Computer port introduction (detailed list)
Transfer from: VC Online
We often see "port" such as 135, 137, 139, 443 in various technical articles, but what is the use of these ports? Will it bring potential threats to our computer? How many ports are useful? If you want to know, come with me: D
Port: 0
Service: reserved
Description: Usually used to analyze the operating system. This method is capable of working because "0" is an invalid port in some systems, which will produce different results when you try to use the usual closing port to connect it. A typical scan, using an IP address of 0.0.0.0, setting an ACK bit and broadcasts Ethernet layer.
Port: 1
Service: TCPMUX
Note: This shows someone is looking for SGI IRIX machines. IRIX is the primary provider of TCPMUX. By default, TCPMUX is opened in this system. IRIX Machines is published as a few default unciprocgeted accounts such as IP, Guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators have forgotten to delete these accounts after installation. Therefore, Hacker searches for TCPMUX on the Internet and uses these accounts.
Port: 7
Service: echo
Note: When you see many people search for the Fraggle amplifier, send to X.x.x.0 and X.x.x.255 information.
Port: 19
Service: Character Generator
Description: This is a service that only sends characters. The UDP version will respond to the package containing the spam after receiving the UDP package. The data stream containing the spam when the TCP connection is sent until the connection is closed. Hacker uses IP spoof to launch a DOS attack. Forged two UDP packages between two Chargen servers. The same Fraggle DOS attack is broadcast to this port of the target address with a packet with counterfeit victim IP, and the victim is overloaded in order to respond to this data.
Port: 21
Service: ftp
Description: The port open by the FTP server is used to upload, download. The most common attacker is used to find ways to open anonymous's FTP server. These servers have a readable and writable directory. Trojan Doly Trojan, Fore, Invisible FTP, WebEX, WinCrash, and Blade Runner open port.
Port: 22
Service: SSH
Note: The connection of the TCP and this port established by PCANywhere may be to find SSH. This service has a lot of weaknesses, and if you are configured as a specific mode, many of the versions that use the RSAREF library will have a lot of vulnerabilities.
Port: 23
Service: Telnet
Description: Remote login, intruder is searching for remote login UNIX services. Most cases scan this port is to find the operating system running in the machine. There are other technologies, and the intruder will also find a password. Trojan TiNy Telnet Server opens this port.
Port: 25
Service: SMTP
Description: The port open by the SMTP server is used to send an email. Intruders look for SMTP servers to pass their spam. The invader's account is turned off, and they need to connect to the high bandwidth E-mail server to pass simple information to different addresses. Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, Winspy are open.
Port: 31
Service: MSG Authentication
Note: Trojan Master Paradise, Hackers Paradise opens this port.
Port: 42
Service: WINS Replication Description: WINS Copy
Port: 53
Service: Domain Name Server (DNS)
Description: The ports open by the DNS server may be attempt to conduct regional delivery (TCP), deceive DNS (UDP) or hidden other communications. Therefore, the firewall often filters or records this port.
Port: 67
Service: Bootstrap Protocol Server
Note: The firewall that is often sent to the broadcast address 255.255.255.255 via DSL and Cable Modem often see data from the broadcast address 255.255.255.255. These machines request an address to the DHCP server. Hacker often enters them, assigns an address to initiate a large number of middleman attacks as partial routers. The client is broadcast to the 68 port broadcast request, and the server responds to the 67-port broadcast. This response uses broadcast because the client still does not know the IP address that can be sent.
Port: 69
Service: Trival File Transfer
Note: Many servers provide this service with BootP to facilitate download startup code from the system. But they often cause the intruder to steal any files from the system due to the error configuration. They can also be used to write files.
Port: 79
Service: Finger Server
Note: Intruders are used to obtain user information, query the operating system, and detect known buffers overflow errors, and respond to from their own machines to other machine finger scans.
Port: 80
Service: http
Description: Used for web browsing. Trojan Executor opens this port.
Port: 99
Service: Metagram Relay
Description: The back door program NCX99 opens this port.
Port: 102
Services: Message Transfer Agent (MTA) -X.400 over TCP / IP
Description: Message Transport Agent.
Port: 109
Service: Post Office Protocol -Version3
Description: POP3 server opens this port for receiving mail, client accessing the server-side mail service. POP3 services have many recognized weaknesses. There is at least 20 weaknesses overflow from the username and password exchange buffer, which means that the invader can enter the system before the truly landing. There are other buffers overflow errors after successfully logging in.
Port: 110
Services: Sun's RPC service all ports
Description: Common RPC services include rpc.mountd, nfs, rpc.statd, rpc.csmd, rpc.ttybd, AMD, etc.
Port: 113
Service: Authentication Service
Note: This is a multi-computer running protocol for identifying TCP connections. This service using standards can get information about many computers. But it can serve as many services, especially those such as FTP, POP, IMAP, SMTP, and IRC. Usually, if you have many customers access these services through the firewall, you will see a number of connection requests for this port. Remember, if this port client will feel slowly connected to the E-mail server on the other side of the firewall. Many firewalls send back RST during blocking of TCP connections. This will stop slow connection.
Port: 119
Service: Network News Transfer Protocol
Description: News News Group Transfer Protocol to carry USENET communication. This port connection is usually people looking for a USENET server. Most ISP limits, only their customers can access their newsgroup servers. Open the newsgroup server will allow / read anyone's post, access the restricted newsgroup server, post anonymous to post or send a spam. Port: 135
Service: Location Service
Note: Microsoft runs DCE RPC End-Point Mapper for this port for its DCOM service. This is similar to the functionality of UNIX 111 ports. Use DCOM and RPC services to register their location by End-Point Mapper on your computer. When remote customers are connected to a computer, they look for the location of the end-point mapper to find the service. Is this port of Hacker Scanning Computer to find this computer running Exchange Server? What version? Some DOS attacks are directly for this port.
Port: 137, 138, 139
Service: NetBIOS Name Service
Description: Where 137, 138 is a UDP port, and this port is used when transmitting a file over an online neighbor. And 139 port: The connection entry through this port is trying to get the NetBIOS / SMB service. This protocol is used for Windows files and printers sharing and Samba. There is also WINS Regisrtation to use it.
Port: 143
Services: Interim Mail Access Protocol V2
Note: Like the security of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: A Linux worm (ADMV0RM) will breed this port, so many of this port scan from uninformed users who have been infected. These vulnerabilities are very popular when Redhat allows IMAP by default in their Linux release versions. This port is also used in IMAP2, but it is not popular.
Port: 161
Service: SNMP
Note: SNMP allows remote management devices. All configurations and run information are stored in the database, which is available to SNMP. Many administrators' error configuration will be exposed to the Internet. CACKERS will try to use the default password public, private access system. They may test all possible combinations. The SNMP package may be incorrectly pointing to the user's network.
Port: 177
Service: x Display Manager Control Protocol
Note: Many intruders have access to the X-Windows operator through it, and it needs to open the 6000 port.
Port: 389
Service: LDAP, ILS
Description: Light directory access protocols and NetMeeting Internet Locator Server share this port.
Port: 443
Service: https
Note: Web browsing ports provide an encryption and another HTTP transmitted through security port.
Port: 456
Service: [NULL]
Description: Trojan Hackers Paradise opens this port.
Port: 513
Service: Login, Remote Login
Description: Yes from the Unix computer sent from the subnet to the subnet using Cable Modem or DSL. These people provide information for invaders into their system.
Port: 544
Service: [NULL]
Description: Kerberos Kshell
Port: 548
Services: Macintosh, File Services (AFP / IP)
Description: Macintosh, file service.
Port: 553 Services: CORBA IIOP (UDP)
Note: This port broadcast will be seen using Cable Modem, DSL or VLAN. CORBA is an object-oriented RPC system. Intrusioners can use this information to enter the system.
Port: 555
Service: DSF
Description: Trojan PHASE 1.0, Stealth Spy, INIKILLER opens this port.
Port: 568
Service: MEMBERSHIP DPA
Description: Membership DPA.
Port: 569
Service: MEMBERSHIP MSN
Description: Membership MSN.
Port: 635
Service: MOUNTD
Description: Linux's MountD bug. This is a popular bug that scanned. Most of the scan for this port is UDP, but TCP-based mountd is increased (MountD is running on two ports at the same time). Remember that MountD can run at any port (which port is, you need to do a portmap query at port 111), just Linux default port is 635, just like NFS usually runs on 2049 port.
Port: 636
Service: LDAP
Description: SSL (Secure Sockets Layer)
Port: 666
Service: Doom ID Software
Description: Trojan Attack FTP, Satanz Backdoor open this port
Port: 993
Service: IMAP
Description: SSL (Secure Sockets Layer)
Port: 1001,1011
Service: [NULL]
Description: Trojan Silencer, WebEx opens 1001 ports. Trojan Doly Trojan open 1011 port.
Port: 1024
Service: reserved
Note: It is the beginning of dynamic ports, and many programs do not care which port connection network, they request the system to assign them the next idle port. Based on this allocation starts from port 1024. This means that the first request to issue a request to the 1024 port. You can restart the machine, open Telnet, and open a window to run natstat -a will see Telnet assigned 1024 port. There is also SQL Session also uses this port and 5000 ports.
Port: 1025, 1033
Services: 1025: Network BlackJack 1033: [NULL]
Description: Trojan NetSPY opens these 2 ports.
Port: 1080
Service: SOCKS
Description: This protocol passes through the firewall in a channel, allowing people behind the firewall to access the Internet through an IP address. In theory it should only allow the internal communication to arrive outside the Internet. However, due to the wrong configuration, it allows attacks located outside the firewall through the firewall. Wingate often happens, which often sees this situation when joining the IRC chat room.
Port: 1170
Service: [NULL]
Description: Trojan streaming audio Trojan, Psyber Stream Server, Voice opens this port.
Port: 1234, 1243, 6711, 6776
Service: [NULL]
Description: Trojan Subseven 2.0, Ultors Trojan opens 1234,6776 ports. Trojans Subseven 1.0 / 1.9 open 1243, 6711,6776 ports. Port: 1245
Service: [NULL]
Description: Trojan VODOO opens this port.
Port: 1433
Service: SQL
Description: Microsoft's SQL service open port.
Port: 1492
Service: stone-design-1
Description: Trojan ftp99cmp open this port.
Port: 1500
Services: RPC Client Fixed Port Session Queries
Description: RPC Customer fixed port session query
Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120
Port: 1524
Service: Ingress
Note: Many attack scripts will install a backdoor shell on this port, especially for the script of Sendmail and RPC service vulnerabilities in the Sun system. If you just install the firewall, you will see the connection at this port, which is likely to be the above reasons. You can try Telnet to this port on the user's computer to see if it will give you a shell. This issue is also available to 600 / PCServer.
Port: 1600
Service: ISSD
Description: Trojan Shivka-Burka opens this port.
Port: 1720
Service: Netmeeting
Description: NetMeeting H.233 Call Setup.
Port: 1731
Service: Netmeeting Audio Call Control
Description: NetMeeting audio call control.
Port: 1807
Service: [NULL]
Description: Trojan spysender opens this port.
Port: 1981
Service: [NULL]
Description: Trojan Shockrave opens this port.
Port: 1999
Service: Cisco Identification Port
Description: Trojan Backdoor opens this port.
Port: 2000
Service: [NULL]
Description: Trojan Girlfriend 1.3, Millenium 1.0 opens this port.
Port: 2001
Service: [NULL]
Description: Trojan Millenium 1.0, Trojan COW opens this port.
Port: 2023
Service: xinuexpansion 4
Description: Trojan Pass Ripper opens this port.
Port: 2049
Service: NFS
Description: The NFS program is often running on this port. You usually need to access portmapper query which port is running.
Port: 2115
Service: [NULL]
Description: Trojan bugg opens this port.
Port: 2140, 3150
Service: [NULL]
Description: Trojan Deep Throat 1.0 / 3.0 opens this port.
Port: 2500
Services: RPC Client Using A Fixed Port Session Replication
Description: Apply a fixed port session replication RPC customer
Port: 2583
Service: [NULL]
Description: Trojan WinCrash 2.0 opens this port.
Port: 2801
Service: [NULL] Description: Trojan phineas phucker opens this port.
Port: 3024, 4092
Service: [NULL]
Description: Trojan WinCrash opens this port.
Port: 3128
Service: Squid
Description: This is the default port of the Squid HTTP proxy server. The attacker scans this port is to search for an anonymous access to the Internet. You will also see ports 8000, 8001, 8080, 8888 of other proxy servers. Another reason for scanning this port is that the user is entering the chat room. Other users will also verify this port to determine if the user's machine supports the agent.
Port: 3129
Service: [NULL]
Description: Trojan Master Paradise opens this port.
Port: 3150
Service: [NULL]
Description: Trojan The Invasor opens this port.
Port: 3210, 4321
Service: [NULL]
Description: Trojan Schoolbus open this port
Port: 3333
Service: DEC-Notes
Description: Trojan Prosiak opens this port
Port: 3389
Service: Super Terminal
Description: The Windows 2000 terminal opens this port.
Port: 3700
Service: [NULL]
Description: Trojan Portal of Doom open this port
Port: 3996,4060
Service: [NULL]
Description: Trojan RemoteanyTHING open this port
Port: 4000
Service: QQ client
Description: Tencent QQ client opens this port.
Port: 4092
Service: [NULL]
Description: Trojan WinCrash opens this port.
Port: 4590
Service: [NULL]
Description: Trojan ICQTROJAN opens this port.
Port: 5000, 5001, 5321, 50505 Services: [NULL]
Description: Trojan Blazer5 opens 5000 ports. Trojan Sockets de Troie Open 5000, 5001, 5321, 50505 port.
Port: 5400, 5401, 5402
Service: [NULL]
Note: Trojan Blade Runner opens this port.
Port: 5550
Service: [NULL]
Description: Trojan XTCP opens this port.
Port: 5569
Service: [NULL]
Description: Trojan Robo-Hack opens this port.
Port: 5632
Service: pcanywere
Description: Sometimes a lot of scans of this port is dependent on the location where users are. When the user opens PCANYWERE, it automatically scans the local area network C-class network to find a possible agent (here the agent refers to Agent instead of proxy). Intrudes will also find a computer that opens this service. So you should look at this source address of this scan. Some scanning packs of PCANYWERE often contain the UDP packets of port 22.
Port: 5742
Service: [NULL]
Description: Trojan WinCrash1.03 opens this port.
Port: 6267
Service: [NULL]
Description: Trojan Guangxiang girl opens this port.
Port: 6400
Service: [NULL]
Description: Trojan The Thing opens this port.
Port: 6670,6671
Service: [NULL]
Description: Trojan Deep Throat opens 6670 port. Deep Throat 3.0 open 6671 port. Port: 6883
Service: [NULL]
Description: Trojan deltasource opens this port.
Port: 6969
Service: [NULL]
Description: Trojan Gatecrasher, Priority opens this port.
Port: 6970
Service: Reaudio
Note: Reaudio client receives audio data streams from the UDP port of the server's 6970-7170. This is set by the TCP-7070 port externally control connection.
Port: 7000
Service: [NULL]
Description: Trojan Remote Grab opens this port.
Port: 7300, 7301, 7306, 7307, 7308
Service: [NULL]
Description: Trojan NetMonitor opens this port. The additional NetSPY1.0 also opens 7306 ports.
Port: 7323
Service: [NULL]
Description: Sygate server side.
Port: 7626
Service: [NULL]
Description: Trojan giscier opens this port.
Port: 7789
Service: [NULL]
Description: Trojan Ickiller opens this port.
Port: 8000
Service: OICQ
Description: Tencent QQ server is open this port. '
Port: 8010
Service: Wingate
Description: Wingate agent opens this port.
Port: 8080
Service: proxy port
Description: WWW proxy opens this port.
Port: 9400, 9401, 9402
Service: [NULL]
Description: Trojan Incommand 1.0 opens this port.
Port: 9872, 9873, 9874, 9875, 10067, 10167
Service: [NULL]
Description: Trojan Portal of Doom open this port
Port: 9989
Service: [NULL]
Description: Trojan Ini-Killer opens this port.
Port: 11000
Service: [NULL]
Description: Trojan Sennaspy opens this port.
Port: 11223
Service: [NULL]
Description: Trojan Progenic Trojan opens this port.
Port: 12076,61466
Service: [NULL]
Description: Trojan Telecommando opens this port.
Port: 12223
Service: [NULL]
Description: Trojan Hack'99 Keylogger opens this port.
Port: 12345, 12346
Service: [NULL]
Description: Trojan Netbus1.60 / 1.70, Gabanbus opens this port.
Port: 12361
Service: [NULL]
Description: Trojan WHACK-A-MOLE opens this port.
Port: 13223
Service: Powwow
Description: Powwow is a Tribal Voice chat program. It allows users to open private chats at this port. This process is very aggressive for establishing a connection. It will be stationed in this TCP port. A connection request similar to a heartbeat interval. If a dial user inherits the IP address from another chat, there will be many different people to test this port. This protocol uses opng as the first 4 bytes of its connection request.
Port: 16969
Service: [NULL] Description: Trojan priority opens this port.
Port: 17027
Service: Conducent
Description: This is an outgoing connection. This is because someone has a shared software with Conducent "ADBOT" inside the company. Conducent "Adbot" is an advertising service for shared software. A popular software using this service is pkware.
Port: 19191
Service: [NULL]
Description: Trojan Blue flame opens this port.
Port: 20000, 20001
Service: [NULL]
Description: Trojan Millennium opens this port.
Port: 20034
Service: [NULL]
Description: Trojan NetBus Pro opens this port.
Port: 21554
Service: [NULL]
Description: Trojan girlfriend opens this port.
Port: 22222
Service: [NULL]
Description: Trojan Prosiak opens this port.
Port: 23456
Service: [NULL]
Description: Trojan Evil FTP, UGLY FTP opens this port.
Port: 26274, 47262
Service: [NULL]
Description: Trojan Delta opens this port.
Port: 27374
Service: [NULL]
Description: Trojan Subseven 2.1 opens this port.
Port: 30100
Service: [NULL]
Description: Trojan NetSphere opens this port.
Port: 30303
Service: [NULL]
Description: Trojan Socket23 opens this port.
Port: 30999
Service: [NULL]
Description: Trojan Kuang opens this port.
Port: 31337, 31338
Service: [NULL]
Description: Trojan BO (Back Orific) opens this port. In addition, the Trojan Deepbo is also open 31338 port.
Port: 31339
Service: [NULL]
Description: Trojan NetSPY DK opens this port.
Port: 31666
Service: [NULL]
Description: Trojan Bowhack opens this port.
Port: 33333
Service: [NULL]
Description: Trojan Prosiak opens this port.
Port: 34324
Service: [NULL]
Description: Trojan Tiny Telnet Server, Biggluck, TN open this port.
Port: 40412
Service: [NULL]
Description: Trojan the spy opens this port.
Port: 40421,40422,40423,40426,
Service: [NULL]
Description: Trojan Masters Paradise opens this port.
Port: 43210, 54321
Service: [NULL]
Description: Trojan Schoolbus 1.0 / 2.0 opens this port.
Port: 44445
Service: [NULL]
Description: Trojan HAPPYPIG opens this port.
Port: 50766
Service: [NULL]
Description: Trojan Fore open this port.
Port: 53001
Service: [NULL]
Note: Trojan Remote Windows Shutdown opens this port.
Port: 65000
Services: [NULL] Description: Trojan Devil 1.03 opens this port.
Port: 88
Description: Kerberos KRB5. In addition, TCP 88 port is also this purpose.
Port: 137
Description: SQL Named Pipes Encryption over Other Protocols Name Lookup (SQL Name Links on Other Protocol Names) and SQL RPC Encryption over Other Protocols Name Lookup (SQL RPC Encryption Technology on Other Protocol Name) and WINS NetBT Name Service (WINS NetBT Name Service) and WINS Proxy use this port.
Port: 161
Description: Simple Network Management Protocol (SMTP) (Simple Network Management Agreement)
Port: 162
Description: SNMP TRAP (SNMP traps)
Port: 445
Description: Common Internet File System (CIFS) (Public Internet File System)
Port: 464
Description: Kerberos Kpasswd (V5). In addition, TCP's 464 port is also this purpose.
Port: 500
Description: Internet Key Exchange (IKE) (Internet Key Exchange)
Port: 1645, 1812
Description: Remot Authentication Dial-in User Service (Routing and Remote Access) (Remote Certified Dial User Service)
Port: 1646, 1813
Description: Radius Accounting (Radius Accountment (Route and Remote Access))
Port: 1701
Description: Layer Two Tunneling Protocol (L2TP) (Layer 2 Tunnel Agreement)
Port: 1801, 3527
Description: Microsoft Message Queue Server (Microsoft Message Queue Server). There is also the same use of TCP 135, 1801, 2101, 2103, and 2105.
Port: 2504
Description: NetWork load balancing (Network Balance Load)
0 usually used to analyze the operating system. This method can work because "0" in some systems is invalid port, when you try to use a usual closed port
Different results will occur when connecting it. A typical scan: use the IP address of 0.0.0.0, set ACK bits and broadcast in Ethernet
