Viewing Server Asset Fingerprints
HSS can collect server asset fingerprints, including information about ports, processes, web applications, web services, web frameworks, and auto-started items. You can centrally check server asset information and detect risky assets in a timely manner based on the server fingerprints.
This section describes how to view the collected server asset fingerprints on the console. For more information, see Collecting Server Asset Fingerprints.
Prerequisite
HSS enterprise edition, premium edition, WTP edition, or container edition has been enabled for the server.
Viewing Asset Information of All Servers
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > HSS. - Choose to view all server assets.
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
Figure 1 Viewing server asset information
- (Optional) remove unsafe assets.
If you find unsafe assets after counting, remove them in a timely manner. You are advised to handle risky ports as follows:
- If HSS detects open high-risk ports or unused ports, check whether they are really used by your services.
- If a detected high-risk port is actually a normal port used for services, you can ignore it. Ignored alarms will neither be recorded as unsafe items and nor trigger alarms.
For more information, see High-risk port list.
Viewing Asset Information of a Single Server
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose Asset Management > Servers & Quota. Click the Servers tab.
If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.
- Click the name of the target server. On the server details page that is displayed, choose .
Figure 2 Viewing asset fingerprints of a single server
- Click a fingerprint type in the list to view the asset information.
High-risk port list
Table 1 lists the high-risk ports are identified by the asset fingerprint function of HSS. If a high-risk port is enabled in your asset, check whether they are really used by your services.
|
Port |
Description |
Protocol |
|---|---|---|
|
31 |
Trojan horses Master Paradise and Hackers Paradise |
TCP and UDP |
|
456 |
Trojan horses HACKERSPARADISE |
TCP and UDP |
|
555 |
Trojan horses PhAse1.0 Stealth Spy and IniKiller |
TCP and UDP |
|
666 |
Trojan horses Attack FTP and Satanz Backdoor |
TCP and UDP |
|
1001 |
Trojan horses Silencer and WebEx |
TCP and UDP |
|
1011 |
Doly Trojan |
TCP and UDP |
|
1025 |
Trojan netspy |
TCP and UDP |
|
1033 |
Trojan netspy |
TCP and UDP |
|
1070 |
Trojan horses Streaming Audio Trojan, Psyber Stream Server, and Voice |
TCP and UDP |
|
1234 |
Trojan horses SubSeven2.0 and Ultors Trojan |
TCP and UDP |
|
1243 |
Trojan SubSeven 1.0/1.9 |
TCP and UDP |
|
1245 |
Trojan Vodoo |
TCP and UDP |
|
1270 |
MOM-Encrypted Microsoft Operations Manager (MOM) 2000 |
TCP |
|
1492 |
Trojan FTP99CMP |
TCP and UDP |
|
1600 |
Trojan Shivka-Burka |
TCP and UDP |
|
1807 |
Trojan SpySender |
TCP and UDP |
|
1981 |
Trojan ShockRave |
TCP and UDP |
|
1999 |
Trojan BackDoor |
TCP and UDP |
|
2000 |
Trojans GirlFriend 1.3 and Millenium 1.0 |
TCP and UDP |
|
2001 |
Trojan Millenium 1.0 and Trojan Cow |
TCP and UDP |
|
2023 |
Trojan Pass Ripper |
TCP and UDP |
|
2115 |
Trojan Bugs |
TCP and UDP |
|
2140 |
Trojan Deep Throat 1.0/3.0 |
TCP and UDP |
|
3150 |
Trojan Deep Throat 1.0/3.0 |
TCP and UDP |
|
6711 |
Trojan SubSeven1.0/1.9 |
TCP and UDP |
|
6776 |
Trojan horses SubSeven2.0 and Ultors Trojan and SubSeven1.0/1.9 |
TCP and UDP |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
