2. Tech
  3. Detailed port allocation table

Detailed port allocation table

xiaoxiao2021-03-06  40

Detailed port allocation table

Port 0 Services reserved Descriptions are typically used to analyze the operating system. This method is capable of working because "0" is an invalid port in some systems, which will produce different results when you try to use the usual closing port to connect it. A typical scan, using an IP address of 0.0.0.0, setting an ACK bit and broadcasts Ethernet layer. Port 1 Services TCPMUX Description This shows that someone is looking for SGI IRIX machines. IRIX is the primary provider of TCPMUX. By default, TCPMUX is opened in this system. IRIX Machines is published as a few default unciprocgeted accounts such as IP, Guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators have forgotten to delete these accounts after installation. Therefore, Hacker searches for TCPMUX on the Internet and uses these accounts. Port 7 Services Echo Description When you see many people search for the Fraggle amplifier, send to X.x.x.0 and X.x.x.255. Port 19 Serving Character Generator Description This is a service that only sends characters. The UDP version will respond to the package containing the spam after receiving the UDP package. The data stream containing the spam when the TCP connection is sent until the connection is closed. Hacker uses IP spoof to launch a DOS attack. Forged two UDP packages between two Chargen servers. The same Fraggle DOS attack is broadcast to this port of the target address with a packet with counterfeit victim IP, and the victim is overloaded in order to respond to this data. Port 21 Services FTP Description FTP Server The port open for uploading, downloading. The most common attacker is used to find ways to open anonymous's FTP server. These servers have a readable and writable directory. Trojan Doly Trojan, Fore, Invisible FTP, WebEX, WinCrash, and Blade Runner open port. Port 22 Services SSH Description PCANywhere established TCP and this connection connection may be to find SSH. This service has a lot of weaknesses, and if you are configured as a specific mode, many of the versions that use the RSAREF library will have a lot of vulnerabilities. Port 23 Services Telnet Description Remote login, intruder is searching for remote login UNIX services. Most cases scan this port is to find the operating system running in the machine. There are other technologies, and the intruder will also find a password. Trojan TiNy Telnet Server opens this port. Port 25 Services SMTP Description SMTP Server The ports open for sending messages. Intruders look for SMTP servers to pass their spam. The invader's account is turned off, and they need to connect to the high bandwidth E-mail server to pass simple information to different addresses. Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, Winspy are open. Port 31 Services MSG Authentication Description Trojans Master Paradise, Hackers Paradise opens this port. Port 42 Service WINS Replication Description WINS Copy Port 53 Service Domain Name Server (DNS) Description DNS server, the invader may be an attempt to perform regional delivery (TCP), deceive DNS (UDP) or hide other communications. Therefore, the firewall often filters or records this port. Port 67 Services Bootstrap Protocol Server Instructions that the firewall that is often sent to broadcast addresses 255.255.255.255 via DSL and Cable Modem often see data from the broadcast address 255.255.255.255. These machines request an address to the DHCP server. Hacker often enters them, assigns an address to initiate a large number of middleman attacks as partial routers. The client is broadcast to the 68 port broadcast request, and the server responds to the 67-port broadcast. This response uses broadcast because the client still does not know the IP address that can be sent.

Port 69 Services Trival File Transfer Description Many servers provide this service with BootP to facilitate download startup code from the system. But they often cause the intruder to steal any files from the system due to the error configuration. They can also be used to write files. Port 79 Services Finger Server Description Intruders For obtaining user information, querying operating systems, probing known buffers overflow errors, responding from their own machines to other machine finger scans. Port 80 Services HTTP Description For web browsing. Trojan Executor opens this port. Port 99 Services Metagram Relay Description Back door Program NCX99 opens this port. Port 102 Service Message Transfer Agent (MTA) -X.400 over TCP / IP Description Message Transport Agent. Port 109 Service Post Office Protocol -Version3 Description POP3 Server Open this port for receiving mail, client access to the server-side mail service. POP3 services have many recognized weaknesses. There is at least 20 weaknesses overflow from the username and password exchange buffer, which means that the invader can enter the system before the truly landing. There are other buffers overflow errors after successfully logging in. Port 110 Services Sun's RPC Services All ports Description Common RPC services include RPC.Mountd, NFS, RPC.statd, RPC.CSMD, RPC.TTYBD, AMD, etc. Port 113 Services Authentication Service Description This is a major agreement on many computers. User used to identify TCP connections. This service using standards can get information about many computers. But it can serve as many services, especially those such as FTP, POP, IMAP, SMTP, and IRC. Usually, if you have many customers access these services through the firewall, you will see a number of connection requests for this port. Remember, if this port client will feel slowly connected to the E-mail server on the other side of the firewall. Many firewalls send back RST during blocking of TCP connections. This will stop slow connection. Port 119 Services Network News Transfer Protocol Description News News Group Transfer Protocol to host USENET communication. This port connection is usually people looking for a USENET server. Most ISP limits, only their customers can access their newsgroup servers. Open the newsgroup server will allow / read anyone's post, access the restricted newsgroup server, post anonymous to post or send a spam. Port 135 Services Location Service Description Microsoft runs DCE RPC End-Point Mapper for this port for its DCOM service. This is similar to the functionality of UNIX 111 ports. Use DCOM and RPC services to register their location by End-Point Mapper on your computer. When remote customers are connected to a computer, they look for the location of the end-point mapper to find the service. Is this port of Hacker Scanning Computer to find this computer running Exchange Server? What version? Some DOS attacks are directly for this port. Port 137, 138, 139 Service NetBIOS Name Service Description Westernly, 137, 138 is a UDP port, and this port is used when transmitting a file over an online neighbor. The 139 port enters the connection that is entered from this port to obtain NetBIOS / SMB services. This protocol is used for Windows files and printers sharing and Samba. There is also WINS Regisrtation to use it. Port 143 Serving Interim Mail Access Protocol v2 Description and POP3 security issues, many IMAP servers have buffer overflow vulnerabilities. Remember: A Linux worm (ADMV0RM) will breed this port, so many of this port scan from uninformed users who have been infected. These vulnerabilities are very popular when Redhat allows IMAP by default in their Linux release versions. This port is also used in IMAP2, but it is not popular.

Port 161 Services SNMP Description SNMP allows remote management devices. All configurations and run information are stored in the database, which is available to SNMP. Many administrators' error configuration will be exposed to the Internet. CACKERS will try to use the default password public, private access system. They may test all possible combinations. The SNMP package may be incorrectly pointing to the user's network. Port 177 Services X Display Manager Control Protocol Description Many intruders have access to the X-Windows operator through it, and it needs to open the 6000 port. Port 389 Services LDAP, ILS Description Light Directory Access Protocol and NetMeeting Internet Locator Server share this port. Port 443 Services HTTPS Description Web browsing ports provide an encryption and another HTTP transmitted through security port. Port 456 Services [NULL] shows that Trojan Hackers Paradise opens this port. Port 513 Services Login, Remote Login Description is broadcast from UNIX computers in the subnet using Cable Modem or DSL. These people provide information for invaders into their system. Port 544 Services [NULL] Description Kerberos Kshell Port 548 Services Macintosh, File Services (AFP / IP) Description Macintosh, file service. Port 553 Services CORBA IIOP (UDP) Description Use Cable Modem, DSL, or VLANs will see this port broadcast. CORBA is an object-oriented RPC system. Intrusioners can use this information to enter the system. Port 555 Service DSF Description Trojan Phase 1.0, Stealth Spy, INIKILLER opens this port. Port 568 Service MEMBERSHIP DPA Description Membership DPA. Port 569 Services MEMBERSHIP MSN Description Membership MSN. Port 635 Service MountD Description Linux MountD bug. This is a popular bug that scanned. Most of the scan for this port is UDP, but TCP-based mountd is increased (MountD is running on two ports at the same time). Remember that MountD can run at any port (which port is, you need to do a portmap query at port 111), just Linux default port is 635, just like NFS usually runs on 2049 port. Port 636 Service LDAP Description SSL (Secure Sockets Layer) Port 666 Service DOM ID Software Description Trojan Attack FTP, Satanz Backdoor Open This Port Port 993 Service IMAP Description SSL (Secure Sockets Layer) Port 1001,1011 Service [Null] Description Trojan Silencer, WebEx open 1001 port. Trojan Doly Trojan open 1011 port. Port 1024 Service Reserved Description It is the beginning of dynamic ports, and many programs do not care which port connection network, they request the system to assign them the next idle port. Based on this allocation starts from port 1024. This means that the first request to issue a request to the 1024 port. You can restart the machine, open Telnet, and open a window to run natstat -a will see Telnet assigned 1024 port. There is also SQL Session also uses this port and 5000 ports. Port 1025, 1033 Services 1025: NetWork BlackJack 1033: [NULL] Description Trojan Netspy opens these 2 ports. Port 1080 Services SOCKS Description This protocol passes through the firewall in a channel, allowing people behind the firewall to access the Internet through an IP address. In theory it should only allow the internal communication to arrive outside the Internet. However, due to the wrong configuration, it allows attacks located outside the firewall through the firewall. Wingate often happens, which often sees this situation when joining the IRC chat room.

Port 1170 Service [NULL] Description Trojan Streaming Audio Trojan, Psyber Stream Server, Voice opens this port. Port 1234, 1243, 6711, 6776 Service [NULL] Trojan Subseven 2.0, Ultors Trojan opens 1234,6776 ports. Trojans Subseven 1.0 / 1.9 open 1243, 6711,6776 ports. Port 1245 Services [NULL] shows that Trojans VODOO open this port. Port 1433 Serving SQL Description Microsoft's SQL service open port. Port 1492 Services Stone-Design-1 Description Trojan ftp99cmp open this port. Port 1500 Services RPC Client Fixed Port Session Queries Description RPC Customer Fixed Port Session Query Port 1503 Service NetMeeting T.120 Description Netmeeting T.120 Port 1524 Service INGRESS Description Many attack scripts will install a back door shell on this port, especially for Sun systems Scripts of Sendmail and RPC service vulnerabilities. If you just install the firewall, you will see the connection at this port, which is likely to be the above reasons. You can try Telnet to this port on the user's computer to see if it will give you a shell. This issue is also available to 600 / PCServer. Port 1600 Service ISSD Description Trojans Shivka-Burka open this port. Port 1720 Service NetMeeting Description Netmeeting H.233 Call Setup. Port 1731 Services Netmeeting Audio Call Control Description NetMeeting Audio Call Control. Port 1807 Services [NULL] shows that Trojan SpySender opens this port. Port 1981 Service [NULL] shows that Trojan ShockRave opens this port. Port 1999 Service Cisco Identification Port Indicates that Trojan Backdoor opens this port. Port 2000 Services [NULL] Description Trojan Girlfriend 1.3, Millenium 1.0 opens this port. Port 2001 Services [NULL] Trojan Millenium 1.0, Trojan COW opens this port. Port 2023 Services XINUEXPANSION 4 Description Trojan Pass Ripper opens this port. Port 2049 Services NFS Description NFS program is often running on this port. You usually need to access portmapper query which port is running. Port 2115 Services [NULL] Description Trojans BUGS open this port. Port 2140, 3150 Service [NULL] Description Trojans Deep Throat 1.0 / 3.0 open this port. Port 2500 Services RPC Client Using A Fixed Port Session Replication Description RPC client port 2583 service [NULL] in the application fixed port session [Null] Description Trojans WinCrash 2.0 open this port. Port 2801 Services [NULL] shows that Trojan PhineAS Phucker opens this port. Port 3024,4092 Service [NULL] Description Trojans WinCrash open this port. Port 3128 Service Squid Description This is the default port of the Squid HTTP proxy server. The attacker scans this port is to search for an anonymous access to the Internet. You will also see ports 8000, 8001, 8080, 8888 of other proxy servers. Another reason for scanning this port is that the user is entering the chat room. Other users will also verify this port to determine if the user's machine supports the agent. Port 3129 Services [NULL] shows that Trojans Master Paradise open this port. Port 3150 Services [NULL] Description Trojans The Invasor opens this port. Port 3210, 4321 Service [NULL] Description Trojan Schoolbus Open This Port Port 3333 Services Dec-Notes Description Trojan PROSIAK Open This Port Port 3389 Services Super Terminal Description Windows 2000 Terminal Open this port.

Port 3700 Services [NULL] Description Trojan Portal of Doom Open This Port Port 3996,4060 Service [NULL] Description Trojan RemoteanyTHING Open This Port Port Port 4000 Services QQ Client Description Tencent QQ client opens this port. Port 4092 Service [NULL] Description Trojans WinCrash open this port. Port 4590 Service [NULL] shows that Trojan ICQTROJAN opens this port. Port 5000, 5001, 5321, 50505 Services [NULL] Description Trojans Blazer5 open 5000 ports. Trojans Sockets de Roie Open 5000, 5001, 5321, 50505 port. Port 5400, 5401, 5402 Service [NULL] shows that Trojans Blade Unner open this port. Port 5550 Service [NULL] shows that the Trojan XTCP opens this port. Port 5569 Services [NULL] shows that Trojan Robo-Hack opens this port. Port 5632 Service PCAnywere Description Sometimes many of this port scan is dependent on the location where users are. When the user opens PCANYWERE, it automatically scans the local area network C-class network to find a possible agent (here the agent refers to Agent instead of proxy). Intrudes will also find a computer that opens this service. So you should look at this source address of this scan. Some scanning packs of PCANYWERE often contain the UDP packets of port 22. Port 5742 Service [NULL] shows that Trojans WinCrash1.03 open this port. Port 6267 Services [NULL] Description Trojan Guangxiang girl opens this port. Port 6400 Services [NULL] Description Trojans The Thing opens this port. Port 6670, 6671 Service [NULL] shows that Trojan Deep Throat opens 6670 port. Deep Throat 3.0 open 6671 port. Port 6883 Services [NULL] shows that Trojan Deltasource opens this port. Port 6969 Service [NULL] Tips Gatecrasher, Priority opens this port. Port 6970 Services ReaRaudio Description Reaudio receives audio data streams from the UDP port of the server's 6970-7170. This is set by the TCP-7070 port externally control connection. Port 7000 Services [NULL] Description Trojans Remote Grab open this port. Port 7300, 7301, 7306, 7307, 7308 Services [NULL] shows that Trojan NetMonitor opens this port. The additional NetSPY1.0 also opens 7306 ports. Port 7323 Services [NULL] Description Sygate server side. Port 7626 Services [NULL] shows that Trojans Giscier open this port. Port 7789 Services [NULL] shows that Trojan Ickiller opens this port. Port 8000 Services OICQ Description Tencent QQ server opens this port. Port 8010 Service WINGATE Description Wingate Agent Open this port. Port 8080 Service Agent Port Description WWW proxy opens this port. Port 9400, 9401, 9402 Service [NULL] Description Trojan Incommand 1.0 opens this port. Port 9872, 9873, 9874, 9875, 10067, 10167 Service [NULL] Open this port port 9989 Service [NULL] Open this port of Trojan Ini-Killer. Port 11000 Services [NULL] Description Trojan Sennaspy opens this port. Port 11223 Services [NULL] shows that Trojan Progenic Trojan opens this port. Port 12076, 61466 Services [NULL] shows that Trojan Telecommando opens this port. Port 12223 Services [NULL] Description Trojan Hack99 Keylogger opens this port. Port 12345, 12346 Services [NULL] Description Trojans Netbus1.60 / 1.70, Gabanbus open this port. Port 12361 Services [NULL] Description Trojans WHACK-A-MOLE opens this port. Port 13223 Services Powwow Description PowWow is a chat program for TRIBAL VOICE. It allows users to open private chats at this port.

This process is very aggressive for establishing a connection. It will be stationed in this TCP port. A connection request similar to a heartbeat interval. If a dial user inherits the IP address from another chat, there will be many different people to test this port. This protocol uses opng as the first 4 bytes of its connection request. Port 16969 Services [NULL] shows that Trojan priority opens this port. Port 17027 Service Conducent Description This is an outgoing connection. This is because someone has a shared software with Conducent "ADBOT" inside the company. Conducent "Adbot" is an advertising service for shared software. A popular software using this service is pkware. Port 19191 Services [NULL] shows that the blue flame opens this port. Port 20000, 20001 Services [NULL] shows that Trojan Millennium opens this port. Port 20034 Service [NULL] Trim NetBus Pro opens this port. Port 21554 Services [NULL] shows that Trojan Girlfriend opens this port. Port 22222 Services [NULL] shows that Trojan Prosiak opens this port. Port 23456 Services [NULL] Description Trojans Evil FTP, UGLY FTP opens this port. Port 26274, 47262 Services [NULL] shows that Trojan Delta opens this port. Port 27374 Services [NULL] Description Trojans Subseven 2.1 open this port. Port 30100 Service [NULL] shows that the Trojan NetSphere opens this port. Port 30303 Services [NULL] shows that Trojans Socket23 open this port. Port 30999 Service [NULL] Description Trojan Kuang opens this port. Port 31337, 31338 Service [NULL] shows that Trojans BO (Back Orific) opens this port. In addition, the Trojan Deepbo is also open 31338 port. Port 31339 Services [NULL] Description Trojan NetSPY DK opens this port. Port 31666 Services [NULL] Description Trojan BowHack opens this port. Port 33333 Services [NULL] Description Trojan Prosiak opens this port. Port 34324 Services [NULL] Description Trojan TiNy Telnet Server, Biggluck, TN open this port. Port 40412 Services [NULL] Description Trojans The SPY opens this port. Port 40421, 40422, 40423, 40426, Service [NULL], Trojan Masters Paradise opens this port. Port 43210, 54321 Services [NULL] Description Trojans Schoolbus 1.0 / 2.0 open this port. Port 44445 Services [NULL] Description Trojan HAPPYPIG opens this port. Port 50766 Service [NULL] Description Trojan Fore Open this port. Port 53001 Services [NULL] Description Trojan Remote Windows Shutdown opens this port. Port 65000 Service [NULL] Description Trojan Devil 1.03 opens this port. Port 88 illustrates Kerberos KRB5. In addition, TCP 88 port is also this purpose. Port 137 Description SQL NAMED PIPES Encryption over Other Protocols Name Lookup (SQL Name Links on Other Protocol Names) and SQL RPC Encryption over Other Protocols Name Lookup (SQL RPC Encryption Technology on Other Protocol Names) and WINS NetBt Name Service (WINS NetBt Name Service) and WINS Proxy use this port. Port 161 Description Simple Network Management Protocol (SMTP) (Simple Network Management Protocol) Port 162 Description SNMP Trap 445 Description Common Internet File System (CIFS) Port 464 Description Kerberos Kpasswd (V5). In addition, TCP's 464 port is also this purpose.

转载请注明原文地址:https://www.9cbs.com/read-58192.html

9cbs

New Post(0)