# Syntax :
#
# service name:server port/proto:client port

#
# Popular icmp codes
#
icmp-echo-request:8/icmp:0
icmp-echo-reply:0/icmp:0
icmp-unreach:3/icmp:0-255
icmp-time exceeded in transit:11/icmp:0

#
# FTP
#
ftp-data:20/tcp:1024-65535
ftp:21/tcp:1024-65535

#
# SSH
#
ssh-unix:22/tcp:1010-1023
ssh (version 2 or windows or masqueraded):22/tcp:1024-65535
ssh-random:22/tcp:1-1023
#
# Telnet 
#
telnet:23/tcp:any

#
# SMTP
#
smtp:25/tcp:any

#
# Time
#
time:37/udp:1024-65535

#
# nicname (whois)
#
nicname:43/tcp:1024-65535

#
#
# DNS (both udp and tcp)
#
dns:53/udp:any
dns-tcp:53/tcp:any

#
# DHCP
#
bootps:67/udp:68
bootpc:68/udp:67

#
# Gopher
#
gopher:70/tcp:1024-65535

#
# Finger
#
finger:79/tcp:1024-65535

#
# HTTP
#
http:80/tcp:1024-65535

#
# pop3
#
pop3:110/tcp:any

#
# RPC portmap
#
rpc-portmapper:111/udp:any

#
# ident 
#
ident:113/tcp:any

#
# nntp
#
nntp:119/tcp:1024-65535

# 
# Network Time Protocol
#
ntp:123/tcp:any
ntp:123/udp:any

#
# NetBIOS
#
#netbios-ns (tcp):137/tcp:1024-65535
netbios-ns (udp):137/udp:1024-65535
netbios-ns (udp):137/udp:137
#netbios-dgm (tcp):138/tcp:1024-65535
netbios-dgm (udp):138/udp:1024-65535
netbios-dgm (udp):138/udp:138
netbios-ssn (tcp):139/tcp:1024-65535
#netbios-ssn (udp):139/udp:1024-65535

#
# IMAP
#
imap:143/tcp:1024-65535

#
# SNMP
#
snmp:161/tcp:1024-65535
snmp-udp:161/udp:1024-65535

#
# SSL
#
https:443/tcp:1024-65535


#
# Syslog
#
syslog:514/udp:514
syslog-cisco:514/udp:1024-65535

#
# Printer
#
printer:515/tcp:1-1023




#
# NFS
#
nfs:2049/udp:1024-65535


#
# standalone cvs
#
cvs-pserver:2401/tcp:1024-65535


#
# ICQ or terabase
#
icq (or terabase):4000/tcp:1024-65535

#
# Internet Relay Chat
#
irc:6665-6670/tcp:1024-65535

#
# Real Audio
#
real-audio-tcp:7070/tcp:1024-65535


#
# http proxy
#
http-proxy:8080/tcp:1024-65535


# 
# Popular Windows backdoors
# (deactivated because you usually do not want to
#  see this traffic on your network)
#
#backorifice 1.x (windows backdoor):31337/udp:1024-65535
#hack'a'tack (windows backdoor):31789/udp:31790
#deepthroat (windows backdoor):2140,3150/udp:any
#netsphere (windows backdoor):30100/tcp:any
#netsphere-ftp (windows backdoor):30102/tcp:any
#gatecrasher (windows backdoor):6969/tcp:any
#portal of doom (windows backdoor):10067,10167/tcp:any
#girlfriend (windows backdoor):21554/tcp:any
#EvilFTP (windows backdoor):23456/tcp:any
#phAse Zero (windows backdoor):555/tcp:any
#SubSeven (windows backdoor):1243,6711,6776/tcp:any

#
# BSD passive ftpd ports
#
#bsd-passive-ftp:49152-65535/tcp:1024-65535

#
# unix traceroute
#
#traceroute:33434-33700/udp:1025-65535
