Skip to content

DET0706 Detection of Non-Standard Port

Item Value
ID DET0706
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1509 (Non-Standard Port)

Analytics

Android

AN1827

Many properly configured firewalls may also naturally block command and control traffic over non-standard ports. Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs. Further detection would most likely be at the enterprise level, through packet and/or netflow inspection.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None
Network Communication (DC0113) Application Vetting None
Mutable Elements
Field Description

iOS

AN1828

Many properly configured firewalls may also naturally block command and control traffic over non-standard ports. Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs. Further detection would most likely be at the enterprise level, through packet and/or netflow inspection.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None
Network Communication (DC0113) Application Vetting None
Mutable Elements
Field Description