function and classification of network ports

One, what is the port.
Before we start talking about ports, let's talk about what port is. Often heard on the network "My host opened a number of port, will not be invaded AH." "or" it would be safer to open that port. Again, my service should correspond to what Port AH. Oh It's amazing. How a host has so many strange port on it. What's the effect of this port?

Because the service features of each network are different, therefore, it is necessary to send different packets to different services to deal with, so, when your host also opened the FTP and WWW service, then the other people sent the data packets, will be in accordance with TCP above the port number to FTP this service or is WWW this Services to deal with, of course, will not be messed up. (Note: hehe.) Some friends who have little access to the internet often ask, "Gee." Why your computer also has FTP, WWW, e-mail so many services, but people pass information to come over, your computer how to know how to judge. Is the computer really not misjudged? "Now you know why." That's right. It's because port is different. You can think of that. One day, you have to go to the bank to save money, the bank can think of as "host", then, of course, the bank is not only a business, there are quite a number of windows, then when you enter the door, the service staff at the door will ask you: "Hi." How are you doing? You have to do something. "You said to him:" I want to save money AH. "The waiter will then tell you:" Drink. Go to Window third, then. The people over there will help you. "You're not going to run to other windows at this point," he said. "" These windows can be thought of as "port". So, yes. Each service has a specific port on the monitor. You don't have to worry about a problem that the computer will misjudge. ）

· Each TCP online must be initiated by one end (usually the client). This port is typically selected with a port number greater than 1024 randomly. Its TCP packets will (and only) SYN flags be set up. This is the entire online first packet;

· If the other end (usually the Server) accepts the request (of course, a special service needs to be done with a special port, such as Port 21 of FTP), the entire online second packet is sent back to the requesting end. In addition to the SYN flag at the same time also set up the ACK flag, and at the same time in the local set up resources for online needs;

· Then, the request side gets the first response of the service packet, must respond to each other a confirmation packet, at this time the packet only with ACK flag (in fact, all subsequent online packets must have an ACK flag);

· Only when the server receives the request-side acknowledgment (ACK) packet (that is, the third package that is online), can the two ends be formally established. This is the principle of the so-called ' three-segment handshake (three-way handshake) ', which is called TCP online.

After the three-direction hand-held, hehe. Your client port is usually more than 1024 of the randomly obtained port as for the host side, it depends on which port the service is opened, such as WWW option 80 and FTP 21 as the normal online channel.

All in all, the port we are talking about here is not the I/O port of the computer hardware, but the concept of software form. Tools provide different types of service, with ports divided into two types, TCP ports and UDP ports. Computer communication between the time, divided into two ways: one is to send information, you can confirm the arrival of information, that is, the answer is the way, most of the use of TCP protocol; One is sent after the no matter, not to confirm the arrival of information, this way most of the use of UDP protocol. The ports that correspond to the services provided by the two Protocols are also classified as TCP ports and UDP ports.

Then, if the attacker uses software to scan the target computer and gets the port that the target computer is opening, it also knows what the target computer is providing for those services. As we all know, there must be a flaw in the service software provided by the service, by which an attacker can achieve a rudimentary understanding of the target computer. If the computer has too many ports open, managers do not know, then, there are two situations: one is the provision of services and managers do not notice, such as the installation of IIS, the software will automatically increase a lot of services, and the administrator may not notice; one is the server is installed Trojan Horse, through a special port for communication. Both of these situations are very dangerous, in the final analysis, the administrator is not aware of server services provided, reducing the system safety factor.

second, the range of port number: 1~65535

third, the port concept
In Network technology, ports (port) generally have two meanings: first, the physical port, for example, ADSL Modem, hubs, switches, routers to connect other network devices, such as RJ-45 Port, SC port and so on. The second is the logical port, generally refers to the TCP/IP protocol in the port, the range of port number from 0 to 65535, such as for browsing Web Services 80 port, for the FTP service 21 ports and so on.

What we are going to introduce here is the logical port. The port we are talking about here is not the I/O port of the computer hardware, but the concept of the software form. Tools provide different types of service, ports are divided into two types, one is TCP port and the other is UDP port. Computer communication between the time, divided into two ways: one is to send information, you can confirm the arrival of information, that is, the answer is the way, most of the use of TCP protocol; One is sent after the no matter, not to confirm the arrival of information, this way most of the use of UDP protocol. The ports that correspond to the services provided by the two Protocols are also classified as TCP ports and UDP ports.

View ports: You can see the port number and status of TCP and UDP connections displayed in digital form.

Four, the network port classification:

By the port number can be divided into 3 major categories:
(1) Accepted port (well-knownports): range from 0 to 1023

They are tightly bound (binding) to some services. Usually the communication of these ports clearly indicates the protocol of some kind of service. For example, 21 ports are assigned to the FTP service, 25 ports are assigned to the SMTP (Simple Mail Transfer Protocol) service, 80 ports are assigned to the HTTP service, 135 ports are assigned to RPC (remote procedure Call) services, and so on.

When we enter a URL in IE's address bar (such as www.cce.com.cn), we do not have to specify the port number, because the WWW service's port number is "80" by default.
Network services can use other port numbers, and if they are not the default port number, you should specify the port number on the address bar by adding a colon ":" (Half-width) to the address, plus the port number. For example, use "8080" as the port of WWW service, you need to enter "www.cce.com.cn:8080" in the Address bar.
However, some system protocols use a fixed port number, which cannot be changed, such as 139 ports dedicated to communication between NetBIOS and TCP/IP, and cannot be manually changed.

(2) Dynamic Ports: range from 1024 to 65535
It is called a dynamic port because it generally does not allocate a service in a fixed way, but dynamically allocates it. Dynamic allocation means that when a system process or application process requires network communication, it requests a port from the host, and the host allocates one for its use from the available port number. When this process is closed, the port number that is occupied is also released.

(2.1) Registration port (registeredports): from 1024 to 49151. They are loosely bound to some services. This means that there are many services that are bound to these ports and are used for many other purposes. For example, many systems handle dynamic ports starting at around 1024.

(2.2) dynamic and/or private ports (dynamicand/orprivateports): from 49152 to 65535. In theory, these ports should not be assigned to services. In fact, machines typically allocate dynamic ports from 1024. But there are exceptions: Sun's RPC port starts at 32768.

v. Some common port numbers and their uses are as follows:

Port: 0
Service: Reserved
Description: Typically used to analyze the operating system. This approach works because "0" is an invalid port in some systems and will produce different results when you try to connect to it using the usual closed ports. A typical scan, using an IP address of 0.0.0.0, sets the ACK bit and broadcasts over the Ethernet layer.
PORT: 1
Service: Tcpmux
Description: This shows someone looking for a SGI IRIX machine. IRIX is the primary provider of implementation Tcpmux, and Tcpmux is opened in this system by default. The IRIX machine is published with several default password-free accounts, such as IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, Outofbox, and so on. Many administrators forgot to delete these accounts after installation. So hacker searches the internet for Tcpmux and uses these accounts.

Port: 7
Service: Echo
Description: To be able to see many people searching for Fraggle amplifiers, send information to x.x.x.0 and x.x.x.255.

Port: 19
Service: Character Generator
Description: This is a service that sends only characters. The UDP version will respond to packets that contain junk characters after the UDP packet is received. A TCP connection sends a stream of data that contains a garbage character until the connection is closed. Hacker uses IP spoofing to launch a Dos attack. Fake UDP packets between two Chargen servers. The same Fraggle DOS attack broadcasts a packet of spoofed victim IP to this port on the destination address, and the victim is overloaded in response to the data.

Port: 21
Services: FTP
Description: FTP server open port, for upload, download. The most common use of attackers is to find ways to open anonymous FTP servers. These servers have a read-write directory. Trojans doly ports open to Trojan, Fore, invisible FTP, WebEx, Wincrash, and Blade Runner.

Port: 22
Services: Ssh
Description: Pcanywhere established TCP and this end port connection may be to find SSH. There are many weaknesses in this service, and if configured in a specific pattern, many of the versions using the RSAREF library will have a number of vulnerabilities.

Port: 23
Services: Telnet
Description: Telnet, an intruder searches for UNIX services remotely. In most cases, this port is scanned to find the operating system on which the machine is running. And with other techniques, intruders will also find passwords. Trojan Tiny Telnet Server to open this port.

Port: 25
Services: SMTP
Description: The port that the SMTP server is open for sending messages. Intruders are looking for SMTP servers to pass on their spam. The intruders ' accounts are closed and they need to be connected to a high-bandwidth e-mail server to deliver simple information to different addresses. Trojan antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WINPC, winspy all open this port.

Port: 31
Service: MSG Authentication
Description: Trojan Master Paradise, Hackers Paradise Open this port.

Port: 42
Services: WINS Replication
Description: WINS replication

Port: 53
Services: Domain Name Server (DNS)
Description: A port that is open to a DNS server, an intruder may be attempting to perform zone transfer (TCP), spoof DNS (UDP), or hide other traffic. Therefore, firewalls often filter or record this port.

Port: 67
Service: Bootstrap Protocol Server
Description: Firewalls from DSL and cable modems often see large numbers of data sent to broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. Hacker often enter them, assigning an address that initiates a large number of man-in-the-middle (man-in-middle) attacks as a local router. The client broadcasts the request configuration to the 68-port broadcast, and the servers broadcast the response request to port 67. This response uses the broadcast because the client is unaware of the IP address that can be sent.

Port: 69
Service: Trival File Transfer
Description: Many servers together with BOOTP provide this service to facilitate downloading of boot code from the system. But they often cause intruders to steal any file from the system because of misconfigured configuration. They can also be used for system write files.

Port: 79
Services: Finger Server
Description: An intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond from its own machine to other machine finger scans.

PORT: 80
Services: HTTP
Description: For Web browsing. Trojan Executor open this port.

PORT: 99
Service: Metagram Relay
Description: Backdoor program ncx99 Open this port.

Port: 102
Service: Message transfer agent (MTA)-x.400 over TCP/IP
Description: Message transfer agent.

Port: 109
Services: Post Office Protocol-version3
Description: The POP3 server opens this port for receiving mail and client access to server-side mail services. The POP3 service has many recognized weaknesses. There are at least 20 weaknesses in the user name and password Exchange buffer overflow, which means the intruder can enter the system before a real login. There were other buffer overflow errors after the successful landing.

Port: 110
Services: All ports of sun company RPC Service
Note: Common RPC services are RPC.MOUNTD, NFS, RPC.STATD, RPC.CSMD, RPC.TTYBD, AMD, etc.

Port: 113
Services: Authentication Service
Description: This is a protocol that is running on many computers to authenticate users of a TCP connection. Using a standard service of this kind can obtain information on many computers. However, it can serve as a logger for many services, especially FTP, POP, IMAP, SMTP, and IRC services. Usually if there are many customers accessing these services through the firewall, they will see many connection requests for this port. Remember, if this port is blocked, the client will feel a slow connection to the e-mail server on the other side of the firewall. Many firewalls support the blocking of TCP connections by sending back rst. This will stop the slow connection.

Port: 119
Service: Network News Transfer Protocol
Description: News newsgroup transmission protocol, bearer Usenet communication. This port is usually connected by people looking for Usenet servers. Most ISP restrictions, only their clients can access their newsgroup servers. Opening a newsgroup server will allow you to send/read anyone's posts, visit a Restricted newsgroup server, post anonymously, or send spam.

Port: 135
Services: Location Service
Description: Microsoft runs DCE RPC end-point Mapper for its DCOM service on this port. This is similar to the capabilities of UNIX 111 ports. Services that use DCOM and RPC use the end-point mapper on the computer to register their location. When remote clients connect to the computer, they look for the location where the end-point mapper find the service. Hacker scan the computer for this port to find running Exchange Server on this computer. What version. Some Dos attacks are also directed at this port.

Ports: 137, 138, 139
Service: NETBIOS Name Service
Description: 137, 138 are UDP ports, which are used when transferring files through the Network Neighborhood. and port 139: Access through this port attempts to obtain the NETBIOS/SMB service. This protocol is used for Windows file and printer sharing and samba. And WINS regisrtation also use it.

Port: 143
Service: Interim Mail Access Protocol v2
Description: As with POP3 security issues, many IMAP servers have buffer overflow vulnerabilities. Remember: a Linux worm (ADMV0RM) will breed through this port, so many of this port scans come from unsuspecting, infected users. These vulnerabilities become popular when REDHAT allows IMAP by default in their Linux release versions. This port is also used for IMAP2, but it is not popular.

Port: 161
Services: SNMP
Description: SNMP allows remote management of devices. All configuration and running information is stored in the database and can be obtained through SNMP. Many administrator errors are configured to be exposed to the Internet. Cackers will attempt to use the default password public, private access system. They may experiment with all possible combinations. SNMP packets may be incorrectly pointing to the user's network.

PORT: 177
Service: X Display Manager Control Protocol
Description: Many intruders use it to access the X-windows console, which also needs to open port 6000.

PORT: 389
Services: LDAP, ILS
Description: The Lightweight Directory Access Protocol and the NetMeeting Internet Locator server share this port.

Port: 443
Services: Https
Description: A Web browsing port that provides encryption and another HTTP for transmission over a secure port.

Port: 456
Services: [NULL]
Description: Trojan Hackers paradise open this port.

Port: 513
Service: Login,remote Login
Description: A broadcast from a UNIX computer that logs into a subnet using the cable modem or DSL. These people provide information for intruders entering their systems.

Port: 544
Services: [NULL]
Description: Kerberos Kshell

Port: 548
Service: Macintosh,file Services (AFP/IP)
Description: Macintosh, File services.

Port: 553
Service: CORBA IIOP (UDP)
Description: Use the cable modem, DSL, or VLAN to see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.

Port: 555
Service: DSF
Description: Trojan PhAse1.0, Stealth Spy, Inikiller Open this port.

Port: 568
Service: Membership DPA
Description: Membership DPA.

Port: 569
Service: Membership MSN
Description: Membership MSN.

Port: 635
Service: MOUNTD
Description: Linux mountd bugs. This is a popular bug in the scan. Most scans of this port are based on UDP, but TCP-based mountd have increased (Mountd runs on two ports at the same time). Remember that MOUNTD can run on any port (which is the port where you need to do PORTMAP queries on port 111), but the Linux default port is 635, just as NFS typically runs on port 2049.

Port: 636
Services: LDAP
Description: SSL (Secure Sockets layer)

Port: 666
Service: Doom Id Software
Description: Trojan attack FTP, Satanz backdoor Open this port

Port: 993
Service: IMAP
Description: SSL (Secure Sockets layer)

Ports: 1001, 1011
Services: [NULL]
Description: Trojan silencer, WebEx Open 1001 ports. Trojan Doly Trojan open 1011 ports.

PORT: 1024
Service: Reserved
Description: It is the beginning of a dynamic port, and many programs do not care which port to connect to the network, they request the system to assign them the next idle port. Based on this point, the assignment starts with port 1024. This means that the first request to the system is assigned to port 1024. You can reboot the machine, turn on Telnet, and then open a window to run Natstat-a will see Telnet assigned 1024 ports. There are also SQL sessions with this port and 5000 ports.

Ports: 1025, 1033
Service: 1025:network Blackjack 1033:[null]
Description: Trojan Netspy open these 2 ports.

Port: 1080
Service: SOCKS
Description: This protocol passes through the firewall in a channel way, allowing people behind the firewall to access the Internet via an IP address. Theoretically, it should only allow internal communication to reach the Internet. However, because of the wrong configuration, it will allow attacks outside the firewall to pass through the firewall. This Wingate often happens when you join an IRC chat room.
PORT: 1170
Services: [NULL]
Description: Trojan streaming Audio Trojan, Psyber Stream Server, voice open this port.

Ports: 1234, 1243, 6711, 6776
Services: [NULL]
Description: Trojan SubSeven2.0, Ultors Trojan open 1234, 6776 ports. Trojan subseven1.0/1.9 Open 1243, 6711, 6776 ports.

Port: 1245
Services: [NULL]
Description: Trojan Vodoo Open this port.

Port: 1433
Services: SQL
Description: Microsoft's SQL Services open ports.

Port: 1492
Service: Stone-design-1
Description: Trojan ftp99cmp Open this port.

PORT: 1500
Service: RPC client Fixed port session queries
Description: RPC Client fixed port session query

Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120

Port: 1524
Service: Ingress
Description: Many attack scripts will install a backdoor shell on this port, especially for SendMail and RPC service vulnerabilities in Sun systems. If you have just installed a firewall to see the connection attempt on this port, most likely this is the reason. Try to telnet to this port on the user's computer to see if it will give you a shell. Connecting to 600/pcserver also has this problem.

Port: 1600
Service: ISSD
Description: Trojan Shivka-burka Open this port.

Port: 1720
Service: NetMeeting
Description: NetMeeting h.233 call Setup.

Port: 1731
Service: NetMeeting Audio Call Control
Description: NetMeeting audio call control.

Port: 1807
Services: [NULL]
Description: Trojan Spysender Open this port.

Port: 1981
Services: [NULL]
Description: Trojan Shockrave Open this port.

Port: 1999
Service: Cisco identification port
Description: Trojan Backdoor open this port.

Port: 2000
Services: [NULL]
Description: Trojan Girlfriend 1.3, Millenium 1.0 Open this port.

Port: 2001
Services: [NULL]
Description: Trojan Millenium 1.0, Trojan Cow Open this port.

Port: 2023
Service: Xinuexpansion 4
Description: Trojan Pass Ripper Open this port.

Port: 2049
Services: NFS
Description: NFS programs often run on this port. You typically need to access the Portmapper query which port this service runs on.

Port: 2115
Services: [NULL]
Description: Trojan bugs open this port.

Ports: 2140, 3150
Services: [NULL]
Description: Trojan Deep Throat 1.0/3.0 open this port.

PORT: 2500
Service: RPC client using a fixed port session replication
Description: RPC clients that apply fixed-port session replication

Port: 2583
Services: [NULL]
Description: Trojan Wincrash 2.0 Open this port.

Port: 2801
Services: [NULL]
Description: Trojan Phineas Phucker Open this port.

Ports: 3024, 4092
Services: [NULL]
Description: Trojan Wincrash Open this port.

Port: 3128
Service: Squid
Description: This is the default port for Squid HTTP proxy server. The attacker scanned the port for anonymous access to the Internet in search of a proxy server. You will also see Ports 8000, 8001, 8080, and 8888 that search for other proxy servers. Another reason to scan this port is that the user is entering the chat room. Other users will also check this port to determine whether the user's machine supports proxies.

Port: 3129
Services: [NULL]
Description: Trojan Master Paradise Open this port.

Port: 3150
Services: [NULL]
Description: Trojan The Invasor open this port.

Ports: 3210, 4321
Services: [NULL]
Description: Trojan Schoolbus Open this port

Port: 3333
Service: Dec-notes
Description: Trojan Prosiak Open this port

Port: 3389
Service: Super Terminal
Description: WINDOWS 2000 terminal opens this port.

Port: 3700
Services: [NULL]
Description: Trojan Portal of Doom open this port

Ports: 3996, 4060
Services: [NULL]
Description: Trojan remoteanything Open this port

PORT: 4000
Service: QQ Client
Description: Tencent QQ client Open this port.

Port: 4092
Services: [NULL]
Description: Trojan Wincrash Open this port.

Port: 4590
Services: [NULL]
Description: Trojan Icqtrojan Open this port.

Ports: 5000, 5001, 5321, 50505
Services: [NULL]
Description: Trojan Blazer5 Open 5000 ports. Trojan sockets de Troie Open 5000, 5001, 5321, 50505 ports.

Ports: 5400, 5401, 5402
Services: [NULL]
Description: Trojan Blade Runner Open this port.

Port: 5550
Services: [NULL]
Description: Trojan xtcp Open this port.

Port: 5569
Services: [NULL]
Description: Trojan Robo-hack Open this port.

Port: 5632
Service: Pcanywere
Note: Sometimes you will see a lot of this port scan, which relies on the location of the user. When the user opens the Pcanywere, it automatically scans the LAN C-class network for possible proxies (the agents here refer to the agent rather than proxy). Intruders will also look for computers that open the service. , so you should look at the source address for this scan. Some search Pcanywere scan packets often contain UDP packets with Port 22.

Port: 5742
Services: [NULL]
Description: Trojan WinCrash1.03 Open this port.

Port: 6267
Services: [NULL]
Description: Open this port for girls outside Muma.

Port: 6400
Services: [NULL]
Description: Trojan The thing open this port.

Ports: 6670, 6671
Services: [NULL]
Description: Trojan Deep Throat open 6670 ports. and Deep Throat 3.0 open 6671 ports.

Port: 6883
Services: [NULL]
Description: Trojan Deltasource Open this port.

Port: 6969
Services: [NULL]
Description: Trojan Gatecrasher, priority open this port.

Port: 6970
Service: RealAudio
Description: The RealAudio customer will receive the audio stream from the server's 6970-7170 UDP port. This is set by the TCP-7070 port outward control connection.

Port: 7000
Services: [NULL]
Description: Trojan Remote grab open this port.

Ports: 7300, 7301, 7306, 7307, 7308
Services: [NULL]
Description: Trojan Netmonitor Open this port. In addition NetSpy1.0 also open 7306 ports.

Port: 7323
Services: [NULL]
Description: Sygate server side.

Port: 7626
Services: [NULL]
Description: Trojan Giscier Open this port.

Port: 7789
Services: [NULL]
Description: Trojan Ickiller Open this port.

Port: 8000
Service: OICQ
Description: Tencent QQ Server side open this port.

Port: 8010
Service: Wingate
Description: Wingate Agent opens this port.

Port: 8080
Services: Proxy Port
Description: WWW agent opens this port.

Ports: 9400, 9401, 9402
Services: [NULL]
Description: Trojan Incommand 1.0 Open this port.

Ports: 9872, 9873, 9874, 9875, 10067, 10167
Services: [NULL]
Description: Trojan Portal of Doom opens this port.

Port: 9989
Services: [NULL]
Description: Trojan Ini-killer Open this port.

Port: 11000
Services: [NULL]
Description: Trojan Sennaspy Open this port.

Port: 11223
Services: [NULL]
Description: Trojan progenic Trojan Open this port.

Ports: 12076, 61466
Services: [NULL]
Description: Trojan Telecommando Open this port.
Page
Port: 12223
Services: [NULL]
Description: Trojan hack ' keylogger open this port.

Ports: 12345, 12346
Services: [NULL]
Description: Trojan netbus1.60/1.70, Gabanbus Open this port.

Port: 12361
Services: [NULL]
Description: Trojan Whack-a-mole Open this port.

Port: 13223
Service: PowWow
Description: Powwow is tribal voice chat program. It allows the user to open a private chat connection on this port. This procedure is very offensive for establishing a connection. It will be stationed in response to this TCP port. Creates a connection request that resembles a heartbeat interval. If a dial-up user inherits an IP address from another chat, it can happen as if a lot of different people are testing the port. This protocol uses Opng as the first 4 bytes of its connection request.

Port: 16969
Services: [NULL]
Description: Trojan priority open this port.

Port: 17027
Service: Conducent
Description: This is an outward connection. This is because someone inside the company has a shared software with Conducent "Adbot" installed. Conducent "Adbot" is a display of advertising services for shared software. One popular software for using this service is pkware.

Port: 19191
Services: [NULL]
Description: Trojan Blue flame opens this port.

Ports: 20000, 20001
Services: [NULL]
Description: Trojan Millennium Open this port.

Port: 20034
Services: [NULL]
Description: Trojan NetBus Pro Open this port.

Port: 21554
Services: [NULL]
Description: Trojan girlfriend Open this port.

Port: 22222
Services: [NULL]
Description: Trojan Prosiak Open this port.

Port: 23456
Services: [NULL]
Description: Trojan Evil ftp, Ugly FTP open this port.

Ports: 26274, 47262
Services: [NULL]
Description: Trojan Delta opens this port.

Port: 27374
Services: [NULL]
Description: Trojan SubSeven 2.1 Open this port.

Port: 30100
Services: [NULL]
Description: Trojan Netsphere Open this port.

Port: 30303
Services: [NULL]
Description: Trojan Socket23 Open this port.

Port: 30999
Services: [NULL]
Description: Trojan Kuang Open this port.

Ports: 31337, 31338
Services: [NULL]
Description: Trojan Bo (Back orifice) opens this port. In addition Trojan Deepbo also open 31338 ports.

Port: 31339
Services: [NULL]
Description: Trojan Netspy DK Open this port.

Port: 31666
Services: [NULL]
Description: Trojan Bowhack Open this port.

Port: 33333
Services: [NULL]
Description: Trojan Prosiak Open this port.

Port: 34324
Services: [NULL]
Description: Trojan tiny Telnet Server, Biggluck, TN open this port.

Port: 40412
Services: [NULL]
Description: Trojan The spy open this port.

Ports: 40421, 40422, 40423, 40426,
Services: [NULL]
Description: Trojan Masters Paradise Open this port.

Ports: 43210, 54321
Services: [NULL]
Description: Trojan schoolbus 1.0/2.0 Open this port.

Port: 44445
Services: [NULL]
Description: Trojan Happypig Open this port.

Port: 50766
Services: [NULL]
Description: Trojan Fore Open this port.

Port: 53001
Services: [NULL]
Description: Trojan Remote Windows shutdown open this port.

Port: 65000
Services: [NULL]
Description: Trojan Devil 1.03 open this port.

PORT: 88
Description: Kerberos krb5. In addition 88 ports of TCP are this use also.

Port: 137
Description: SQL Named pipes encryption over others protocols name lookup (SQL named pipe encryption technology on other protocol name lookups) and SQL RPC encryption over other PROTOC This port is used by the OLS name lookup (SQL RPC encryption technology on other protocol name lookups) and the WINS NetBT name service (WINS NetBT names services) and WINS proxy.

Port: 161
Description: Simple Network Management Protocol (SMTP) (Easy Network Management Protocol).

Port: 162
Description: SNMP Trap (SNMP traps)

Port: 445
Description: Common Internet File System (CIFS) (Public internet filesystem)

Port: 464
Description: Kerberos kpasswd (V5). In addition 464 ports of TCP are this use also.

Port: 500
Description: Internet Key Exchange (IKE) (Internet Key exchange)

Ports: 1645, 1812
Description: Remot Authentication dial-in User Service (RADIUS) authentication (Routing and remote Access) (Remote authenticated dial-up User Services)

Ports: 1646, 1813
Description: RADIUS accounting Routing and remote access (RADIUS accounting (Routing and Remote Access))

Port: 1701
Description: Layer Two tunneling Protocol (L2TP) (2nd Floor Tunnel Protocol)

Ports: 1801, 3527
Description: Microsoft Messages Queue Server (Microsoft Message Queuing servers). And TCP's 135, 1801, 2101, 2103, 2105 are the same use.

Port: 2504
Description: Network Load Balancing (network balance load)