Port: 0 Services: reserved Description: Usually used to analyze the operating system. This method is capable of working because "0" is an invalid port in some systems, which will produce different results when you try to use the usual closing port to connect it. A typical scan, using an IP address of 0.0.0.0, setting an ACK bit and broadcasts Ethernet layer. Port: 1 Service: TCPMUX Description: This shows that someone is looking for SGI IRIX machines. IRIX is the primary provider of TCPMUX. By default, TCPMUX is opened in this system. IRIX Machines is published as a few default unciprocgeted accounts such as IP, Guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators have forgotten to delete these accounts after installation. Therefore, Hacker searches for TCPMUX on the Internet and uses these accounts. Port: 7 Services: Echo Description: When you can see the information of X.x.x.0 and X.x.x.255 when you search for the Fraggle amplifier. Port: 19 Services: Character Generator Description: This is a service that only sends characters. The UDP version will respond to the package containing the spam after receiving the UDP package. The data stream containing the spam when the TCP connection is sent until the connection is closed. Hacker uses IP spoof to launch a DOS attack. Forged two UDP packages between two Chargen servers. The same Fraggle DOS attack is broadcast to this port of the target address with a packet with counterfeit victim IP, and the victim is overloaded in order to respond to this data. Port: 21 Services: FTP Description: The port open by the FTP server is used to upload, download. The most common attacker is used to find ways to open anonymous's FTP server. These servers have a readable and writable directory. Trojan Doly Trojan, Fore, Invisible FTP, WebEX, WinCrash, and Blade Runner open port. Port: 22 Services: SSH Description: The connection to this TCP and this port established by PCANywhere may be to find SSH. This service has a lot of weaknesses, and if you are configured as a specific mode, many of the versions that use the RSAREF library will have a lot of vulnerabilities. Port: 23 Services: Telnet Description: Remote login, intruder is searching for remote login Unix service. Most cases scan this port is to find the operating system running in the machine. There are other technologies, and the intruder will also find a password. Trojan TiNy Telnet Server opens this port. Port: 25 Services: SMTP Description: The port open by the SMTP server is used to send an email. Intruders look for SMTP servers to pass their spam. The invader's account is turned off, and they need to connect to the high bandwidth E-mail server to pass simple information to different addresses. Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, Winspy are open. Port: 31 Services: MSG Authentication Description: Trojan Master Paradise, Hackers Paradise opens this port. Port: 42 Service: WINS Replication Description: WINS Replication Port: 53 Services: Domain Name Server (DNS) Description: The port open from the DNS server, the intruder may be trying to perform regional delivery (TCP), deceive DNS (UDP) or hide Other communications.
Therefore, the firewall often filters or records this port. Port: 67 Services: Bootstrap Protocol Server Description: The firewall that is often sent to broadcast addresses 255.255.255.255 via DSL and Cable Modem often see data from the broadcast address 255.255.255.255. These machines request an address to the DHCP server. Hacker often enters them, assigns an address to initiate a large number of middleman attacks as partial routers. The client is broadcast to the 68 port broadcast request, and the server responds to the 67-port broadcast. This response uses broadcast because the client still does not know the IP address that can be sent. Port: 69 Services: Trival File Transfer Description: Many servers provide this service with BootP to facilitate download startup code from the system. But they often cause the intruder to steal any files from the system due to the error configuration. They can also be used to write files. Port: 79 Service: Finger Server Description: Intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, respond to the machine to other machine finger scans. Port: 80 Service: http Description: Used for web browsing. Trojan Executor opens this port. Port: 99 Service: Metagram Relay Description: The back door program NCX99 opens this port. Port: 102 Services: Message Transfer Agent (MTA) -X.400 over TCP / IP Description: Message Transfer Agent. Port: 109 Service: Post Office Protocol -Version3 Description: POP3 Server Open this port for receiving mail, client access to the server side mail service. POP3 services have many recognized weaknesses. There is at least 20 weaknesses overflow from the username and password exchange buffer, which means that the invader can enter the system before the truly landing. There are other buffers overflow errors after successfully logging in. Port: 110 Services: Sun's RPC Services All port descriptions: Common RPC services include RPC.Mountd, NFS, RPC.Statd, RPC.CSMD, RPC.TTYBD, AMD and other ports: 113 Service: Authentication Service Description: This is a Many computers running protocols for identifying TCP connections. This service using standards can get information about many computers. But it can serve as many services, especially those such as FTP, POP, IMAP, SMTP, and IRC. Usually, if you have many customers access these services through the firewall, you will see a number of connection requests for this port. Remember, if this port client will feel slowly connected to the E-mail server on the other side of the firewall. Many firewalls send back RST during blocking of TCP connections. This will stop slow connection. Port: 119 Services: Network News Transfer Protocol Description: News News Group Transfer Protocol to carry the USENET communication. This port connection is usually people looking for a USENET server. Most ISP limits, only their customers can access their newsgroup servers. Open the newsgroup server will allow / read anyone's post, access the restricted newsgroup server, post anonymous to post or send a spam.
Port: 135 Services: Location Service Description: Microsoft runs DCE RPC End-Point Mapper for this port for its DCOM service. This is similar to the functionality of UNIX 111 ports. Use DCOM and RPC services to register their location by End-Point Mapper on your computer. When remote customers are connected to a computer, they look for the location of the end-point mapper to find the service. Is this port of Hacker Scanning Computer to find this computer running Exchange Server? What version? Some DOS attacks are directly for this port. Port: 137, 138, 139 Service: NetBIOS Name Service Description: Where 137, 138 is a UDP port when transmitting a file over an online neighbor. This port is used. And 139 port: The connection entry through this port is trying to get the NetBIOS / SMB service. This protocol is used for Windows files and printers sharing and Samba. There is also WINS Regisrtation to use it. Port: 143 Services: Interim Mail Access Protocol V2 Description: Like the security of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: A Linux worm (ADMV0RM) will breed this port, so many of this port scan from uninformed users who have been infected. These vulnerabilities are very popular when Redhat allows IMAP by default in their Linux release versions. This port is also used in IMAP2, but it is not popular. Port: 161 Service: SNMP Description: SNMP allows remote management devices. All configurations and run information are stored in the database, which is available to SNMP. Many administrators' error configuration will be exposed to the Internet. CACKERS will try to use the default password public, private access system. They may test all possible combinations. The SNMP package may be incorrectly pointing to the user's network. Port: 177 Services: X Display Manager Control Protocol Description: Many intruders have access to the X-Windows operator through it, and it needs to open the 6000 port. Port: 389 Services: LDAP, ILS Description: Light directory access protocol and NetMeeting Internet Locator Server share this port. Port: 443 Services: HTTPS Description: Web browsing ports that provide encryption and another HTTP transmitted through secure port. Port: 456 Service: [NULL] Description: Trojan Hackers Paradise opens this port. Port: 513 Service: Login, Remote Login Description: Yes from the Unix computer that is logged into the subnet using Cable Modem or DSL. These people provide information for invaders into their system. Port: 544 Service: [NULL] Description: Kerberos Kshell Port: 548 Service: Macintosh, File Services Description: Macintosh, file service. Port: 553 Services: CORBA IIOP (UDP) Description: Use Cable Modem, DSL, or VLAN will see the broadcast of this port. CORBA is an object-oriented RPC system. Intrusioners can use this information to enter the system.
Port: 555 Service: DSF Description: Trojan Phase 1.0, Stealth Spy, INIKILLER Open this port. Port: 568 Service: MemberShip DPA Description: Membership DPA. Port: 569 Services: MemberShip MSN Description: Membership MSN. Port: 635 Service: Mountd Description: Linux's mountd bug. This is a popular bug that scanned. Most of the scan for this port is UDP, but TCP-based mountd is increased (MountD is running on two ports at the same time). Remember that MountD can run at any port (which port is, you need to do a portmap query at port 111), just Linux default port is 635, just like NFS usually runs on 2049 port. Port: 636 Service: LDAP Description: SSL (Secure Sockets Layer) Port: 666 Service: Doom ID Software Description: Trojan Attack FTP, Satanz Backdoor Open This Port Port: 993 Service: IMAP Description: SSL (Secure Sockets Layer) Port: 1001 , 1011 Service: [NULL] Description: Trojan Silencer, WebEx open 1001 port. Trojan Doly Trojan open 1011 port. Port: 1024 Services: reserved Description: It is the beginning of the dynamic port, and many programs do not care which port connection network, they request the system to assign them the next idle port. Based on this allocation starts from port 1024. This means that the first request to issue a request to the 1024 port. You can restart the machine, open Telnet, and open a window to run natstat -a will see Telnet assigned 1024 port. There is also SQL Session also uses this port and 5000 ports. Port: 1025,1033 Services: 1025: Network BlackJack 1033: [NULL] Description: Trojan Netspy opens these 2 ports. Port: 1080 Service: SOCKS Description: This protocol passes through the firewall in a channel, allowing people behind the firewall to access the Internet through an IP address. In theory it should only allow the internal communication to arrive outside the Internet. However, due to the wrong configuration, it allows attacks located outside the firewall through the firewall. Wingate often happens, which often sees this situation when joining the IRC chat room. Port: 1170 Service: [NULL] Description: Trojan streaming Audio Trojan, Psyber Stream Server, Voice opens this port. Port: 1234, 1243, 6711, 6776 Services: [NULL] Description: Trojan Subseven 2.0, Ultors Trojan opens 1234,6776 ports. Trojans Subseven 1.0 / 1.9 open 1243, 6711,6776 ports.
Port: 1245 Services: [NULL] Description: Trojan VODOO opens this port. Port: 1433 Services: SQL Description: Microsoft's SQL service open port. Port: 1492 Service: Stone-Design-1 Description: Trojan ftp99cmp open this port. Port: 1500 Service: RPC Client Fixed Port Session Queries Description: RPC Customer fixed port session query port: 1503 Service: NetMeeting T.120 Description: NetMeeting T.120 Port: 1524 Service: INGRESS Description: Many attack scripts will be installed a back door shell This port, especially the script of Sendmail and RPC service vulnerabilities in the Sun system. If you just install the firewall, you will see the connection at this port, which is likely to be the above reasons. You can try Telnet to this port on the user's computer to see if it will give you a shell. This issue is also available to 600 / PCServer. Port: 1600 Service: ISSD Description: Trojan Shivka-Burka opens this port.
Port: 1720 Service: NetMeeting Description: Netmeeting H.233 Call Setup. Port: 1731 Service: Netmeeting Audio Call Control Description: NetMeeting Audio Call Control. Port: 1807 Service: [NULL] Description: Trojan spysender opens this port. Port: 1981 Service: [NULL] Description: Trojan ShockRave opens this port. Port: 1999 Service: Cisco Identification Port Description: Trojan Backdoor opens this port. Port: 2000 Services: [NULL] Description: Trojan Girlfriend 1.3, Millenium 1.0 open this port. Port: 2001 Service: [NULL] Description: Trojan Millenium 1.0, Trojan COW opens this port. Port: 2023 Service: xinuexpansion 4 Description: Trojan Pass Ripper opens this port. Port: 2049 Service: NFS Description: NFS program is often running on this port. You usually need to access portmapper query which port is running. Port: 2115 Service: [NULL] Description: Trojan bugg opens this port. Port: 2140, 3150 Services: [NULL] Description: Trojan Deep Throat 1.0 / 3.0 open this port. Port: 2500 Service: RPC Client Using A Fixed Port Session Replication Description: Apply RPC client ports replicated by fixed port session: 2583 Services: [Null] Description: Trojan WinCrash 2.0 open this port. Port: 2801 Services: [NULL] Description: Trojan phineas phucker opens this port. Port: 3024,4092 Service: [NULL] Description: Trojan WinCrash opens this port. Port: 3128 Service: Squid Description: This is the default port of the Squid HTTP proxy server. The attacker scans this port is to search for an anonymous access to the Internet. You will also see ports 8000, 8001, 8080, 8888 of other proxy servers. Another reason for scanning this port is that the user is entering the chat room. Other users will also verify this port to determine if the user's machine supports the agent. Port: 3129 Service: [NULL] Description: Trojan Master Paradise opens this port. Port: 3150 Services: [NULL] Description: Trojan The Invasor Opens this port. Port: 3210,4321 Services: [NULL] Description: Trojan Schoolbus open this port
Port: 3333 Services: Dec-Notes Description: Trojan Prosiak open this port port: 3389 Service: Super Terminal Description: Windows 2000 terminal opens this port. Port: 3700 Service: [NULL] Description: Trojan Portal of Doom Open This port Port: 3996,4060 Service: [NULL] Description: Trojan RemoteAnyTHING Open This Port Port: 4000 Service: QQ Client Description: Tencent QQ client open this port. Port: 4092 Service: [NULL] Description: Trojan WinCrash opens this port. Port: 4590 Service: [NULL] Description: Trojan icqtrojan opens this port. Port: 5000, 5001, 5321, 50505 Service: [NULL] Description: Trojan Blazer5 open 5000 port. Trojan Sockets de Troie Open 5000, 5001, 5321, 50505 port. Port: 5400, 5401,5402 Services: [NULL] Description: Trojan Blade Runner opens this port. Port: 5550 Services: [NULL] Description: Trojan XTCP opens this port. Port: 5569 Service: [NULL] Description: Trojan Robo-Hack opens this port. Port: 5632 Service: PCAnywere Description: Sometimes a lot of scanning of this port is dependent on the location where the user is. When the user opens PCANYWERE, it automatically scans the local area network C-class network to find a possible agent (here the agent refers to Agent instead of proxy). Intrudes will also find a computer that opens this service. So you should look at this source address of this scan. Some scanning packs of PCANYWERE often contain the UDP packets of port 22.
Port: 5742 Service: [NULL] Description: Trojan WinCrash1.03 opens this port. Port: 6267 Services: [NULL] Description: Trojan Guangxiang girl opens this port. Port: 6400 Services: [NULL] Description: Trojan The Thing opens this port. Port: 6670,6671 Services: [NULL] Description: Trojan deep throat opens 6670 port. Deep Throat 3.0 open 6671 port. Port: 6883 Services: [NULL] Description: Trojan deltasource opens this port. Port: 6969 Service: [NULL] Description: Trojan Gatecrasher, priority opens this port. Port: 6970 Service: ReaRaudio Description: Reaudio Customer receives audio data streams from the UDP port of the server's 6970-7170. This is set by the TCP-7070 port externally control connection. Port: 7000 Service: [NULL] Description: Trojan Remote Grab opens this port. Port: 7300, 7301, 7306, 7307, 7308 Services: [NULL] Description: Trojan NetMonitor opens this port. The additional NetSPY1.0 also opens 7306 ports. Port: 7323 Services: [NULL] Description: Sygate server side. Port: 7626 Service: [NULL] Description: Trojan giscier opens this port. Port: 7789 Service: [NULL] Description: Trojan Ickiller opens this port. Port: 8000 Service: OICQ Description: Tencent QQ server opens this port. 'Port: 8010 Service: Wingate Description: Wingate Agent Opens this port. Port: 8080 Service: Proxy Port Description: WWW proxy opens this port. Port: 9400, 9401,9402 Services: [NULL] Description: Trojan Incommand 1.0 open this port. Port: 9872, 9873, 9874, 9875, 10067, 10167 Service: [NULL] Description: Trojan Portal of Doom open this port port: 9989 Service: [NULL] Description: Trojan Ini-Killer opens this port. Port: 11000 Service: [NULL] Description: Trojan Sennaspy opens this port. Port: 11223 Services: [NULL] Description: Trojan Progenic Trojan opens this port. Port: 12076,61466 Services: [NULL] Description: Trojan Telecommando opens this port. Port: 12223 Services: [NULL] Description: Trojan Hack'99 Keylogger opens this port. Port: 12345, 12346 Services: [NULL] Description: Trojan Netbus1.60 / 1.70, Gabanbus opens this port. Port: 12361 Services: [NULL] Description: Trojan WHACK-A-MOLE opens this port. Port: 13223 Services: Powwow Description: Powwow is a Tribal Voice chat program. It allows users to open private chats at this port.
This process is very aggressive for establishing a connection. It will be stationed in this TCP port. A connection request similar to a heartbeat interval. If a dial user inherits the IP address from another chat, there will be many different people to test this port. This protocol uses opng as the first 4 bytes of its connection request. Port: 16969 Services: [NULL] Description: Trojan priority opens this port. Port: 17027 Service: Conducent Description: This is an outgoing connection. This is because someone has a shared software with Conducent "ADBOT" inside the company. Conducent "Adbot" is an advertising service for shared software. A popular software using this service is pkware. Port: 19191 Service: [NULL] Description: Trojan blue flame open this port. Port: 20000, 20001 Services: [NULL] Description: Trojan Millennium opens this port. Port: 20034 Services: [NULL] Description: Trojan Netbus Pro open this port. Port: 21554 Services: [NULL] Description: Trojan Girlfriend opens this port. Port: 22222 Service: [NULL] Description: Trojan Prosiak open this port port: 23456 Service: [null] Description: Trojan Evil FTP, Ugly FTP opens this port. Port: 26274,47262 Service: [NULL] Description: Trojan Delta opens this port. Port: 27374 Services: [NULL] Description: Trojan Subseven 2.1 opens this port. Port: 30100 Service: [NULL] Description: Trojan NetSphere opens this port. Port: 30303 Services: [NULL] Description: Trojan Socket23 opens this port. Port: 30999 Services: [NULL] Description: Trojan Kuang opens this port. Port: 31337, 31338 Services: [NULL] Description: Trojan Bo (Back Orific) opens this port. In addition, the Trojan Deepbo is also open 31338 port. Port: 31339 Service: [NULL] Description: Trojan Netspy DK opens this port. Port: 31666 Service: [NULL] Description: Trojan Bowhack opens this port.
Port: 33333 Services: [NULL] Description: Trojan Prosiak opens this port. Port: 34324 Service: [NULL] Description: Trojan Tiny Telnet Server, Biggluck, TN open this port. Port: 40412 Services: [NULL] Description: Trojan the spy opens this port. Port: 40421, 40422, 40423, 40426, Service: [NULL] Description: Trojan Masters Paradise opens this port. Port: 43210,54321 Services: [NULL] Description: Trojan Schoolbus 1.0 / 2.0 open this port. Port: 44445 Services: [NULL] Description: Trojan HAPPYPIG opens this port. Port: 50766 Service: [NULL] Description: Trojan Fore open this port.
Port: 53001 Services: [NULL] Description: Trojan Remote Windows Shutdown opens this port. Port: 65000 Service: [NULL] Description: Trojan Devil 1.03 opens this port. Port: 88 Description: Kerberos KRB5. In addition, TCP 88 port is also this purpose. Port: 137 Description: SQL NAMED PIPES Encryption over Other Protocols Name Lookup (SQL Name Links on Other Protocol Names) and SQL RPC Encryption over Other Protocols Name Lookup (other protocol name lookup SQL RPC encryption technology) and WINS NetBt Name Service (WINS NetBT Name Service) and WINS Proxy are used in this port. Port: 161 Description: Simple Network Management Protocol (SMTP) (Simple Network Management Protocol) Port: 162 Description: SNMP Trap (SNMP Trap) Port: 445 Description: Common Internet File System (CIFS) (Public Internet File System) Port: 464 Description: Kerberos Kpasswd (V5). In addition, TCP's 464 port is also this purpose. Port: 500 Description: Internet Key Exchange (Internet Key Exchange) Port: 1645, 1812 Description: Remot Authentication Dial-in User Service (Radius) Authentication (Remote Certified Dial User Service) Port: 0000-00-00 - DIUTINE 1646, 1813 Description: Radius Accounting (Radius Accounting (Route and Remote Access)) Port: 1701 Description: Layer Two Tunneling Protocol (L2TP) (Layer 2 Tunneling Protocol) Port: 1801, 3527 Description: Microsoft Message Queue Server (Microsoft Message Queue Server). There is also the same use of TCP 135, 1801, 2101, 2103, and 2105. Port: 2504 Description: Network load balancing 0 is typically used to analyze the operating system. This method can work because "0" in some systems is invalid port, which will produce different results when you try to use a usual closing port to connect it. A typical scan: Use the IP address of 0.0.0.0 to set the ACK bit and broadcast in Ethernet layer.