click a fingerprint type in the list to view the asset information.

High-risk port list

Table 1 lists the high-risk ports are identified by the asset fingerprint function of HSS. If a high-risk port is enabled in your asset, check whether they are really used by your services.

Table 1 High-risk port list

Port

Description

Protocol

31

Trojan horses Master Paradise and Hackers Paradise

TCP and UDP

456

Trojan horses HACKERSPARADISE

TCP and UDP

555

Trojan horses PhAse1.0 Stealth Spy and IniKiller

TCP and UDP

666

Trojan horses Attack FTP and Satanz Backdoor

TCP and UDP

1001

Trojan horses Silencer and WebEx

TCP and UDP

1011

Doly Trojan

TCP and UDP

1025

Trojan netspy

TCP and UDP

1033

Trojan netspy

TCP and UDP

1070

Trojan horses Streaming Audio Trojan, Psyber Stream Server, and Voice

TCP and UDP

1234

Trojan horses SubSeven2.0 and Ultors Trojan

TCP and UDP

1243

Trojan SubSeven 1.0/1.9

TCP and UDP

1245

Trojan Vodoo

TCP and UDP

1270

MOM-Encrypted Microsoft Operations Manager (MOM) 2000

TCP

1492

Trojan FTP99CMP

TCP and UDP

1600

Trojan Shivka-Burka

TCP and UDP

1807

Trojan SpySender

TCP and UDP

1981

Trojan ShockRave

TCP and UDP

1999

Trojan BackDoor

TCP and UDP

2000

Trojans GirlFriend 1.3 and Millenium 1.0

TCP and UDP

2001

Trojan Millenium 1.0 and Trojan Cow

TCP and UDP

2023

Trojan Pass Ripper

TCP and UDP

2115

Trojan Bugs

TCP and UDP

2140

Trojan Deep Throat 1.0/3.0

TCP and UDP

3150

Trojan Deep Throat 1.0/3.0

TCP and UDP

6711

Trojan SubSeven1.0/1.9

TCP and UDP

6776

Trojan horses SubSeven2.0 and Ultors Trojan and SubSeven1.0/1.9

TCP and UDP