Port concept: in network technology, a port generally has two meanings: one is a physical port, for example, ADSL modem, Hub, switch, router is used to connect interfaces of other network equipment, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 for the FTP service. (From Baidu encyclopedia, Hoho)
This article mainly summarizes the TCP/IP ports that are commonly used logically. These basic knowledge is useful in daily network management and maintenance.
Port type:
(1) well-known ports)
A well-known port is a well-known port number ranging from 0 to. These ports are usually allocated to some services at a fixed time,
(2) dynamic ports)
The range of dynamic ports is from 1024 to 65535. These ports are generally not allocated to a service, that is, many services can use these ports. As long asProgramApply to the system for network access, then the system can allocate one from these port numbers for the program to use. In addition, many viruses and Trojans use dynamic ports to access 'bots.
Frequently Used well-known ports:
1. POP3 port: 109
Service: Post Office Protocol-version3
Note: The POP3 Server opens this port to receive mails and the client accesses the mail service on the server. POP3 services have many common vulnerabilities. There are at least 20 vulnerabilities in username and password exchange buffer overflow, which means that intruders can log on to the system. There are other buffer overflow errors after successful login.
(PS: POP3 (Post Office Protocol 3) is the 3rd version of the Post Office Protocol. It specifies how to connect a personal computer to an Internet Mail Server and download an email protocol)
2. DNS port: 53
Service: Domain Name Server (DNS)
Description: The port opened by the DNS server. Intruders may attempt to pass through the region (TCP), spoof DNS (UDP), or hide other communications. Therefore, firewalls often filter or record this port.
3. SMTP port: 25
Service: SMTP
Description: The port opened by the SMTP server for sending emails. Intruders look for SMTP servers to pass their spam. The intruder's account is closed and they need to connect to a high-bandwidth E-MAIL server, passing simple information to different addresses. This port is available for trojans such as antigen, email password sender, haebu coceda, shtrilitz stealth, winpc, and winspy.
4. FTP port: 21
Service: ftp
Description: The port opened by the FTP server for uploading and downloading. The most common attacker is used to find the method to open the FTP server of anonymous. These servers have read/write directories. Ports opened by Doly Trojan, fore, invisible FTP, WebEx, WinCrash, and Blade Runner.
5. www port: 80 (8080) hypertext Server
Service: proxy Port
Note: The WWW Proxy opens this port.
6. HTTPS port: 443
Service: https
Note: The Web browsing port provides encryption and transmission over a secure port.
7. Port: 23
Service: Telnet
Description: Remote logon. Intruders are searching for remote logon to UNIX services. In most cases, this port is scanned to find the operating system on which the machine runs. There are other technologies that allow intruders to find their passwords. The Tiny Telnet server of the Trojan opens this port.
In addition:
TCP 118 = SQL services, Infector 1.4.2
In the command environment, use netstat-N or netstat-An to view the local port usage.