Port: 113
Service: Authentication Service
Note: This is a protocol running on many computers to identify users connected to TCP. Information on many computers can be obtained using standard services. But it can serve as a recorder for many services, especially FTP, POP, IMAP, SMTP and IRC. Usually if many customers access these services through a firewall, they will see many connection requests for this port. Remember, if you block this port client will feel a slow connection to the E-MAIL server on the other side of the firewall. Many firewalls support TCP connection blocking and sending back RST. This will stop slow connections.
Port: 119
Service: Network News Transfer Protocol
Description: NEWS news group transmission protocol, carrying USENET communication. This port's connection is usually people looking for USENET servers. Most ISPs are restricted, only their customers can access their newsgroup servers. Opening the News Group Server will allow posting/reading anyone's posts, accessing restricted news group servers, posting anonymously, or sending SPAM.
Port: 135
Service: Local Service
Note: Microsoft runs DCE RPC end-point mapper on this port to serve its DCOM. This is very similar to the functionality of the UNIX 111 port. Services that use DCOM and RPC to register their locations using the end-point mapper on the computer. When remote clients connect to computers, they look for the end-point mapper to find the location of the service. Is HACKER scanning this port on the computer to find that the Exchange Server is running on this computer? What version? Some DOS attacks directly target this port.
Ports: 137, 138, 139
Service: NETBIOS Name Service
Note: Among them, 137 and 138 are UDP ports, which are used when transferring files through online neighbors. And port 139: The connection entered through this port is attempting to obtain NetBIOS/SMB service. This protocol is used for Windows file and printer sharing and SAMBA. WINS Regisration also uses it.
Port: 143
Service: Interim Mail Access Protocol v2
Note: Like POP3 security issues, many IMAP servers have buffer overflow vulnerabilities. Remember: A LINUX worm (admv0rm) breeds through this port, so many scans of this port are from uninformed users who have been infected. These vulnerabilities became very popular when REDHAT allowed IMAP by default in their LINUX release. This port is also used for IMAP2, but is not popular.
Port: 161
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operation information are stored in the database, and this information can be obtained through SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will try to access the system using the default password public and private. They may experiment with all possible combinations. SNMP packets may be pointed to the user's network incorrectly.
Port: 177
Service: X Display Manager Control Protocol
Note: Many intruders access the X-windows console through it, and it also needs to open 6000 ports.
Port: 389
Services: LDAP, ILS
Note: The lightweight directory access protocol and NetMeeting Internet Locator Server share this port.
Port: 443
Service: Https
Description: A web browsing port, another type of HTTP that can provide encryption and transmission over a secure port.
Port: 456
Service: [NULL]
Note: * HACKERS PARADISE opens this port.
Port: 513
Service: Login, remote login
Note: It is a broadcast sent from a UNIX computer logged in to the subnet using cable modem or DSL. These people provide information for intruders to enter their systems.
Port: 544
Service: [NULL]
Description: kerberos kshell
Port: 548
Services: Macintosh, File Services (AFP/IP)
Description: Macintosh, file service.
Port: 553
Service: CORBA IIOP (UDP)
Note: Use cable modem, DSL or VLAN to see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.
Port: 555
Service: DSF
Note: * PhAse1.0, Stealth Spy, IniKiller opens this port.
Port: 568
Service: Membership DPA
Description: Membership DPA.
Port: 569
Service: Membership MSN
Description: Membership MSN.
Port: 635
Service: mountd
Description: Linux mountd bug. This is a popular bug in scanning. Most scans of this port are based on UDP, but TCP-based mountd has increased (mountd runs on both ports at the same time). Remember that mountd can run on any port (which port is required to do portmap query on port 111), but the default port of Linux is 635, just like NFS usually runs on port 2049.
Port: 636
Service: LDAP
Description: SSL (Secure Sockets layer)
Port: 666
Service: Doom Id Software
Note: * Attack FTP, Satanz Backdoor opens this port
Previous page123456Next pageRead the full text