As I'm sure we're all aware, when running discovery scans (Maps) and vulnerability scans, we can specify additional ports to be scanned, either during the vuln scan, map scan or the host discovery.
I'm wondering if others would mind adding their practice on this?
I have added ports 1433, 1434, 1435 when scanning SQL Servers as I have found DBA's using sequential port numbers for additional instances. Of course, there are plenty of others (3390 which I've found running RDP, Telnet found on ports other than 23 and so on).
Just curious if others could list ports they they have added and why?