Computer Port List
Posted in Computer Network Support by manyuComputer Port is exports of computer communications exchanges with the outside world,It consists of hardware ports and software ports,let’s see it!
Port: 0
Services: Reserved
Note: usually used to analyze the operating system. This approach can work because in some systems, the “0″ is invalid port, when you try to use the usual port closed,it will produce different results. A typical scan, using the IP address of 0.0.0.0, set the ACK bit in the Ethernet layer broadcast.
Port: 1
Services: tcpmux
Note: This shows that someone are looking for SGI Irix machines. Irix is to achieve the main provider of tcpmux,tcpmux be opened in such systems default.Irix machine public several default accounts without passwords, such as: IP, GUEST UUCP, UUCP, DEMOS, TUTOR, DIAG, OUTOFBOX so. Many administrators forget to delete these accounts after installation. So HACKER search tcpmux on internet and take advantage of these accounts.
Ports: 7
Services: Echo
Note: when you search Fraggle amplifiers,it send information from XXX0 to XXX255.
Port: 19
Services: Character Generator
Note: This is a service only send character. UDP version will respond to received UDP packet containing garbage characters in the package. When connection,TCP sends the data stream that contains garbage characters until the connection is closed. HACKER deception can be used to launch DoS attacks on IP. Forged between the two chargen server UDP packets.
Port: 21
Service: FTP
Description: FTP server port and open for upload and download. The most common attacker use it to open the anonymous in order to find the FTP server. These servers contain directory that can read and write. as an open port for Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash, and Blade Runner.
Port: 22
Services: Ssh
Description: PcAnywhere established TCP connections and the port may be to find ssh. This service has many weaknesses, if configured into a specific pattern, many users of RSAREF version of the library will have a lot of loopholes in it.
Port: 23
Services: Telnet
Description: Remote login. In most cases scan the port is to find the machine running operating system.it’s open for Trojan Tiny Telnet Server.
Port: 25
Services: SMTP
Description: SMTP server and open port for sending e-mail. intruder find SMTP server in order to pass their SPAM.
Port: 31
Services: MSG Authentication
Description: Trojan Master Paradise, Hackers Paradise open this port.
Port: 42
Service: WINS Replication
Description: WINS Replication
Port: 53
Services: Domain Name Server (DNS)
Description: DNS server open the port, an intruder may be trying to regional delivery (TCP), deception DNS (UDP) or hidden other communications. Therefore,firewall is often filtered or record this port.
Port: 67
Services: Bootstrap Protocol Server
Description: The client broadcasts a request to the 68-port configurations, the server respond a request to the 67-port broadcast. This response to the use of broadcast is because the client did not know the IP address can be sent.
Port: 69
Services: Trival File Transfer
Note: Many servers, together with bootp to provide this service, easy to download from the system startup code. But intruder can steal any documents from the system due to an error configuration. They can also be used to write a file to system.
Port: 79
Services: Finger Server
Description: The intruder used to get user information, query the operating system to detect buffer overflow error is known,to respond scans from their machine to other machines.
Port: 80
Service: HTTP
Description: for website. Executor Trojan open this port.
Port: 99
Services: Metagram Relay
Description: backdoor ncx99 open this port.
Port: 102
Services: Message transfer agent (MTA)-X.400 over TCP / IP
Description: Message Transfer Agent.
Port: 109
Services: Post Office Protocol-Version3
Description: POP3 server, open this port for receiving e-mail, the client access it visit server mail service. POP3 service has a number of recognized weaknesses, which means that an intruder can enter the system before actually landing. After the successful landing there are other buffer overflow error.
Port: 110
Services: SUN’s RPC services to all ports
Note: Common RPC service rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 113
Services: Authentication Service
Description: This is one of many protocol running on the computer, it’s used to identify TCP connections users. It can be used as a recorder of many services, especially the FTP, POP, IMAP, SMTP, and IRC services. Generally speaking, if there are many clients access these services through the firewall,you will see number of connection requests on this port.
Port: 119
Services: Network News Transfer Protocol
Description: NEWS newsgroups Transfer Protocol, bearing USENET traffic. People often link the port to find USENET server. Most ISP restrictions, only their clients be able to access their news server. Open the news group server will allow the hair / read anyone’s post, access the limited news group servers, anonymous post or send SPAM.
Port: 135
Services: Location Service
Description: At this port Microsoft run DCE RPC for its DCOM services. This is very similar with UNIX 111 port functions.
Port: 137,138,139
Services: NETBIOS Name Service
Description: 137,138 is the UDP port, when transferring files though My Network you use this port. The 139 port: connection through this port of entry trying to get NetBIOS / SMB service. This protocol is used for windows file and printer sharing, and SAMBA. There WINS Regisrtation also use it.
Port: 143
Services: Interim Mail Access Protocol v2
Description: As POP3 security issues, many IMAP server exist a buffer overflow. A LINUX worm (admv0rm) through this port breed. When REDHAT allow IMAP in their LINUX-release versions in default, these flaws become very popular. The port is also used for IMAP2, but not popular.
Port: 161
Services: SNMP
Description: SNMP allow remote management device. All configuration and operation information stored in the database, through SNMP can get those information. Many administrators error configuration will be exposed to the Internet. Cackers will try to use the default password public, private access the system.They may test all possible combinations. SNMP packets may be the wrong point to the user’s network.
Port: 177
Services: X Display Manager Control Protocol
Note: Many intruders through its access to X-windows console, which also need to open port 6000.
Port: 389
Services: LDAP, ILS
Description: Lightweight Directory Access Protocol, and NetMeeting Internet Locator Server to share the port.
Port: 443
Services: Https
Description: Web browser ports,it can provide encryption and transmitted a secure port.
Port: 456
Services: [NULL]
Description: Trojan HACKERS PARADISE open this port.
Port: 513
Services: Login, remote login
Description:It is the broadcast that sent from the use of cable modem or DSL subnet log in to the UNIX computer. this provided information for invaders to enter their systems.
Port: 544
Services: [NULL]
Description: kerberos kshell
Port: 548
Services: Macintosh, File Services (AFP / IP)
Note: Macintosh, file services.
Port: 553
Services: CORBA IIOP (UDP)
Note: Use the cable modem, DSL, or VLAN the port will see this broadcast. CORBA is an object-oriented RPC system. Intruders can use this information into the system.
Port: 555
Services: DSF
Description: Trojan PhAse1.0, Stealth Spy, IniKiller open this port.
Port: 568
Services: Membership DPA
Note: Membership DPA.
Port: 569
Services: Membership MSN
Note: membership MSN.
Port: 635
Services: mountd
Description: Linux’s mountd Bug. This is a scan of a popular BUG. Most of this port scan is based on UDP, but TCP-based mountd increase (mountd to run on two ports).Mountd can run on any port, but in Linux the default port is 635, just like NFS usually runs on port 2049.
Port: 636
Services: LDAP
Description: SSL (Secure Sockets layer)
Port: 666
Services: Doom Id Software
Description: Trojan Attack FTP, Satanz Backdoor open this port
Port: 993
Services: IMAP
Description: SSL (Secure Sockets layer)
Port: 1001,1011
Services: [NULL]
Description: Trojan Silencer, WebEx port 1001 open. Trojan Doly Trojan port 1011 open.
Port: 1024
Services: Reserved
Note: It is the beginning of a dynamic port, many programs do not care which port to connect with the network, they requested the system assign the next unused port. On this basis,1024 is the beginning. This means that the first one to issue the request to the system will be assigned to the 1024 port. You can restart the machine, open the Telnet, and then open a window to run natstat-a will see the Telnet port 1024 was assigned.SQL session is also using this port and 5000 port.
Port: 1025,1033
Service: 1025: network blackjack 1033: [NULL]
Description: Trojan netspy open the 2 ports.
Port: 1080
Services: SOCKS
Note: This allowing the person behind the firewall though an IP address visit INTERNET. In theory it only allow internal communication out and reach INTERNET. However, due to the wrong configuration, it will allow the attack outside the firewall through the firewall. WinGate often occurs this error,you will often see this situation when joining the IRC chat room.
Port: 1170
Services: [NULL]
Description: Trojan Streaming Audio Trojan, Psyber Stream Server, Voice open this port.
Port: 1234,1243,6711,6776
Services: [NULL]
Description: Trojan SubSeven2.0, Ultors Trojan opening up 1234,6776 ports. Trojan SubSeven1.0/1.9 open 1243,6711,6776 ports.
Port: 1245
Services: [NULL]
Description: Trojan Vodoo open this port.
Port: 1433
Service: SQL
Description: Microsoft’s SQL services, open ports.
Port: 1492
Services: stone-design-1
Description: Trojan FTP99CMP open this port.
Port: 1500
Services: RPC client fixed port session queries
Description: RPC client fixed port session queries
Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120
Port: 1524
Services: ingress
Note: Many of attacks SHELL script will install a backdoor in this port, especially for the SUN system, and the RPC service vulnerability in Sendmail script. If you have just installed a firewall on this port and see the connection attempt,it is likely to be the above reasons. Try Telnet to the user’s computer on this port to see if it will give you a SHELL. There are also problem connected to the 600/pcserver.
Port: 1600
Services: issd
Description: Trojan Shivka-Burka open this port.
Port: 1720
Service: NetMeeting
Description: NetMeeting H.233 call Setup.
Port: 1731
Service: NetMeeting Audio Call Control
Description: NetMeeting Audio Call Control.
Port: 1807
Services: [NULL]
Description: Trojan SpySender open this port.
Port: 1981
Services: [NULL]
Description: Trojan ShockRave open this port.
Port: 1999
Services: cisco identification port
Description: Trojan BackDoor open this port.
Port: 2000
Services: [NULL]
Description: Trojan GirlFriend 1.3, Millenium 1.0 open this port.
Port: 2001
Services: [NULL]
Description: Trojan Millenium 1.0, Trojan Cow open this port.
Port: 2023
Services: xinuexpansion 4
Description: Trojan Pass Ripper open this port.
Port: 2049
Service: NFS
Description: NFS program usually runs on this port. Often need to access Portmapper check which port the service runs on.
Port: 2115
Services: [NULL]
Description: Trojan Bugs open this port.
Port: 2140,3150
Services: [NULL]
Description: Trojan Deep Throat 1.0/3.0 open this port.
Port: 2500
Services: RPC client using a fixed port session replication
Description: The fixed port session replication RPC Client
Port: 2583
Services: [NULL]
Description: Trojan Wincrash 2.0 open this port.
Port: 2801
Services: [NULL]
Description: Trojan Phineas Phucker open this port.
Port: 3024,4092
Services: [NULL]
Description: Trojan WinCrash open this port.
Port: 3128
Services: squid
Note: This is the default port of squid HTTP proxy server. Attacker scan this port is to search for a proxy server and anonymous access to Internet. Will also see a search for other proxy server port 8000, 8001,8080,8888. Another reason the port scan a user is entering a chat room. Other users will be testing this port in order to determine whether to support the user’s machine agent.
Port: 3129
Services: [NULL]
Description: Master Paradise Trojan horse open this port.
Port: 3150
Services: [NULL]
Description: The Invasor Trojans open the port.
Port: 3210,4321
Services: [NULL]
Description: Trojan SchoolBus open this port
Port: 3333
Services: dec-notes
Description: Trojan Prosiak open this port
Port: 3389
Services: Super Terminal
Description: WINDOWS 2000 terminal open this port.
Port: 3700
Services: [NULL]
Description: Portal of Doom Trojan horse open this port
Port: 3996,4060
Services: [NULL]
Description: Trojan RemoteAnything open this port
Port: 4000
Service: QQ client
Note: Tencent QQ client open this port.
Port: 4092
Services: [NULL]
Description: Trojan WinCrash open this port.
Port: 4590
Services: [NULL]
Description: Trojan ICQTrojan open this port.
Port: 5000,5001,5321,50505
Services: [NULL]
Description: Trojan blazer5 open 5000 port. Sockets de Troie Trojan 5000,5001,5321,50505 open ports.
Ports: 5400,5401,5402
Services: [NULL]
Description: Trojan Blade Runner open this port.
Port: 5550
Services: [NULL]
Description: Trojan xtcp open this port.
Port: 5569
Services: [NULL]
Description: Robo-Hack Trojan open this port.
Port: 5632
Services: pcAnywere
Note: sometimes see a lot of this port scan, which depends on the user’s location. When the user opens pcAnywere, it will automatically scan the LAN C class network to look for possible agents (where the agent is the agent rather than the proxy). Invaders such services will also be looking for an open computer. Therefore,should view the source address of such a scan. Some search pcAnywere scanning packages often contain the UDP port 22 packets.
Port: 5742
Services: [NULL]
Description: Trojan WinCrash1.03 open this port.
Port: 6267
Services: [NULL]
Description: The Trojan girls wide open outside this port.
Port: 6400
Services: [NULL]
Description: Trojan The tHing open this port.
Port: 6670,6671
Services: [NULL]
Description: Trojan Deep Throat open 6670 port. The Deep Throat 3.0 open 6671 port.
Port: 6883
Services: [NULL]
Description: Trojan DeltaSource open this port.
Port: 6969
Services: [NULL]
Description: Trojan Gatecrasher, Priority open this port.
Port: 6970
Services: RealAudio
Description: RealAudio client from the server’s UDP ports 6970-7170 to receive audio data streams. This is determined by outward port TCP-7070 control connection settings.
Port: 7000
Services: [NULL]
Description: Remote Grab Trojan open this port.
Port: 7300,7301,7306,7307,7308
Services: [NULL]
Description: Trojan NetMonitor open this port. Addition NetSpy1.0 also open port 7306.
Port: 7323
Services: [NULL]
Description: Sygate server port.
Port: 7626
Services: [NULL]
Description: Trojan Giscier open this port.
Port: 7789
Services: [NULL]
Description: Trojan ICKiller open this port.
Port: 8000
Services: OICQ
Description: Tencent QQ server-side open this port. ‘
Port: 8010
Services: Wingate
Description: Wingate proxy open this port.
Port: 8080
Service: Proxy Port
Description: WWW proxy open this port.
Ports: 9400,9401,9402
Services: [NULL]
Description: Trojan Incommand 1.0 open this port.
Port: 9872,9873,9874,9875,10067,10167
Services: [NULL]
Description: Portal of Doom Trojan horse open this port
Port: 9989
Services: [NULL]
Description: Trojan iNi-Killer open this port.
Port: 11000
Services: [NULL]
Description: Trojan SennaSpy open this port.
Port: 11223
Services: [NULL]
Description: Trojan Progenic trojan open this port.
Port: 12076,61466
Services: [NULL]
Description: Trojan Telecommando open this port.
Port: 12223
Services: [NULL]
Description: Trojan Hack’99 KeyLogger open this port.
Port: 12345,12346
Services: [NULL]
Description: Trojan NetBus1.60/1.70, GabanBus open this port.
Port: 12361
Services: [NULL]
Description: Whack-a-mole Trojan open this port.
Port: 13223
Services: PowWow
Description: PowWow is a Tribal Voice chat program. It allows users to open a private chat with this port connection. The procedure is very offensive to establish a connection. It will be stationed in this TCP port and wait for response.caused a similar connection requests like heartbeat interval. If a dial-up users inherit the IP address from another chatter will cause this situation as if there are many different people to test the port.
Port: 16969
Services: [NULL]
Description: Trojan Priority open this port.
Port: 17027
Services: Conducent
Description: This is an outgoing connection. This is because someone in the company installed a sharing software named as Conducent “adbot”. Conducent “adbot” is a shareware display advertising services.
Port: 19191
Services: [NULL]
Description: Trojan Blue Flame open this port.
Port: 20000,20001
Services: [NULL]
Description: Trojan Millennium open this port.
Port: 20034
Services: [NULL]
Description: Trojan NetBus Pro open this port.
Port: 21554
Services: [NULL]
Description: Trojan GirlFriend open this port.
Port: 22222
Services: [NULL]
Description: Trojan Prosiak open this port.
Port: 23456
Services: [NULL]
Description: Trojan Evil FTP, Ugly FTP open this port.
Port: 26274,47262
Services: [NULL]
Description: Trojan Delta open this port.
Port: 27374
Services: [NULL]
Description: Trojan Subseven 2.1 open this port.
Port: 30100
Services: [NULL]
Description: Trojan NetSphere open this port.
Port: 30303
Services: [NULL]
Description: Trojan Socket23 open this port.
Port: 30999
Services: [NULL]
Description: Trojan Kuang open this port.
Port: 31337,31338
Services: [NULL]
Description: Trojan BO (Back Orifice) open this port. Another Trojan DeepBO also open port 31338.
Port: 31339
Services: [NULL]
Description: Trojan NetSpy DK open this port.
Port: 31666
Services: [NULL]
Description: Trojan BOWhack open this port.
Port: 33333
Services: [NULL]
Description: Trojan Prosiak open this port.
Port: 34324
Services: [NULL]
Description: Trojan Tiny Telnet Server, BigGluck, TN open this port.
Port: 40412
Services: [NULL]
Description: Trojan The Spy open this port.
Port: 40421,40422,40423,40426,
Services: [NULL]
Description: Trojan Masters Paradise open this port.
Port: 43210,54321
Services: [NULL]
Description: Trojan SchoolBus 1.0/2.0 open this port.
Port: 44445
Services: [NULL]
Description: Trojan Happypig open this port.
Port: 50766
Services: [NULL]
Description: Trojan Fore open this port.
Port: 53001
Services: [NULL]
Description: Remote Windows Shutdown Trojan open this port.
Port: 65000
Services: [NULL]
Description: Trojan Devil 1.03 open this port.
Port: 88
Description: Kerberos krb5. Another TCP port 88 is also for this purpose.
Port: 137
Note: SQL Named Pipes encryption over other protocols name lookup (other protocols name lookup on the SQL Named Pipes encryption technology), and SQL RPC encryption over other protocols name lookup (other protocols name lookup on the SQL RPC encryption), and Wins NetBT name service (WINS NetBT name service), and Wins Proxy are using this port.
Port: 161
Description: Simple Network Management Protocol (SMTP) (Simple Network Management Protocol)
Port: 162
Description: SNMP Trap (SNMP traps)
Port: 445
Note: Common Internet File System (CIFS) (Public Internet File System)
Port: 464
Description: Kerberos kpasswd (v5). Another TCP port of 464 is also for this purpose.
Port: 500
Description: Internet Key Exchange (IKE) (Internet Key Exchange)
Port: 1645,1812
Description: Remot Authentication Dial-In User Service (RADIUS) authentication (Routing and Remote Access) (Remote Authentication Dial-In User Service)
Port: 1646,1813
Note: RADIUS accounting (Routing and Remote Access) (RADIUS accounting (Routing and Remote Access))
Port: 1701
Note: Layer Two Tunneling Protocol (L2TP) (Layer 2 Tunneling Protocol)
Port: 1801,3527
Description: Microsoft Message Queue Server (Microsoft Message Queue Server). TCP-135,1801,2101,2103,2105 have the same purpose.
Port: 2504
Description: Network Load Balancing (network load balancing).
