What is a Network Port?

In network technology, ports have two meanings: one is a port in the physical sense, such as an ADSL modem, a hub, a switch, or a router used to connect to other network devices, such as RJ-45 ports and SC ports Wait; the second is the logical port, generally refers to the port in the TCP / IP protocol, the port number ranges from 0 to 65535, such as port 80 for browsing web services, port 21 for FTP services .

network port

Some ports are often used by hackers, and also used by some Trojan horses to attack computer systems. The following is an introduction to computer ports and a brief way to prevent hackers.

1 Network port 1 series port meaning

Port: 102
Service: Message transfer agent (MTA) -X.400 over TCP / IP
Description: Message transfer agent.
Port: 109
Service: Post Office Protocol -Version3
Note: The POP3 server opens this port for receiving mails, and clients access the mail service on the server. POP3 services have many recognized weaknesses. There are at least 20 weaknesses in username and password exchange buffer overflows, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 110
Service: All ports of SUN's RPC service
Note: Common RPC services are rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 119
Service: Network News Transfer Protocol
Description: NEWS newsgroup transmission protocol, carrying USENET communication. Connections on this port are usually people looking for a USENET server. Most ISPs restrict that only their customers can access their newsgroup server. Opening the newsgroup server will allow anyone to post / read posts, access the restricted newsgroup server, post anonymously, or send SPAM.
Port: 135
Service: Location Service
Explanation: Microsoft runs DCE RPC end-point mapper on this port to serve its DCOM. This is very similar to the function of UNIX 111 port. Services that use DCOM and RPC register their locations using an end-point mapper on the computer. When remote clients connect to the computer, they look up the end-point mapper to find where the service is. HACKER scans this port of the computer to find that this computer is running Exchange Server? What version? Some DOS attacks target this port directly.
Ports: 137, 138, 139
Service: NETBIOS Name Service
Note: 137 and 138 are UDP ports. Use this port when transferring files through network neighbors. And port 139: Connections coming in through this port try to get NetBIOS / SMB service. This protocol is used for Windows file and printer sharing and SAMBA. And WINS Regisrtation also uses it.
Port: 161
Service: SNMP
Note: SNMP allows remote management of the device. All configuration and operating information is stored in a database and can be obtained via SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will try to access the system using the default passwords public and private. They may experiment with all possible combinations. SNMP packets may be pointed to the user's network incorrectly
Port: 177
Service: X Display Manager Control Protocol
Note: Many intruders use it to access the X-windows console. It also needs to open port 6000.

2 Network port 2 series port meaning

Port: 21
Service: FTP
Note: The port opened by the FTP server is used for uploading and downloading. The most common attacker uses to find a way to open an anonymous FTP server. These servers have readable and writable directories. Trojans Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash and Blade Runner.
Port: 22
Service: Ssh
Note: The connection between TCP and this port established by PcAnywhere may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions using the RSAREF library will have many vulnerabilities.
Port: 23
Service: Telnet
Description: Remote login, intruder is searching for remote login UNIX services. In most cases, this port is scanned to find the operating system that the machine is running. There are other techniques that intruders can use to find passwords. The Trojan Tiny Telnet Server opens this port. Hacking often uses this port.
Port: 25
Service: SMTP
Note: The port opened by the SMTP server is used to send mail. Intruders look for an SMTP server to deliver their SPAM. The intruder's account was closed and they needed to connect to a high-bandwidth E-MAIL server to pass simple information to different addresses. Trojans Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy all open this port.

3 Network port 3 series port meaning

Port: 389
Service: LDAP, ILS
Note: Lightweight Directory Access Protocol and NetMeeting Internet Locator Server share this port.

4 Network port 4 series port meaning

Port: 443
Service: Https
Description: Web browsing port, which can provide another type of HTTP that is encrypted and transmitted through a secure port.
Port: 456
Service: [NULL]
Note: The Trojan HACKERS PARADISE opens this port.

5 Network port 5 series port meaning

Port: 513
Services: Login, remote login
Note: This is a broadcast from a UNIX computer logged into the subnet using a cable modem or DSL. These individuals provided information on intruders entering their systems.
Port: 544
Service: [NULL]
Description: kerberos kshell
Port: 548
Service: Macintosh, File Services (AFP / IP)
Description: Macintosh, file service.
Port: 553
Service: CORBA IIOP (UDP)
Note: Use cable modem, DSL or VLAN to see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.
Port: 555
Service: DSF
Note: Trojans PhAse1.0, Stealth Spy, and IniKiller open this port.
Port: 568
Service: Membership DPA
Description: Membership DPA.
Port: 569
Service: Membership MSN
Description: Membership MSN.

6 Network port 6 series port meaning

Port: 635
Service: mountd
Description: Linux's mountd bug. This is a popular bug for scanning. Most scans of this port are based on UDP, but TCP-based mountd has increased (mountd runs on two ports simultaneously). Remember that mountd can run on any port (which port is needed, you need to do a portmap query on port 111), but Linux default port is 635, just like NFS usually runs on port 2049.
Port: 636
Service: LDAP
Description: SSL (Secure Sockets layer)
Port: 666
Service: Doom Id Software
Note: Trojans Attack FTP and Satanz Backdoor open this port.

8 Network port 8 series port meaning

Port: 80
Service: HTTP
Description: Used for web browsing. Trojan Horse Executor opens this port.

8080 Network port 8080 port

Port description: Port 8080 is the same as port 80, which is used for WWW proxy service, which can realize web browsing. When visiting a website or using a proxy server, the port number ": 8080" is often added.
Port vulnerability: Port 8080 can be used by various virus programs. For example, the Brown Orifice (BrO) Trojan horse can use port 8080 to completely remotely control the infected computer. In addition, RemoConChubo and RingZero Trojans can also use this port to attack.
Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port.

9 Network port 9 series port meaning

Port: 993
Service: IMAP
Description: SSL (Secure Sockets layer)

10 Network port 10 series port meaning

Port: 1001, 1011
Service: [NULL]
Note: The Trojan Horse Silencer and WebEx open port 1001. The Trojan Doly Trojan opens port 1011.
Port: 1024
Service: Reserved
Explanation: It is the beginning of dynamic ports. Many programs don't care which port is used to connect to the network. They ask the system to assign them the next idle port. Based on this allocation starts at port 1024. This means that the first request to the system will be allocated to port 1024. You can restart the machine, open Telnet, open a window and run netstat -a and you will see that Telnet is assigned 1024 ports. There are also SQL sessions using this port and port 5000.
Port: 1025, 1033
Service: 1025: network blackjack 1033: [NULL]
Explanation: Trojan netspy opens these 2 ports.
Port: 1080
Service: SOCKS
Explanation: This protocol passes through the firewall in a tunnel mode, allowing people behind the firewall to access the Internet through an IP address. In theory it should only allow internal communications to reach the Internet. However, due to misconfiguration, it will allow attacks outside the firewall to pass through the firewall. This error often occurs in WinGate, and it is often seen when joining IRC chat rooms.

11 Network port 11 series port meaning

Port: 1170
Service: [NULL]
Note: Trojans Streaming Audio Trojan, Psyber Stream Server, and Voice open this port.

12 Network port 12 series port meaning

Ports: 1234, 1243, 6711, 6776
Service: [NULL]
Note: Trojans SubSeven2.0 and Ultors Trojan open ports 1234 and 6776. Trojan SubSeven 1.0 / 1.9 opens ports 1243, 6711, 6776.
Port: 1245
Service: [NULL]
Description: Trojan Vodoo opens this port.

14 Network port 14 series port meaning

Port: 1433
Service: SQL
Description: Microsoft SQL service open port.
Port: 1492
Service: stone-design-1
Description: Trojan FTP99CMP opens this port.

15 Network port 15 series port meaning

Port: 1500
Service: RPC client fixed port session queries
Description: RPC client fixed port session query
Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120
Port: 1524
Service: inress
Note: Many attack scripts will install a backdoor shell on this port, especially scripts that target the Sendmail and RPC service vulnerabilities in the SUN system. If you see a connection attempt on this port just after installing the firewall, it is most likely the reason described above. You can try to Telnet to this port on the user's computer and see if it will give you a shell. Connecting to 600 / pcserver also has this problem.

16 Network port 16 series port meaning

Port: 1600
Service: issd
Note: This port is open by the Trojan Shivka-Burka.

17 Network port 17 series port meaning

Port: 1720
Service: NetMeeting
Description: NetMeeting H.233 call Setup.
Port: 1731
Service: NetMeeting Audio Call Control
Description: NetMeeting audio call control.

18 Network port 18 series port meaning

Port: 1807
Service: [NULL]
Description: Trojan SpySender opens this port.

19 Network port 19 series port meaning

Port: 1981
Service: [NULL]
Note: This port is open by Trojan ShockRave.
Port: 1999
Service: cisco identification port
Description: Trojan BackDoor opens this port.

20 Network port 20 series port meaning

Port: 2000
Service: [NULL]
Note: Trojans GirlFriend 1.3 and Millenium 1.0 open this port.
Port: 2001
Service: [NULL]
Description: Trojans Millenium 1.0 and Trojan Cow open this port.
Port: 2023
Service: xinuexpansion 4
Description: Trojan Horse Pass Ripper opens this port.
Port: 2049
Service: NFS
Note: NFS programs often run on this port. You usually need to access the Portmapper to find out which port this service is running on.

21 Network port 21 series port meaning

Port: 2115
Service: [NULL]
Description: Trojan horse Bugs open this port.
Port: 2140, 3150
Service: [NULL]
Note: This port is open for Trojan Deep Throat 1.0 / 3.0.

25 Network port 25 series port meaning

Port: 2500
Service: RPC client using a fixed port session replication
Description: RPC client applying fixed port session replication
Port: 2583
Service: [NULL]
Description: The Trojan horse Wincrash 2.0 opens this port.

28 Network port 28 series port meaning

Port: 2801
Service: [NULL]
Note: This port is open by the Trojan Phineas Phucker.

30 Network port 30 series port meaning

Port: 3024, 4092
Service: [NULL]
Note: This port is open by Trojan WinCrash.

31 Network port 31 series port meaning

Port: 3128
Service: squid
Explanation: This is the default port of the Squid HTTP proxy server. An attacker scans this port to access the Internet anonymously in search of a proxy server. You will also see ports 8000, 8001, 8080, and 8888 that search for other proxy servers. Another reason to scan this port is that the user is entering the chat room. Other users will also check this port to determine if the user's machine supports agents.
Port: 3129
Service: [NULL]
Description: Trojan horse Master Paradise opens this port.
Port: 3150
Service: [NULL]
Explanation: The port is open by The Invasor.

32 Network port 32 series port meaning

Port: 3210, 4321
Service: [NULL]
Description: Trojan Horse SchoolBus opens this port

33 Network port 33 series port meaning

Port: 3333
Service: dec-notes
Description: Trojan Prosiak opens this port
Port: 3389
Service: HyperTerminal
Note: WINDOWS 2000 terminal opens this port.

37 Network port 37 series port meaning

Port: 3700
Service: [NULL]
Description: The Trojan Portal of Doom opens this port

39 Network port 39 series port meaning

Port: 3996, 4060
Service: [NULL]
Description: Trojan RemoteAnything opens this port

40 Network port 40 series port meaning

Port: 4000
Service: QQ Client
Explanation: Tencent QQ client opens this port.
Port: 4092
Service: [NULL]
Note: This port is open by Trojan WinCrash.

45 Network port 45 series port meaning

Port: 4590
Service: [NULL]
Description: Trojan horse ICQTrojan opens this port.

50 Network port 50 series port meaning

Port: 5000, 5001, 5321, 50505 Service: [NULL]
Description: Trojan blazer5 opens 5000 ports. Trojan Sockets de Troie opens ports 5000, 5001, 5321, and 50505.

54 Network port 54 is the port meaning

Port: 5400, 5401, 5402
Service: [NULL]
Note: The Trojan Blade Runner opens this port.

55 Network port 55 series port meaning

Port: 5550
Service: [NULL]
Explanation: Trojan horse xtcp opens this port.
Port: 5569
Service: [NULL]
Note: Robo-Hack Trojan opens this port.

56 Network port 56 series port meaning

Port: 5632
Service: pcAnywere

How to view the network port

To view the ports in Windows 2000 / XP / Server 2003, you can use the NETSTAT command:
Start> Run> cmd to open a command prompt window. Type "NETSTAT -a -n" at the command prompt and press the Enter key to see the port numbers and status of TCP and UDP connections in numerical form.
Command format: Netstat? -A?? -E?? -N?? -O?? -S?
-A shows all active TCP connections and TCP and UDP ports the computer is listening on.
-E means to display the number of bytes and data packets sent and received by Ethernet.
-N indicates that only the addresses and port numbers of all active TCP connections are displayed in numbers.
-O indicates to display active TCP connections and includes the process ID (PID) of each connection.
-S indicates to display the statistics of various connections, including the port number, according to the protocol.

How to close the network port

For example, to close port 25 of the SMTP service in Windows 2000 / XP, you can do this: First open the Control Panel, double-click Administrative Tools, and then double-click Services. Then find and double-click the "Simple Mail Transfer Protocol (SMTP)" service in the opened service window, click the "Stop" button to stop the service, then select "Disabled" in the "Startup type", and finally click "OK" "Button. In this way, closing the SMTP service is equivalent to closing the corresponding port. [1]

How to open a network port

If you want to open the port, just select "Auto" in "Startup Type", click the "OK" button, then open the service, and click the "Startup" button in "Service Status" to enable the port. Click the "OK" button.
In addition, in the network connection properties, select the "TCP / IP protocol" property to open the advanced TCP / IP settings. In the option page, open TCP / IP filtering. In the settings window that appears, you can also set the port opening and Off, TCP / IP filtering is not enabled by default.

IN OTHER LANGUAGES

Was this article helpful? Thanks for the feedback Thanks for the feedback

How can we help? How can we help?