Common port functions: Windows Port Encyclopedia

Different ports have different functions I hope we can get something out of it.

0 is typically used to analyze the operating system. This approach works because "0" is an invalid port in some systems and will produce different results when you try to connect to it using a common closed port. A typical scan: Use an IP address of 0.0.0.0 to set the ACK bit and broadcast on the Ethernet layer.

1 Tcpmux This shows someone looking for the SGI IRIX machine. IRIX is the primary provider of implementation Tcpmux, and Tcpmux is opened in this system by default. The Iris Machine is released with several default password-free accounts, such as LP, Guest, UUCP, NUUCP, demos, tutor, Diag, Ezsetup, Outofbox, and 4Dgifts. Many administrators forgot to delete these accounts after installation. So hacker search Tcpmux on the Internet and use these accounts.

7 Echo You can see the information that many people send to x.x.x.0 and x.x.x.255 when they search for Fraggle amplifiers. A common Dos attack is the Echo loop (Echo-loop), where an attacker forges a UDP packet sent from one machine to another, and two machines respond to the packets in their quickest way. Another thing is a TCP connection established by DoubleClick in the word port. There is a product called the "resonate Global Dispatch", which is connected to the port at this end of DNS to determine the most recent route. Harvest/squid cache will send UDP echo from port 3130: "If the cache's source_ping on option is turned on, it will respond to a hit reply on the original host's UDP Echo port." "This will produce many such packets.

One sysstat this is a UNIX service that lists all the running processes on the machine and what it is that started these processes. This provides intruders with a lot of information that threatens the safety of the machine, such as exposing certain vulnerabilities or accounts known to the program. This is similar to the result of the "PS" command in UNIX systems. Say again: ICMP has no port, ICMP Port 11 is usually ICMP type=11.

Chargen This is a service that sends only characters. The UDP version will respond to packets that contain junk characters after the UDP packet is received. When a TCP connection is sent, the data stream that contains the garbage character is known to be closed. Hacker uses IP spoofing to launch a Dos attack. Fake UDP packets between two Chargen servers. Because the server attempted to respond to an unlimited round-trip data communication between two servers one chargen and Echo will cause the server to overload. The same Fraggle DOS attack broadcasts a packet of spoofed victim IP to this port on the destination address, and the victim is overloaded in response to the data.

FTP The most common attacker is used to find ways to open the FTP server for "anonymous". These servers have a read-write directory. These servers are used by hackers or crackers as nodes to transfer warez (private programs) and pron.

SSH PcAnywhere the connection between TCP and this port may be to find SSH. There are many weaknesses in this service. Many versions that use the RSAREF library have a number of vulnerabilities if configured to a specific pattern. (It is recommended that you run SSH on a different port.) It should also be noted that the SSH Toolkit comes with a program called Make-ssh-known-hosts. It scans the entire domain for SSH hosts. You are sometimes accidentally scanned by someone using the program. UDP (not TCP) connected to the 5632 port on the other end means there is a scan for the search pcanywhere. The 5632 (16-0x1600) bit is exchanged after the 0x0016 (22 of the system).

A Telnet intruder searches for remote UNIX services. In most cases, intruders scan this port to find the operating system that the machine is running on. In addition to using other techniques, intruders will find the password.

The SMTP attacker (spammer) is looking for an SMTP server to pass their spam. An intruder's account is always closed, and they need to dial up to a high-bandwidth e-mail server to deliver simple information to different addresses. SMTP servers (especially SendMail) are one of the most common ways to get into the system, because they must be fully exposed to the Internet and the routing of Messages is complex (exposed + complex = weakness).

The DNS hacker or crackers may be attempting to perform zone transfer (TCP), spoof DNS (UDP), or hide other traffic. Therefore, firewalls often filter or record port 53. Note that you will often see 53 ports as UDP source ports. Unstable firewalls typically allow this communication and assume that this is a reply to a DNS query. Hacker often use this method to penetrate a firewall.