Common Port Control detailed

Original address: http://www.moon-soft.com/download/info/2826.htm

Port: 0
Service: Reserved
Description: Typically used to analyze the operating system. This method works because in some systems "0" is an invalid end
, you will have different results when you try to connect to it using the usual closed port. A typical scan that uses
The IP address is 0.0.0.0, and the ACK bit is set and broadcast on the Ethernet layer.

PORT: 1
Service: Tcpmux
Description: This shows someone looking for a SGI IRIX machine. IRIX is the primary provider of implementation Tcpmux, by default
Tcpmux is opened in this system. The IRIX machine in the release is containing several default password-free accounts, such as:
IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, Outofbox, etc. Many administrators forget to install
Remember to delete these accounts. So hacker searches the internet for Tcpmux and uses these accounts.

Port: 7
Service: Echo
Description: To be able to see many people searching for Fraggle amplifiers, send information to x.x.x.0 and x.x.x.255.

Port: 19
Service: Character Generator
Description: This is a service that sends only characters. The UDP version will respond to a UDP packet that contains garbage characters after it receives
Package. A TCP connection sends a stream of data that contains a garbage character until the connection is closed. Hacker using IP spoofing can send
Dynamic Dos attack. Fake UDP packets between two Chargen servers. The same Fraggle Dos attack to the destination address
This port broadcasts a packet with the spoofed victim's IP, which the victim is overloaded with in response to the data.

Port: 21
Services: FTP
Description: FTP server open port, for upload, download. The most common attackers were used to find open
The method of anonymous FTP server. These servers have a read-write directory. Trojan Doly Trojan,
Ports open to Fore, invisible FTP, WebEx, Wincrash, and Blade Runner.

Port: 22
Services: Ssh
Description: Pcanywhere established TCP and this end port connection may be to find SSH. This service has many weak
, if configured in a specific mode, many of the versions using the RSAREF library will have a number of vulnerabilities.

Port: 23
Services: Telnet
Description: Telnet, an intruder searches for UNIX services remotely. In most cases the scan of this port is for
To find the operating system that the machine is running on. And with other techniques, intruders will also find passwords. Trojan Tiny
Telnet server opens this port.

Port: 25
Services: SMTP
Description: The port that the SMTP server is open for sending messages. The intruder is looking for an SMTP server to deliver his
Their spam. The intruders ' accounts are closed and they need to be connected to a high-bandwidth e-mail server that will simply
The information is delivered to a different address. Trojan antigen, Email Password Sender, Haebu Coceda,
Shtrilitz Stealth, WINPC, winspy all open this port.

Port: 31
Service: MSG Authentication
Description: Trojan Master Paradise, Hackers Paradise Open this port.

Port: 42
Services: WINS Replication
Description: WINS replication

Port: 53
Services: Domain Name Server (DNS)
Description: The port opened by the DNS server, the intruder may be attempting to perform zone transfer (TCP), spoofing DNS
(UDP) or to hide other traffic. Therefore, firewalls often filter or record this port.

Port: 67
Service: Bootstrap Protocol Server
Description: Firewalls through DSL and cable modems often see a large number of sent to broadcast addresses 255.255.255.255
of data. These machines are requesting an address from the DHCP server. Hacker often enter them, assigning an address to
Launched a large number of man-in-the-middle (man-in-middle) attacks as a local router. Client broadcasts to port 68
Request configuration, the server broadcasts a response request to port 67. This response uses the broadcast because the client does not yet know which
To send the IP address.

Port: 69
Service: Trival File Transfer
Description: Many servers together with BOOTP provide this service to facilitate downloading of boot code from the system. But they often
Often the intruder can steal any file from the system because of an incorrect configuration. They can also be used for system write files.

Port: 79
Services: Finger Server
Description: An intruder is used to obtain user information, query the operating system, detect a known buffer overflow error, and respond from
Own machine to other machines finger scans.

PORT: 80
Services: HTTP
Description: For Web browsing. Trojan Executor open this port.

PORT: 99
Service: Metagram Relay
Description: Backdoor program ncx99 Open this port.

Port: 102
Service: Message transfer agent (MTA)-x.400 over TCP/IP
Description: Message transfer agent.

Port: 109
Services: Post Office Protocol-version3
Description: The POP3 server opens this port for receiving mail and client access to server-side mail services. POP3
The service has many recognized weaknesses. There are at least 20 weaknesses in the user name and password Exchange buffer overflow, which means
Taste the intruder can enter the system before the real landing. There were other buffer overflow errors after the successful landing.

Port: 110
Services: All ports of sun company RPC Service
Note: Common RPC services are RPC.MOUNTD, NFS, RPC.STATD, RPC.CSMD, RPC.TTYBD, AMD, etc.

Port: 113
Services: Authentication Service
Description: This is a protocol that is running on many computers to authenticate users of a TCP connection. Using the standard of this
A service can obtain information on many computers. But it can serve as a logger for many services, especially FTP, POP,
Services such as IMAP, SMTP, and IRC. Usually if there are many customers accessing these services through the firewall, they will see the Xu
Multiple connection requests for this port. Remember, if you block this port, the client will feel on the other side of the firewall
Slow connection of the e-mail server. Many firewalls support the blocking of TCP connections by sending back rst. This is going to stop
A slow connection.

Port: 119
Service: Network News Transfer Protocol
Description: News newsgroup transmission protocol, bearer Usenet communication. This port is usually connected by people looking for
Usenet server. Most ISP restrictions, only their clients can access their newsgroup servers. Open a new
Smelling group server will allow to send/read anyone's posts, access restricted newsgroup servers, anonymously post or send
SPAM.

Port: 135
Services: Location Service
Description: Microsoft runs DCE RPC end-point Mapper for its DCOM service on this port. This with
UNIX 111 ports feature very similar features. Use DCOM and RPC services to leverage the end-point mapper on your computer
Register their location. When a remote client connects to a computer, they look for a bit of end-point mapper find a service
Reset Hacker scan the computer for this port to find running Exchange Server on this computer.
What version. Some Dos attacks are also directed at this port.

Ports: 137, 138, 139
Service: NETBIOS Name Service
Description: 137, 138 are UDP ports, which are used when transferring files through the Network Neighborhood. and 139 Ports:
The connection entered through this port attempts to obtain the NETBIOS/SMB service. This protocol is used for Windows files and playing
Printing machine sharing and samba. And WINS regisrtation also use it.

Port: 143
Service: Interim Mail Access Protocol v2
Description: As with POP3 security issues, many IMAP servers have buffer overflow vulnerabilities. Remember: A
The Linux worm (ADMV0RM) will propagate through this port, so many of this port scans come from uninformed
The infected user. When Redhat in their Linux release version of the default allow IMAP, these vulnerabilities change
Very popular. This port is also used for IMAP2, but it is not popular.

Port: 161
Services: SNMP
Description: SNMP allows remote management of devices. All configuration and running information is stored in the database and can be obtained via SNMP
Get this information. Many administrator errors are configured to be exposed to the Internet. Cackers will attempt to use the default
Password public, private access to the system. They may experiment with all possible combinations. SNMP packets may be wrong
Mistakenly points to the user's network.

PORT: 177
Service: X Display Manager Control Protocol
Description: Many intruders use it to access the X-windows console, which also needs to open port 6000.

PORT: 389
Services: LDAP, ILS
Description: The Lightweight Directory Access Protocol and the NetMeeting Internet Locator server share this port.

Port: 443
Services: Https
Description: A Web browsing port that provides encryption and another HTTP for transmission over a secure port.

Port: 456
Services: [NULL]
Description: Trojan Hackers paradise open this port.

Port: 513
Service: Login,remote Login
Description: A broadcast from a UNIX computer that logs into a subnet using the cable modem or DSL. These humans into
The invaders entered their system to provide information.

Port: 544
Services: [NULL]
Description: Kerberos Kshell

Port: 548
Service: Macintosh,file Services (AFP/IP)
Description: Macintosh, File services.

Port: 553
Service: CORBA IIOP (UDP)
Description: Use the cable modem, DSL, or VLAN to see the broadcast of this port. CORBA is an object-oriented
RPC System. Intruders can use this information to enter the system.

Port: 555
Service: DSF
Description: Trojan PhAse1.0, Stealth Spy, Inikiller Open this port.

Port: 568
Service: Membership DPA
Description: Membership DPA.

Port: 569
Service: Membership MSN
Description: Membership MSN.

Port: 635
Service: MOUNTD
Description: Linux mountd bugs. This is a popular bug in the scan. Most of the scans for this port are based on
UDP, but TCP based MOUNTD has increased (Mountd runs on two ports at the same time). Remember Mountd can
Run on any port (exactly which port, need to do Portmap query on port 111), just Linux default
The port is 635, just as NFS typically runs on port 2049.

Port: 636
Services: LDAP
Description: SSL (Secure Sockets layer)

Port: 666
Service: Doom Id Software
Description: Trojan attack FTP, Satanz backdoor Open this port

Port: 993
Service: IMAP
Description: SSL (Secure Sockets layer)

Ports: 1001, 1011
Services: [NULL]
Description: Trojan silencer, WebEx Open 1001 ports. Trojan Doly Trojan open 1011 ports.

PORT: 1024
Service: Reserved
Description: It is the beginning of a dynamic port, many programs do not care which port to connect to the network, they request the system for
They assign the next idle port. Based on this point, the assignment starts with port 1024. That means the first one to the system
The requested will be assigned to port 1024. You can reboot the machine, turn on Telnet, and then open a window to run
Natstat-a will see that Telnet is assigned 1024 ports. There are also SQL sessions with this port and the 5000-port
Mouth.

Ports: 1025, 1033
Service: 1025:network Blackjack 1033:[null]
Description: Trojan Netspy open these 2 ports.

Port: 1080
Service: SOCKS
Description: This protocol passes through the firewall in a channel way, allowing people behind the firewall to access through an IP address
The INTERNET. Theoretically, it should only allow internal communication to reach the Internet. But because of the wrong configuration,
It allows attacks outside the firewall to go through the firewall. Wingate often happen this kind of mistake in joining IRC chat
This is often seen in the sky room.
PORT: 1170
Services: [NULL]
Description: Trojan streaming Audio Trojan, Psyber Stream Server, voice open this port.

Ports: 1234, 1243, 6711, 6776
Services: [NULL]
Description: Trojan SubSeven2.0, Ultors Trojan open 1234, 6776 ports. Trojan subseven1.0/1.9
Open 1243, 6711, 6776 ports.

Port: 1245
Services: [NULL]
Description: Trojan Vodoo Open this port.

Port: 1433
Services: SQL
Description: Microsoft's SQL Services open ports.

Port: 1492
Service: Stone-design-1
Description: Trojan ftp99cmp Open this port.

PORT: 1500
Service: RPC client Fixed port session queries
Description: RPC Client fixed port session query

Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120

Port: 1524
Service: Ingress
Description: Many attack scripts will install a backdoor shell on this port, especially for sun system SendMail
and RPC Service vulnerability scripts. If you have just installed a firewall to see the connection attempt on this port, it is likely
is the reason above. Try to telnet to this port on the user's computer to see if it will give you a
SHELL. Connecting to 600/pcserver also has this problem.

Port: 1600
Service: ISSD
Description: Trojan Shivka-burka Open this port.

Port: 1720
Service: NetMeeting
Description: NetMeeting h.233 call Setup.

Port: 1731
Service: NetMeeting Audio Call Control
Description: NetMeeting audio call control.

Port: 1807
Services: [NULL]
Description: Trojan Spysender Open this port.

Port: 1981
Services: [NULL]
Description: Trojan Shockrave Open this port.

Port: 1999
Service: Cisco identification port
Description: Trojan Backdoor open this port.

Port: 2000
Services: [NULL]
Description: Trojan Girlfriend 1.3, Millenium 1.0 Open this port.

Port: 2001
Services: [NULL]
Description: Trojan Millenium 1.0, Trojan Cow Open this port.

Port: 2023
Service: Xinuexpansion 4
Description: Trojan Pass Ripper Open this port.

Port: 2049
Services: NFS
Description: NFS programs often run on this port. Typically, you need to access the Portmapper query to which service is running
Port.

Port: 2115
Services: [NULL]
Description: Trojan bugs open this port.

Ports: 2140, 3150
Services: [NULL]
Description: Trojan Deep Throat 1.0/3.0 open this port.

PORT: 2500
Service: RPC client using a fixed port session replication
Description: RPC clients that apply fixed-port session replication

Port: 2583
Services: [NULL]
Description: Trojan Wincrash 2.0 Open this port.

Port: 2801
Services: [NULL]
Description: Trojan Phineas Phucker Open this port.

Ports: 3024, 4092
Services: [NULL]
Description: Trojan Wincrash Open this port.

Port: 3128
Service: Squid
Description: This is the default port for Squid HTTP proxy server. The attacker scanned the port to search for a generation
The internet is accessed anonymously by the server. You will also see Ports 8000, 8001, and search for other proxy servers.
8080, 8888. Another reason to scan this port is that the user is entering the chat room. Other users will also check this
Port to determine whether the user's machine supports proxies.

Port: 3129
Services: [NULL]
Description: Trojan Master Paradise Open this port.

Port: 3150
Services: [NULL]
Description: Trojan The Invasor open this port.

Ports: 3210, 4321
Services: [NULL]
Description: Trojan Schoolbus Open this port

Port: 3333
Service: Dec-notes
Description: Trojan Prosiak Open this port

Port: 3389
Service: Super Terminal
Description: WINDOWS 2000 terminal opens this port.

Port: 3700
Services: [NULL]
Description: Trojan Portal of Doom open this port

Ports: 3996, 4060
Services: [NULL]
Description: Trojan remoteanything Open this port

PORT: 4000
Service: QQ Client
Description: Tencent QQ client Open this port.

Port: 4092
Services: [NULL]
Description: Trojan Wincrash Open this port.

Port: 4590
Services: [NULL]
Description: Trojan Icqtrojan Open this port.

Ports: 5000, 5001, 5321, 50505
Services: [NULL]
Description: Trojan Blazer5 Open 5000 ports. Trojan sockets de Troie Open 5000, 5001, 5321,
50505 Port.

Ports: 5400, 5401, 5402
Services: [NULL]
Description: Trojan Blade Runner Open this port.

Port: 5550
Services: [NULL]
Description: Trojan xtcp Open this port.

Port: 5569
Services: [NULL]
Description: Trojan Robo-hack Open this port.

Port: 5632
Service: Pcanywere
Note: Sometimes you will see a lot of this port scan, which relies on the location of the user. When the user opens
When Pcanywere, it automatically scans the LAN Class C network for possible proxies (where agents are referred to as agent and
Not a proxy). Intruders will also look for computers that open the service. , so you should look at the source of this scan
Address. Some search Pcanywere scan packets often contain UDP packets with Port 22.

Port: 5742
Services: [NULL]
Description: Trojan WinCrash1.03 Open this port.

Port: 6267
Services: [NULL]
Description: Open this port for girls outside Muma.

Port: 6400
Services: [NULL]
Description: Trojan The thing open this port.

Ports: 6670, 6671
Services: [NULL]
Description: Trojan Deep Throat open 6670 ports. and Deep Throat 3.0 open 6671 ports.

Port: 6883
Services: [NULL]
Description: Trojan Deltasource Open this port.

Port: 6969
Services: [NULL]
Description: Trojan Gatecrasher, priority open this port.

Port: 6970
Service: RealAudio
Description: The RealAudio customer will receive the audio stream from the server's 6970-7170 UDP port. This is by
The TCP-7070 port controls the connection settings.

Port: 7000
Services: [NULL]
Description: Trojan Remote grab open this port.

Ports: 7300, 7301, 7306, 7307, 7308
Services: [NULL]
Description: Trojan Netmonitor Open this port. In addition NetSpy1.0 also open 7306 ports.

Port: 7323
Services: [NULL]
Description: Sygate server side.

Port: 7626
Services: [NULL]
Description: Trojan Giscier Open this port.

Port: 7789
Services: [NULL]
Description: Trojan Ickiller Open this port.

Port: 8000
Service: OICQ
Description: Tencent QQ Server side open this port.

Port: 8010
Service: Wingate
Description: Wingate Agent opens this port.

Port: 8080
Services: Proxy Port
Description: WWW agent opens this port.

Ports: 9400, 9401, 9402
Services: [NULL]
Description: Trojan Incommand 1.0 Open this port.

Ports: 9872, 9873, 9874, 9875, 10067, 10167
Services: [NULL]
Description: Trojan Portal of Doom opens this port.

Port: 9989
Services: [NULL]
Description: Trojan Ini-killer Open this port.

Port: 11000
Services: [NULL]
Description: Trojan Sennaspy Open this port.

Port: 11223
Services: [NULL]
Description: Trojan progenic Trojan Open this port.

Ports: 12076, 61466
Services: [NULL]
Description: Trojan Telecommando Open this port.

Port: 12223
Services: [NULL]
Description: Trojan hack ' keylogger open this port.

Ports: 12345, 12346
Services: [NULL]
Description: Trojan netbus1.60/1.70, Gabanbus Open this port.

Port: 12361
Services: [NULL]
Description: Trojan Whack-a-mole Open this port.

Port: 13223
Service: PowWow
Description: Powwow is tribal voice chat program. It allows the user to open a private chat connection on this port.
This procedure is very offensive for establishing a connection. It will be stationed in response to this TCP port. Cause a similar Heart
The connection request for the hop interval. If a dial-up user inherits an IP address from another chat, it will happen as if
There are a lot of different people testing this port. This protocol uses Opng as the first 4 words of its connection request
Section.

Port: 16969
Services: [NULL]
Description: Trojan priority open this port.

Port: 17027
Service: Conducent
Description: This is an outward connection. This is because someone inside the company has a conducent"adbot" share
Software. conducent"adbot" is a display of advertising services for shared software. The use of this service is a popular soft
The piece is pkware.

Port: 19191
Services: [NULL]
Description: Trojan Blue flame opens this port.

Ports: 20000, 20001
Services: [NULL]
Description: Trojan Millennium Open this port.

Port: 20034
Services: [NULL]
Description: Trojan NetBus Pro Open this port.

Port: 21554
Services: [NULL]
Description: Trojan girlfriend Open this port.

Port: 22222
Services: [NULL]
Description: Trojan Prosiak Open this port.

Port: 23456
Services: [NULL]
Description: Trojan Evil ftp, Ugly FTP open this port.

Ports: 26274, 47262
Services: [NULL]
Description: Trojan Delta opens this port.

Port: 27374
Services: [NULL]
Description: Trojan SubSeven 2.1 Open this port.

Port: 30100
Services: [NULL]
Description: Trojan Netsphere Open this port.

Port: 30303
Services: [NULL]
Description: Trojan Socket23 Open this port.

Port: 30999
Services: [NULL]
Description: Trojan Kuang Open this port.

Ports: 31337, 31338
Services: [NULL]
Description: Trojan Bo (Back orifice) opens this port. In addition Trojan Deepbo also open 31338 ports.

Port: 31339
Services: [NULL]
Description: Trojan Netspy DK Open this port.

Port: 31666
Services: [NULL]
Description: Trojan Bowhack Open this port.

Port: 33333
Services: [NULL]
Description: Trojan Prosiak Open this port.

Port: 34324
Services: [NULL]
Description: Trojan tiny Telnet Server, Biggluck, TN open this port.

Port: 40412
Services: [NULL]
Description: Trojan The spy open this port.

Ports: 40421, 40422, 40423, 40426,
Services: [NULL]
Description: Trojan Masters Paradise Open this port.

Ports: 43210, 54321
Services: [NULL]
Description: Trojan schoolbus 1.0/2.0 Open this port.

Port: 44445
Services: [NULL]
Description: Trojan Happypig Open this port.

Port: 50766
Services: [NULL]
Description: Trojan Fore Open this port.

Port: 53001
Services: [NULL]
Description: Trojan Remote Windows shutdown open this port.

Port: 65000
Services: [NULL]
Description: Trojan Devil 1.03 open this port.

PORT: 88
Description: Kerberos krb5. In addition 88 ports of TCP are this use also.

Port: 137
Description: SQL Named pipes encryption over others protocols name lookup (other protocol names
Called SQL named pipe encryption technology on lookup) and SQL RPC encryption over the other protocols name
Lookup (SQL RPC encryption technology on other protocol name lookups) and WINS NetBT name service (WINS
NetBT name Service) and WINS proxy use this port.

Port: 161
Description: Simple Network Management Protocol (SMTP) (Easy Network Management Protocol).

Port: 162
Description: SNMP Trap (SNMP traps)

Port: 445
Description: Common Internet File System (CIFS) (Public internet filesystem)

Port: 464
Description: Kerberos kpasswd (V5). In addition 464 ports of TCP are this use also.

Port: 500
Description: Internet Key Exchange (IKE) (Internet Key exchange)

Ports: 1645, 1812
Description: Remot authentication dial-in User
Service (RADIUS) authentication (Routing and remote Access) (Remotely authenticated dial-up User Service)
Works

Ports: 1646, 1813
Description: RADIUS accounting (Routing and Remote Access) (RADIUS accounting (Routing and tele-visit
asked))

Port: 1701
Description: Layer Two tunneling Protocol (L2TP) (2nd Floor Tunnel Protocol)

Ports: 1801, 3527
Description: Microsoft Messages Queue Server (Microsoft Message Queuing servers). and TCP.
135, 1801, 2101, 2103, 2105 are the same use.

Port: 2504
Description: Network Load Balancing (network balance load)