These port traffic graphs are generated from aggregate Abilene netflow data, sampled at 1:100.

port	protocol	service	best practice	vulnerability / exploit / notes
1	tcp	.	.
1	udp	.	.
8	tcp	.	.
13	tcp	Daytime Protocol (RFC-867)	.
13	udp	Daytime Protocol (RFC-867)	.
20	tcp	ftp-data	.
21	tcp	ftp	.
22	tcp	ssh	.
23	tcp	telnet	.
25	tcp	smtp	.	CA-2003-07: Remote Buffer Overflow in Sendmail CA-2003-12: Buffer Overflow in Sendmail CA-2003-25: Buffer Overflow in Sendmail
37	tcp	Time Protocol (RFC-868)	.
37	udp	Time Protocol (RFC-868)	.
42	tcp	WINS server replication protocol	.	US-CERT VU#145134: WINS Vulnerability MS04-045
42	udp	WINS	.	US-CERT VU#145134: WINS Vulnerability
53	tcp	dns	.	CA-2002-31: Multiple Vulnerabilities in BIND
53	udp	dns	.	CA-2002-31: Multiple Vulnerabilities in BIND
67	udp	dhcp server	.
68	udp	dhcp client	.
69	udp	tftp	.	CA-2003-20: W32/Blaster worm
80	tcp	http	.	CA-2002-27: Apache/mod_ssl Worm CA-2002-33: Heap Overflow Vulnerability in Microsoft Data Access Components (MDAC) CA-2003-09: Buffer Overflow in Core Microsoft Windows DLL Current Activity 08/18/2003: W32/Welchia Worm
111	tcp	Sun RPC and Portmapper	.	CA-2002-26: Buffer Overflow in CDE ToolTalk
111	udp	Sun RPC and Portmapper	.	CA-2002-26: Buffer Overflow in CDE ToolTalk
123	tcp	Network Time Protocol (RFC-1305)	.
123	udp	Network Time Protocol (RFC-1305)	.
135	tcp	Microsoft RPC; DCE Locator service aka end-point mapper, epmap	link	CA-2003-16: Buffer Overflow in Microsoft RPC CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface CA-2003-20: W32/Blaster worm Current Activity 08/18/2003: W32/Welchia Worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
135	udp	Microsoft RPC; DCE Locator service aka end-point mapper, epmap	link	CA-2003-16: Buffer Overflow in Microsoft RPC CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface CA-2003-20: W32/Blaster worm Current Activity 08/18/2003: W32/Welchia Worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
137	udp	netbios-name	link	CA-2003-08: Increased Activity Targeting Windows Shares CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
138	udp	netbios-datagram	link	CA-2003-08: Increased Activity Targeting Windows Shares CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
139	tcp	netbios-session	link	CA-2003-03: Buffer Overflow in Windows Locator Service CA-2003-08: Increased Activity Targeting Windows Shares CA-2003-16: Buffer Overflow in Microsoft RPC CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface CA-2003-20: W32/Blaster worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
139	udp	netbios-session	link	CA-2003-03: Buffer Overflow in Windows Locator Service CA-2003-08: Increased Activity Targeting Windows Shares CA-2003-16: Buffer Overflow in Microsoft RPC CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface CA-2003-20: W32/Blaster worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
143	tcp	imap	.
257	tcp	SET (secure electronic transaction); Firewall 1 management console	.
257	udp	SET (secure electronic transaction); Firewall 1 management console	.
443	tcp	https	link	CA-2002-27: Apache/mod_ssl Worm
443	udp	https	link	CA-2002-27: Apache/mod_ssl Worm
444	tcp	snpp	.	CA-2002-35: Vulnerability in RaQ Server Appliances
445	tcp	microsoft-ds	link	CA-2003-03: Buffer Overflow in Windows Locator Service CA-2003-08: Activity Targeting Windows Shares CA-2003-16: Buffer Overflow in Microsoft RPC CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface CA-2003-20: W32/Blaster worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
445	udp	microsoft-ds	link	CA-2003-03: Buffer Overflow in Windows Locator Service CA-2003-08: Activity Targeting Windows Shares CA-2003-16: Buffer Overflow in Microsoft RPC CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface CA-2003-20: W32/Blaster worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
447	tcp	.	.	Bobax
447	udp	.	.	Bobax
513	tcp	rlogin	.	ISS: rlogin multiple vulnerabilities
554	tcp	rtsp	.	VU#934932: RealNetworks media server RTSP protocol parser buffer overflow
554	udp	rtsp	.	VU#934932: RealNetworks media server RTSP protocol parser buffer overflow
593	tcp	http-rpc-epmap	link	CA-2003-20: W32/Blaster worm CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
617	tcp	Arkeia Server Backup	.	BugTraq
901	tcp	.	.	Backdoor.NetDevil control
902	tcp	.	.	Backdoor.NetDevil keylogging
903	tcp	.	.	Backdoor.NetDevil file transfer
1023	tcp	.	.
1024	tcp	.	.
1025	tcp	.	.	First dynamically assigned port. RPC and LSA exploit attempts against Windows.
1030	tcp	.	.
1030	udp	.	.
1080	tcp	.	.	socks, wingate; MyDoom
1080	udp	.	.	socks, wingate; MyDoom
1433	tcp	.	.	Microsoft-SQL-Server
1433	udp	.	.	Microsoft-SQL-Server
1434	tcp	Microsoft-SQL-Monitor	.	CA-2003-04: MS-SQL Server Worm
1434	udp	Microsoft-SQL-Monitor	.	CA-2003-04: MS-SQL Server Worm
1524	tcp	.	.	Trinoo
1666	tcp	Netview-AIX-6, Perforce Software Configuration Server	.
1720	tcp	H.323 call signaling	.	CA-2004-01: Multiple H.323 Message Vulnerabilities
1863	tcp	MSN Messenger	.
1720	udp	H.323 call signaling	.	CA-2004-01: Multiple H.323 Message Vulnerabilities
2100	tcp	Oracle XMLDB FTP	.
2745	tcp	URBISNET	.	Many variants of W32/Beagle malicious code
2745	udp	URBISNET	.	Many variants of W32/Beagle malicious code
2967	tcp	SAV CE managed clients	.
3127	tcp	.	.	Current Activity 01/26/04: W32/Mydoom.A or W32/Novarg Current Activity 02/10/04: W32/Mydoom.C or W32.HLLW.Doomjuice
3128	tcp	.	.	Current Activity 01/26/04: W32/Mydoom.A or W32/Novarg Current Activity 02/10/04: W32/Mydoom.C or W32.HLLW.Doomjuice
3133	tcp	.	.	Nucrypt
3306	tcp	MySQL	.
3372	tcp	MSDTC	.
3389	tcp	Microsoft RDP (remote desktop protocol)	.
3628	tcp	Trend Micro ServerProtect	.	TA07-235A: Trend Micro ServerProtect Contains Multiple Vulnerabilities
4080	tcp	.	.	Cutwail
4099	tcp	.	.	Srizbi
4099	udp	.	.	Srizbi
4444	tcp	unassigned*	.	CA-2003-20: W32/Blaster worm
4662	tcp	.	.
4899	tcp	Radmin	.
5168	tcp	Trend Micro ServerProtect	.	TA07-235A: Trend Micro ServerProtect Contains Multiple Vulnerabilities
5250	tcp	Computer Associates iGateway	.
5554	tcp	.	.	Sasser opens a FTP server on 5554 to deliver worm exectutable to exploited systems, LURHQ: Sasser Dabber exploits a vulnerability of the Sasser FTP server, LURHQ: Dabber
5900	tcp	VNC	.
6000	tcp	X Windows	.
6050	tcp	.	.
6070	tcp	.	.
6101	tcp	.	.
6106	tcp	.	.
6129	tcp	unassigned*	.	Current Activity 12/26/2003: Systems compromised via buffer overflow in DameWare
6667	tcp	IRC	.
6668	tcp	IRC	.
6669	tcp	IRC	.
7000	tcp	IRC	.
7100	tcp	X font service	.
7100	udp	X font service	.
7871	udp	.	.	Trojan.Peacommi
8080	tcp	.	.	Current Activity 01/26/04: W32/Mydoom.A or W32/Novarg Current Activity 02/10/04: W32/Mydoom.C or W32.HLLW.Doomjuice Trojan-Proxy:W32/Wopla.AG
8181	tcp	.	.	backdoor port for Erkez aka Safi Erkez
8866	tcp	.	.	Beagle
9898	tcp	.	.
10000	tcp	.	.	Veritas Backup Exec Agent for Windows Remote File Access Issue
10080	tcp	.	.	W32/MyDoom.B Virus
11271	udp	.	.	Trojan.Peacommi
11768	tcp	.	.
15118	tcp	.	.
17300	tcp	.	.	SpyBot; Kuang2
27374	tcp	.	.	SubSeven; Kuang2
31337	tcp	Back Orifice	.
31337	udp	Back Orifice	.
32773	tcp	.	.
41523	tcp	.	.