Summary of common service ports

Others 2021-01-28 10:11:41 views: null

1. What is a port?

We compare the server to a big house, and the port is the door leading to different rooms (services), regardless of details, this analogy is very appropriate.

​ If an intruder wants to occupy this house and obtain the contents, he must break in. For the intruder, it is important to know in advance how many doors the house has opened, what kind of doors they are, and what is behind the doors.

​ Intruders usually use some scanners to scan the ports of the target host to determine which ports are open. From the open ports, the intruder can know roughly which services the target host provides, and then suspect possible vulnerabilities. Therefore, port scanning can better help us understand the target host.

For the administrator, open a port scan of the machine is the first step in doing safety precautions .

2. What kinds of ports are there?

Port is divided into two: TCP terminal port and UDP port

​ When computers communicate with each other, there are two ways:

One is that after sending the information, it is necessary to confirm whether the sent information has arrived, that is, there is a response method, this method is to use the TCP protocol;

​ The other is to ignore the message after sending it, without confirming whether the message has arrived, this way is to use the UDP protocol;

​ The ports provided by the services corresponding to these two protocols are TCP ports and UDP ports.

​ Windows view port number and status: netstat -an

3. Port classification

​ A computer has 2^16=65535 ports at most. The ports cannot be repeated. According to the port number, they can be divided into the following categories:

​ (1) Recognized port: 0-1023

​ (2) Registered port: 1024-49151

​ (3) Dynamic/private port: 49152-65536

4. What are the common ports?

Port: 20

​ Service: FTP (File Transfer Protocol)

​ Description: FTP data port

Port: 21

​ Service: FTP

​ Description: The port opened by the FTP server is used for uploading and downloading.

​ The most common fault: Used by an attacker to find a way to open an anonymous FTP server. These servers have readable and writable directories. Ports opened by Trojans Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash and Blade Runner

Port: 22

​ Service: SSh (Secure Shell Protocol)

​ Note: The connection between TCP and this port established by PcAnywhere may be to find ssh. This service has many weaknesses. If it is configured in a specific mode, many versions that use the RSAREF library will have many vulnerabilities.

Port: 23

​ Service: Telnet (Remote Terminal Protocol)

​ Description: Remote login, the intruder is searching for remote login UNIX services. In most cases, scanning this port is to find the operating system running on the machine. There are other techniques where the intruder will also find the password. The Trojan Tiny Telnet Server opens this port.

Port: 25

​ Service: SMTP (Simple Mail Transfer Protocol)

​ Description: The port opened by the SMTP server for sending mail. Intruders look for SMTP servers to deliver their SPAM (spam). The account of the intruder is closed, and they need to connect to the high-bandwidth E-MAIL server to deliver simple information to different addresses. Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy all open this port.

Port: 53

​ Service: DNS (Domain Name System)

​ Description: UDP port, the port opened by the DNS server, the intruder may be trying to transfer the zone (TCP), deceive DNS (UDP) or hide other communications. Therefore, firewalls often filter or record this port.

Port: 67

​ Service: DHCP (Dynamic Host Configuration Protocol)

​ Description: UDP port, 67 port to distribute IP

Port: 68

​ Service: DHCP (Dynamic Host Configuration Protocol)

​ Description: UDP port, port 68 sends success and failure responses

Port: 69

​ Service: TFTP (Trivial File Transfer Protocol)

​ Description: It is a protocol used for simple file transfer between client and server in the TCP/IP protocol suite, providing uncomplicated and low-overhead file transfer services.

Port: 80

​ Service: HTTP (Hypertext Transfer Protocol)

​ Description: Clear text transmission. Used for web browsing, the most widely used network protocol on the Internet. All WWW documents must comply with this standard. Trojan Executor opens this port.

Port: 110

​ Service: pop3 (Post Office Protocol Version 3)

​ Description: It is a member of the TCP/IP protocol suite, mainly used to support the use of the client to remotely manage the email on the server.

Port: 123

​ Service: NTP (Network Time Protocol)

​ Description: A protocol used to synchronize the time of each computer in the network. Its purpose is to synchronize the computer's clock to UTC UTC, its accuracy is up to 0.1ms in the LAN, the vast majority of places on the Internet its accuracy can reach 1-50ms. It can synchronize the time of the computer to its server or clock source (such as quartz clock, GPS, etc.), it can provide high-precision time correction, and can use encrypted confirmation to prevent virus protocol attacks.

Port: 161

​ Service: SNMP (Simple Network Management Protocol)

​ Description: SNMP allows remote management of devices. All configuration and operation information are stored in the database, which can be obtained through SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will try to use the default password public and private to access the system. They may test all possible combinations. SNMP packets may be incorrectly directed to the user's network.

Port: 389

​ Services: LDAP (lightweight directory access protocol), ILS (location service)

​ Description: LDAP is a software protocol that allows anyone to find other resources such as organizations, personal files or devices in the network, whether it is the public Internet or an intranet. LDAP service and ILS service share port 389.

Port: 443

​ Service: Https (Hypertext Transfer Security Protocol)

​ Description: Encrypted transmission. The web browsing port can provide another type of HTTP that is encrypted and transmitted through a secure port. It is an HTTP channel with security as the goal, and it is simply a secure version of HTTP. That is, the SSL layer (secure socket layer) is added under HTTP. The security foundation of HTTPS is SSL, so SSL is required for the details of encryption.

Port: 636

​ Service: LDAPS

​ Description: Lightweight directory access protocol through the secure socket layer.

Port: 873

​ Service: rsync

​ Description: File transfer service

Port: 152

​ Service: Oracle

Port: 3306

​ Service: MySQL

​ Description: SQL connection port, which provides the client to connect to the server.

Port: 9000

​ Service: php-fpm

​ Description: PHP runs in daemon mode

Dazha is good, I am a security engineer based on search engines, welcome to pay attention! What! ! !

Guess you like

Origin blog.csdn.net/daobuxinzi/article/details/112339843
Recommended
Ranking
Likou-continuous sub-array sum (detailed official solution three)
Description of the database structure eshop5
DS string algorithm application --KMP
Operation log function on implementation experience
Smart home (4)---Fire alarm thread packaging
Zhaoxin began to submit patches to the Linux kernel to support the "Yongfeng" architecture
Distributed development (3)---Redis must know
CSS (six) version of the heart and layout process
How does Java tell if an object is dead?
Why is the version number added to the file imported by the project?
Daily
More
2024-07-06(0)
2024-07-05(0)
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)

Code World

© 2018 codetd.com