可疑或危险项判断逻辑

checkrules/dangerstcpports.dat

@@ -0,0 +1,225 @@
+#病毒木马
+
+31:木马Master Paradise、HackersParadise
+99:后门程序ncx99
+121:木马BO jammerkillahV
+135:DCOM服务,冲击波病毒利用,建议关闭
+445:Microsoft-DS,为共享默认开放,震荡波病毒利用,一般应关闭
+456:木马HACKERS PARADISE
+555:木马PhAse1.0、Stealth Spy、IniKiller
+666:木马Attack FTP、Satanz Backdoor
+1001:木马Silencer,WebEx
+1011:木马Doly
+1024:动态端口的开始,木马yai
+1025:inetinfo.exe(互联网信息服务)木马netspy
+1070:木马Psyber Stream,Streaming Audio
+1234:木马SubSeven2.0、Ultors Trojan
+1243:木马SubSeven1.0/1.9
+1245:木马Vodoo,GabanBus,NetBus,Vodoo
+1492:木马FTP99CMP
+1509:木马Psyber Streaming Server
+1524:许多攻击脚本安装一个后门SHELL在这个端口
+1524:FreeBSD (FBRK) Rootkit backdoor
+1600:木马Shivka-Burka
+1807:木马SpySender
+1981:木马ShockRave
+1984:Fuckit Rootkit
+1999:木马BackDoor,yai
+2000:木马GirlFriend 1.3、Millenium 1.0
+2001:木马Millenium 1.0、Trojan Cow,黑洞2001
+2006:CB Rootkit or w00tkit Rootkit SSH server
+2023:木马Pass Ripper
+2115:木马Bugs
+2128:MRK
+2140:木马Deep Throat 1.0/3.0,The Invasor
+2565:木马Striker
+2583:木马Wincrash 2.0
+2801:木马Phineas Phucker
+2847:诺顿反病毒服务
+3024:木马WinCrash
+3129:木马Master Paradise
+3150:木马The Invasor,deep throat
+3210:木马SchoolBus
+3333:木马Prosiak
+3700:木马Portal of Doom
+3996:木马RemoteAnything
+4060:木马RemoteAnything
+4092:木马WinCrash
+4590:木马ICQTrojan
+4950:木马IcqTrojan
+5000:木马blazer5,Sockets de Troie默认开放5000端口,一般应关闭
+5001:木马Sockets de Troie
+5321:木马Sockets de Troie
+5400:木马Blade Runner
+5401:木马Blade Runner
+5402:木马Blade Runner
+5550:木马xtcp
+5569:木马Robo-Hack
+5742:木马WinCrash1.03
+6267:木马广外女生
+6400:木马The tHing
+6666:rogue IRC bot 
+6667:rogue IRC bot 
+6668:rogue IRC bot 
+6669:rogue IRC bot 
+6670:木马Deep Throat
+6671:木马Deep Throat 3.0
+6883:木马DeltaSource
+6939:木马Indoctrination
+6969:木马Gatecrasher、Priority
+7000:木马Remote Grab
+7000:Possible rogue IRC bot
+7300:木马NetMonitor
+7301:木马NetMonitor
+7306:木马NetMonitor,NetSpy1.0
+7307:木马NetMonitor
+7308:木马NetMonitor
+7511:木马聪明基因
+7597:木马Quaz
+7626:木马冰河
+7676:木马Giscier
+7789:木马ICKiller
+8011:木马way2.4
+8225:木马灰鸽子
+8311:木马初恋情人
+9400:木马Incommand 1.0
+9401:木马Incommand 1.0
+9402:木马Incommand 1.0
+9872:木马Portal of Doom
+9873:木马Portal of Doom
+9874:木马Portal of Doom
+9875:木马Portal of Doom
+9899:木马InIkiller
+9989:木马iNi-Killer
+10067:木马iNi-Killer
+10167:木马iNi-Killer
+11000:木马SennaSpy
+11233:木马Progenic trojan
+12076:木马Telecommando
+12223:木马Hack‘99 KeyLogger
+12345:木马NetBus1.60/1.70、GabanBus
+12346:木马NetBus1.60/1.70、GabanBus
+12361:木马Whack-a-mole
+13000:Possible Universal Rootkit (URK) SSH server
+14856:Optic Kit (Tux)
+16959:木马Subseven
+16969:木马Priority
+19191:木马蓝色火焰
+20000:木马Millennium
+20001:木马Millennium
+20034:木马NetBus Pro
+21554:木马GirlFriend
+22222:木马Prosiak
+23444:木马网络公牛
+23456:木马Evil FTP、Ugly FTP
+25000:Possible Universal Rootkit (URK) component
+26274:木马Delta
+27374:木马Subseven 2.1
+29812:FreeBSD (FBRK) Rootkit default backdoor port
+30100:木马NetSphere
+30129:木马Masters Paradise
+30303:木马Socket23
+30999:木马Kuang
+31337:木马BO(Back Orifice)
+31337:Historical backdoor port
+31338:木马BO(Back Orifice),DeepBO
+31339:木马NetSpy DK
+31666:木马BOWhack
+32982:Solaris Wanuk
+33333:木马Prosiak
+33369:Volc Rootkit SSH server (divine)
+34324:木马Tiny Telnet Server、BigGluck、TN
+40412:木马The Spy
+40421:木马Masters Paradise
+40422:木马Masters Paradise
+40423:木马Masters Paradise
+40426:木马Masters Paradise
+43210:木马SchoolBus 1.0/2.0
+44445:木马Happypig
+47018:Possible Universal Rootkit (URK) component
+47107:T0rn
+47262:木马Delta
+50505:木马Sockets de Troie
+50766:木马Fore
+53001:木马Remote Windows Shutdown
+54320:木马bo2000
+54321:木马SchoolBus 1.0/2.0
+60922:zaRwT.KiT
+61466:木马Telecommando
+62883:Possible FreeBSD (FBRK) Rootkit default backdoor port
+65000:木马Devil 1.03
+65535:FreeBSD Rootkit (FBRK) telnet port
+
+#挖矿矿池
+#格式:端口号:相关挖矿类型描述:对应进程名
+#X:代表未知进程
+1111:挖矿木马:X
+2222:挖矿木马:X
+3333:挖矿木马:X
+3367:ZCL挖矿木马(zclassic.f2pool.com):ZecMiner64
+3377:ZEN挖矿木马(zencash.f2pool.com):ZecMiner64
+3636:RVN挖矿木马(raven.f2pool.com):(sgminer|ccminer)
+4444:挖矿木马:X
+5555:挖矿木马:X
+5730:DCR挖矿木马(dcr.f2pool.com):
+5740:多功能挖矿木马([raven|xzc|dcr].f2pool.com):(ccminer|sgminer|cpuminer-avx2)
+5750:PGN挖矿木马(pigeon.f2pool.com):(sgminer|ccminer)
+6666:挖矿木马:X
+6688:ETH挖矿木马(eth.f2pool.com):EthDcrMiner64
+7777:ETH挖矿木马(eth.f2pool.com):EthDcrMiner64
+8008:ETH挖矿木马(eth.f2pool.com):EthDcrMiner64
+8118:ETC挖矿木马(etc.f2pool.com):EthDcrMiner64
+8220:8220挖矿木马:X
+8332:挖矿木马:X
+8333:挖矿木马:X
+8888:挖矿木马:X
+9008:XVG挖矿木马(xvg-blake2s.f2pool.com):ccminer
+9009:XVG挖矿木马(xvg-scrypt.f2pool.com):X
+9010:XVG挖矿木马(xvg-x17.f2pool.com):sgminer
+9011:XVG挖矿木马(xvg-groestl.f2pool.com):X
+9012:XVG挖矿木马(xvg-lyra.f2pool.com):(sgminer|ccminer)
+9221:BTM挖矿木马(btm.f2pool.com):(HSPMinerBTMiner_NebuTech)
+9327:litecoin挖矿:X
+9332:bitcoin挖矿:X
+9501:BCD挖矿木马(bcd-pool.beepool.org):ccminer
+9502:BTM挖矿木马(btm-pool.beepool.org):BTMinerNebuTech
+9503:HC挖矿木马(hc-pool.beepool.org):X
+9504:SUQA挖矿木马(suqa-pool.beepool.org):X
+9505:AE挖矿木马(ae-pool.beepool.org):(bminer|qskg_ae|HSPMinerAE)
+9507:BEAM挖矿木马(beam-pool.beepool.org):beam-cuda-miner
+9509:DASH挖矿木马(dash-pool.beepool.org):X
+9510:GRIN挖矿木马(grin-pool.beepool.org):miner
+9518:ETC挖矿木马(etc-pool.beepool.org):EthDcrMiner64
+9522:BCX挖矿木马(bcx-pool.beepool.org):ccminer
+9530:ETH挖矿木马(eth-pool.beepool.org):EthDcrMiner64
+9531:RVN挖矿木马(rvn-pool.beepool.org):ccminer
+9540:MOAC挖矿木马(moac-pool.beepool.org):EthDcrMiner64
+9568:DCR挖矿木马(dcr-pool.beepool.org):X
+9999:挖矿木马:X
+11110:DGB挖矿木马(dgb-sha256d.f2pool.com):X
+11112:DGB挖矿木马(dgb-groestl.f2pool.com):X
+11113:DGB挖矿木马(dgb-skein.f2pool.com):X
+11114:DGB挖矿木马(dgb-qubit.f2pool.com):X
+13333:ETN挖矿木马(etn.f2pool.com):(xmrig|NsCpuCNMiner64|xmrig-nvidia|ccminer-x64|xmrig-amd|NsGpuCNMiner)
+13531:XMR挖矿木马(xmr.f2pool.com):(xmrig|NsCpuCNMiner64|NsGpuCNMiner|xmrig-nvidia|xmrig-amd)
+13541:XMR挖矿木马(xmr-classic.f2pool.com):X
+13654:XDAG挖矿木马(xdag.f2pool.com):DaggerGpuMiner
+14433:挖矿木马:X
+14444:挖矿木马:X
+15555:PASC挖矿木马(pasc.f2pool.com):EthDcrMiner64
+20012:GIN挖矿木马(gin.f2pool.com):ccminer-x64
+20581:挖矿木马：X
+20593:MONA挖矿木马(mona.f2pool.com):ccminer-x64
+45560:XMR挖矿木马(xmr.pool.minergate.com):xmr-stak
+45590:挖矿木马:X
+45700:minergate.com挖矿木马:X
+45790:挖矿木马:X
+52137:WMAMiner挖矿蠕虫:X
+55335:挖矿木马:X
+65333:挖矿木马:X
+
+
+#代理
+1080:shadansocks客户端
+
+#其他

checkrules/dangersudpports.dat

@@ -0,0 +1 @@
+2001:Scalper