1024 The following is reserved for the system, and from 1024-65535 is used by the user
For personal writing applications, try not to use a port number between 0 and 1024.
1024 to 65535 we can program with. This is not a Linux rule, it is the socket rules.
1, 0~1023, these ports have IANA allocation and control, if possible, the same port number is assigned to TCP, UDP and SCTP the same given service. such as the 80 port is given to the Web service
2.1024~49151, these ports are not controlled by the IANA, but are registered by the IANA and provide a list of their use, which facilitates the entire population. The same port number is also assigned to TCP and UDP for the same given service. such as the 6000~6003 port is assigned to the X Window server for both protocols.
3, 49152~65535, dynamic port. The IANA, regardless of these ports, is what we call a temporary port. (49152 This magic number is 65536 of three-fourths).
These ports have IANA allocations and controls, and, if possible, the same port number is assigned to the same given service as TCP, UDP, and SCTP. such as the 80 port is given to the Web service
2.1024~49151, these ports are not controlled by the IANA, but are registered by the IANA and provide a list of their use, which facilitates the entire population. The same port number is also assigned to TCP and UDP for the same given service. such as the 6000~6003 port is assigned to the X Window server for both protocols.
3, 49152~65535, dynamic port. The IANA, regardless of these ports, is what we call a temporary port. (49152 This magic number is 65536 of three-fourths).
Http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
(1) Well-known port (well-known Ports)
Well-known ports, known as port numbers, range from 0 to 1023, and these port numbers are generally fixed to some services. For example, 21 ports are assigned to the FTP service, 25 ports are assigned to the SMTP (Simple Mail Transfer Protocol) service, 80 ports are assigned to the HTTP service, 135 ports are assigned to the RPC (Remote Procedure Call) service, and so on.
(2) dynamic port (Ports)
Dynamic ports range from 1024 to 65535, and these port numbers are typically not fixed to a service, which means that many services can use these ports. As long as the running program makes a request to the system to access the network, the system can allocate one from these port numbers for the program to use. For example, port 1024 is assigned to the first program to send a request to the system. After the program process is closed, the port number that is occupied is freed.
One, see which ports are open NETSTAT-ANP
Second, turn off the port number: iptables-a input-p TCP--drop port number-j drop
Iptables-a output-p TCP--dport port number-j DROP
Third, start the slogan: iptables-a input-ptcp--dport port number-j ACCEPT
Four, the following is the use of the Linux Open Port command.
Nc-lp & (Open 23 port, Telnet)
Netstat-an | grep 23 (see if 23 ports are open)
Five, Linux open port command every open port, you need to have the appropriate listener to
When you are finished, you can change the command query to open
Netstat-an | grep 22
what ports are open to target hosts under Linux through Nmap
nmap-p0-65535 Destination IP Address
Common types of scans:
1,-sp (ping way to scan, check the host online or not, do not send any message to the destination host, want to know whether the target host is running, and do not want to do other scans, this scanning method is very common)
2,-SL (only in the network segment out of the host State, port and other information, query port words with-p port,port1 ...) )
3,-ps/pa/pu [Portlist] (based on a given port with TCP or UDP message detection: For the root user, this option allows Nmap to use a SYN packet instead of an ACK package to scan the target host.) Returns an RST package (or a synack package) if the host is running
4,-SS (TCP SYN): Emit a TCP synchronization packet (SYN), and then wait for the other party to be sent back)
5.-SF-SF-SN (Secret fin packet Scan, Christmas tree (Xmas tree), empty (NULL) scan mode using-SF,-SX, or-SN scans to show that all ports are off, and that a SYN scan shows open ports You can be sure that the target host may be running the WINDWOS system)
6,-SU (UDP scanning: nmap first sends a 0-byte UDP packet to each port of the target host, if we receive an ICMP message that the port is unreachable, the port is closed, otherwise we assume it is open)
7.-p0 (No ping) (this option skips the Nmap scan)
8,-PE/PP/PM
Control of the scan type
1, SW (scan of sliding window)
2.-SR (RPC scan)
3,-pe; -PP; -PM (ICMP type of ping)
4,-PR (ARP-type ping-n (no DNS resolution)
5,-R (DNS resolution for all targets)
6,-SV (detection of the service version)
Common operations on the host
1,-A or-O (detection of the operating system)
2,-V (to increase the level of detail of information)
3,-p (range of ports)
Network Basics! Port control, common commands! Common Port Comparison Table!
Port: 0 Service: Reserved description: Typically used to analyze the operating system. This approach works because "0" is an invalid port in some systems and will produce different results when you try to connect to it using the usual closed port. A typical scan with an IP address of 0.0.0.0, set the ACK bit and broadcast on the Ethernet layer.
PORT: 1 Service: Tcpmux Description: This shows someone looking for a sgiirix machine. IRIX is the main provider for implementing Tcpmux, and by default Tcpmux is opened in this system. The IRIX machine is released with several default password-free accounts, such as IP, GUESTUUCP, NUUCP, DEMOS, TUTOR, DIAG, Outofbox, and so on. Many administrators forget to delete these accounts after installation. So hacker search the internet for Tcpmux and take advantage of these accounts.
PORT: 7 Service: Echo Description: Can see the information sent to x.x.x.0 and x.x.x.255 when many people search for Fraggle amplifiers.
Port: 19 Service: Character Generator Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving the UDP packets. A TCP connection sends a stream of data that contains garbage characters until the connection is closed. Hacker uses IP spoofing to launch Dos attacks. Forge a UDP packet between two Chargen servers. The same Fraggledos attack broadcasts a packet with a spoofed victim IP to this port on the destination address, and the victim is overloaded to respond to this data.
PORT: 21 Service: FTP Description: FTP server open port for uploading, downloading. The most common attackers are used to look for ways to open an anonymous FTP server. These servers have a read-write directory. Trojan Dolytrojan, Fore, Invisible FTP, WebEx, Wincrash, and Blade Runner are open ports.
Port: 22 Service: SSH Description: Pcanywhere The connection between the TCP and this port may be to find SSH. This service has many weaknesses, and if configured in a specific mode, many of the versions that use the RSAREF library will have a number of vulnerabilities.
Port: 23 Service: Telnet Description: Telnet, intruders searching for services that Telnet to UNIX. In most cases, this port is scanned to find the operating system that the machine is running on. and using other technologies, intruders will also find passwords. Trojan tinytelnet Server will open this port.
Port: 25 Service: SMTP Description: The port that the SMTP server is open for sending messages. Intruders look for SMTP servers to pass their spam. The intruder's account is closed and they need to be connected to a high-bandwidth e-mail server to pass simple information to different addresses. Trojan antigen, Emailpassword Sender, Haebu Coceda, Shtrilitzstealth, WINPC, winspy all open this port.
Port: 31 Service: MSG Authentication Description: Trojan Master Paradise, hackersparadise Open this port. Port: 42 Service: Wins Replication Description: WINS replication
Port: 53 Service: Domain Name Server (DNS) Description: The port that the DNS server is opening, an intruder may be trying to make zone transfer (TCP), spoof DNS (UDP), or hide other traffic. So firewalls often filter or log this port.
Port: 67 Service: Bootstrap Protocol Server Description: A firewall with DSL and Cablemodem often sees a large amount of data sent to the broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. Hacker often enter them, assigning an address that initiates a large number of middlemen (man-in-middle) attacks as a local router. The client broadcasts the request configuration to port 68, and the server broadcasts a response request to port 67. This response uses broadcasts because the client does not yet know which IP address can be sent.
Port: 69 Service: Trival File Transfer Description: Many servers work with BOOTP to provide this service for easy download of boot code from the system. However, they often allow intruders to steal any file from the system due to misconfiguration. They can also be used to write files to the system.
PORT: 79 Service: Finger Server Description: The intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to Finger scans from its own machine to other machines.
PORT: 80 Service: HTTP Description: For Web browsing. Trojan Executor open this port.
PORT: 99 Service: Metagram Relay Description: Backdoor program ncx99 Open this port.
PORT: 102 Service: Message transfer agent (MTA)-x.400 over TCP/IP description: Messaging transport agent.
PORT: 109 Service: Post Office protocol-version3 Description: POP3 server opens this port for receiving mail and client access to the server-side mail service. The POP3 service has many recognized weaknesses. There are at least 20 weaknesses in the user name and password Exchange buffer overflow, which means intruders can enter the system before a real login. There are other buffer overflow errors after successful login.
PORT: 110 Service: Sun's RPC Service All ports description: Common RPC services are RPC.MOUNTD, NFS, RPC.STATD, RPC.CSMD, RPC.TTYBD, AMD, etc.
Port: 113 Services: Authentication Service Description: This is a protocol that runs on many computers and is used to authenticate users of a TCP connection. Using standard services, you can obtain information on many computers. However, it can be used as a logger for many services, especially FTP, POP, IMAP, SMTP, and IRC services. Often, if there are many customers accessing these services through a firewall, they will see many connection requests for this port. Remember that if you block this port the client will feel a slow connection to the e-mail server on the other side of the firewall. Many firewalls support the blocking process of TCP connections to send back the RST. This will stop the slow connection.
PORT: 119 Service: Network News Transfer Protocol Description: News newsgroup transport protocol that hosts Usenet communications. This port is usually connected to people looking for Usenet servers. Most ISPs limit that only their customers can access their newsgroup servers. Opening a newsgroup server will allow you to send/read anyone's posts, access restricted newsgroup servers, post anonymously or send spam.
Port: 135 Service: Location Service Description: Microsoft runs DCE RPC end-pointmapper on this port for its DCOM service. This is similar to the functionality of UNIX 111 ports. Services that use DCOM and RPC use the End-pointmapper on the computer to register their locations. When the remote client connects to the computer, they find the location where the end-pointmapper found the service. Hacker scan the computer for this port to find the computer running ExchangeServer? What version? There are also some Dos attacks directed at this port.
Ports: 137, 138, 139 services: NETBIOS Name Service Description: Where 137, 138 is a UDP port, this port is used when transferring files over a network neighbor. and port 139: The connection entered through this port attempts to obtain the NETBIOS/SMB service. This protocol is used for Windows file and printer sharing and for Samba. And Winsregisrtation also uses it.
PORT: 143 Service: Interim Mail Access Protocol v2 Description: As with POP3 security issues, there are buffer overflow vulnerabilities in many IMAP servers. Remember: a Linux worm (ADMV0RM) is propagated through this port, so many of the scans of this port come from unsuspecting users who have already been infected. These vulnerabilities became popular when Redhat allowed IMAP by default in their Linux release. This port is also used for IMAP2, but it is not popular.
PORT: 161 Service: SNMP Description: SNMP allows remote management of devices. All configuration and operational information is stored in the database and is available through SNMP. Many administrator error configurations will be exposed to the Internet. Cackers will attempt to use the default password public, private access system. They may be experimenting with all possible combinations. SNMP packets may be incorrectly directed to the user's network.
PORT: 177 service: X Display Manager Control Protocol Description: Many intruders access the X-windows console, which requires opening 6000 ports at the same time.
PORT: 389 service: LDAP, ILS Description: Lightweight Directory Access Protocol and NetMeeting Internet Locatorserver shared this port.
PORT: 443 Service: Https Description: A Web browsing port that can provide encryption and another HTTP transmission over a secure port.
PORT: 456 service: [NULL] Description: Trojan Hackers paradise open this port.
PORT: 513 Service: Login,remote login Note: is a broadcast from a UNIX computer that is logged on to a subnet using Cablemodem or DSL. These have provided information for intruders to enter their systems. Port: 544 service: [NULL] Description: Kerberos Kshell
PORT: 548 Service: Macintosh,file Services (AFP/IP) Description: Macintosh, File services.
Port: 553 Service: CORBA IIOP (UDP) Description: Use Cablemodem, DSL, or VLAN to see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system. PORT: 555 Service: DSF Description: Trojan PhAse1.0, Stealth Spy, Inikiller Open this port.
PORT: 568 Service: Membership DPA Description: Membership DPA.
PORT: 569 Service: Membership MSN Description: Membership MSN.
PORT: 635 Service: MOUNTD Description: Linux mountdbug. This is a popular bug in scanning. Most of the scans for this port are UDP-based, but TCP-based MOUNTD increases (MOUNTD runs on two ports at the same time). Remember that MOUNTD can run on any port (which port you need to do Portmap query on port 111), but the Linux default port is 635, just as NFS typically runs on port 2049.
PORT: 636 Service: LDAP Description: SSL (Secure Sockets layer)
PORT: 666 service: Doom Id Software Description: Trojan attack FTP, Satanzbackdoor open this port
Port: 993 Service: IMAP Description: SSL (Secure Sockets layer) port: 1001, 1011 Service: [NULL] Description: Trojan silencer, WebEx Open 1001 port. Trojan Doly Trojan Open 1011 port.
PORT: 1024 Service: Reserved Description: It is the start of a dynamic port, and many programs do not care which port to use to connect to the network, they request the system to assign them the next idle port. Based on this, the assignment starts at Port 1024. This means that the first request to the system is assigned to port 1024. You can restart the machine, open Telnet, and then open a window to run natstat-a and you will see that Telnet is assigned port 1024. There is also SQL session with this port and Port 5000.
PORT: 1025, 1033 service: 1025:network Blackjack 1033:[null] Description: Trojan Netspy open these 2 ports.
Port: 1080 Service: Socks Description: This protocol passes through the firewall in a channel way, allowing people behind the firewall to access the Internet through an IP address. Theoretically it should only allow internal communication to reach the internet outside. But because of the wrong configuration, it allows an attack outside the firewall to pass through the firewall. This error often occurs in Wingate, which is frequently seen when joining IRC chat rooms.
PORT: 1170 service: [NULL] Description: Trojan streaming Audio Trojan, Psyber streamserver, voice open this port.
Ports: 1234, 1243, 6711, 6776 services: [NULL] Description: Trojan SubSeven2.0, Ultorstrojan open 1234, 6776 ports. Trojan subseven1.0/1.9 Open 1243, 6711, 6776 ports.
Port: 1245 service: [NULL] Description: Trojan Vodoo Open this port.
PORT: 1433 service: SQL Description: Microsoft SQL Services open port.
Port: 1492 Service: stone-design-1 Description: Trojan ftp99cmp Open this port.
PORT: 1500 Service: RPC Client fixed port session queries Description: RPC Client-docked-conversation query
PORT: 1503 Service: NetMeeting T.120 description: NetMeeting T.120
Port: 1524 Service: Ingress Description: Many attack scripts will install a backdoor shell on this port, especially for SendMail and RPC service vulnerabilities in Sun systems. If you have just installed a firewall and see the connection attempt on this port, this is probably the reason. You can try telnet to this port on the user's computer to see if it will give you a shell. This problem also exists when connecting to 600/pcserver.
Port: 1600 Service: ISSD Description: Trojan Shivka-burka Open this port.
Port: 1720 Service: NetMeeting Description: NetMeeting h.233 call Setup.
Port: 1731 Service: NetMeeting Audio call Control Description: NetMeeting voice calls controls.
Only less than 65535 port programming can be used to see which ports are open NETSTAT-ANP,NC command, Nmap command