What is a Network Port?

In network technology, ports have two meanings: one is a port in the physical sense, such as an ADSL modem, a hub, a switch, or a router used to connect to other network devices, such as RJ-45 ports and SC ports Wait; the second is the logical port, generally refers to the port in the TCP / IP protocol, the port number ranges from 0 to 65535, such as port 80 for browsing web services, port 21 for FTP services .

network port

Some ports are often used by hackers, and also used by some Trojan horses to attack computer systems. The following is an introduction to computer ports and a brief way to prevent hackers.

1 Network port 1 series port meaning

Port: 102

Service: Message transfer agent (MTA) -X.400 over TCP / IP

Description: Message transfer agent.

Port: 109

Service: Post Office Protocol -Version3

Note: The POP3 server opens this port for receiving mails, and clients access the mail service on the server. POP3 services have many recognized weaknesses. There are at least 20 weaknesses in username and password exchange buffer overflows, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.

Port: 110

Service: All ports of SUN's RPC service

Note: Common RPC services are rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.

Port: 119

Service: Network News Transfer Protocol

Description: NEWS newsgroup transmission protocol, carrying USENET communication. Connections on this port are usually people looking for a USENET server. Most ISPs restrict that only their customers can access their newsgroup server. Opening the newsgroup server will allow anyone to post / read posts, access the restricted newsgroup server, post anonymously, or send SPAM.

Port: 135

Service: Location Service

Explanation: Microsoft runs DCE RPC end-point mapper on this port to serve its DCOM. This is very similar to the function of UNIX 111 port. Services that use DCOM and RPC register their locations using an end-point mapper on the computer. When remote clients connect to the computer, they look up the end-point mapper to find where the service is. HACKER scans this port of the computer to find that this computer is running Exchange Server? What version? Some DOS attacks target this port directly.

Ports: 137, 138, 139

Service: NETBIOS Name Service

Note: 137 and 138 are UDP ports. Use this port when transferring files through network neighbors. And port 139: Connections coming in through this port try to get NetBIOS / SMB service. This protocol is used for Windows file and printer sharing and SAMBA. And WINS Regisrtation also uses it.

Port: 161

Service: SNMP

Note: SNMP allows remote management of the device. All configuration and operating information is stored in a database and can be obtained via SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will try to access the system using the default passwords public and private. They may experiment with all possible combinations. SNMP packets may be pointed to the user's network incorrectly

Port: 177

Service: X Display Manager Control Protocol

Note: Many intruders use it to access the X-windows console. It also needs to open port 6000.

2 Network port 2 series port meaning

Port: 21

Service: FTP

Note: The port opened by the FTP server is used for uploading and downloading. The most common attacker uses to find a way to open an anonymous FTP server. These servers have readable and writable directories. Trojans Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash and Blade Runner.

Port: 22

Service: Ssh

Note: The connection between TCP and this port established by PcAnywhere may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions using the RSAREF library will have many vulnerabilities.

Port: 23

Service: Telnet

Description: Remote login, intruder is searching for remote login UNIX services. In most cases, this port is scanned to find the operating system that the machine is running. There are other techniques that intruders can use to find passwords. The Trojan Tiny Telnet Server opens this port. Hacking often uses this port.

Port: 25

Service: SMTP

Note: The port opened by the SMTP server is used to send mail. Intruders look for an SMTP server to deliver their SPAM. The intruder's account was closed and they needed to connect to a high-bandwidth E-MAIL server to pass simple information to different addresses. Trojans Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy all open this port.

3 Network port 3 series port meaning

Port: 389

Service: LDAP, ILS

Note: Lightweight Directory Access Protocol and NetMeeting Internet Locator Server share this port.

4 Network port 4 series port meaning

Port: 443

Service: Https

Description: Web browsing port, which can provide another type of HTTP that is encrypted and transmitted through a secure port.

Port: 456

Service: [NULL]

Note: The Trojan HACKERS PARADISE opens this port.

5 Network port 5 series port meaning

Port: 513

Services: Login, remote login

Note: This is a broadcast from a UNIX computer logged into the subnet using a cable modem or DSL. These individuals provided information on intruders entering their systems.

Port: 544

Service: [NULL]

Description: kerberos kshell

Port: 548

Service: Macintosh, File Services (AFP / IP)

Description: Macintosh, file service.

Port: 553

Service: CORBA IIOP (UDP)

Note: Use cable modem, DSL or VLAN to see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.

Port: 555

Service: DSF

Note: Trojans PhAse1.0, Stealth Spy, and IniKiller open this port.

Port: 568

Service: Membership DPA

Description: Membership DPA.

Port: 569

Service: Membership MSN

Description: Membership MSN.

6 Network port 6 series port meaning

Port: 635

Service: mountd

Description: Linux's mountd bug. This is a popular bug for scanning. Most scans of this port are based on UDP, but TCP-based mountd has increased (mountd runs on two ports simultaneously). Remember that mountd can run on any port (which port is needed, you need to do a portmap query on port 111), but Linux default port is 635, just like NFS usually runs on port 2049.

Port: 636

Service: LDAP

Description: SSL (Secure Sockets layer)

Port: 666

Service: Doom Id Software

Note: Trojans Attack FTP and Satanz Backdoor open this port.

8 Network port 8 series port meaning

Port: 80

Service: HTTP

Description: Used for web browsing. Trojan Horse Executor opens this port.

8080 Network port 8080 port

Port description: Port 8080 is the same as port 80, which is used for WWW proxy service, which can realize web browsing. When visiting a website or using a proxy server, the port number ": 8080" is often added.

Port vulnerability: Port 8080 can be used by various virus programs. For example, the Brown Orifice (BrO) Trojan horse can use port 8080 to completely remotely control the infected computer. In addition, RemoConChubo and RingZero Trojans can also use this port to attack.

Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port.

9 Network port 9 series port meaning

Port: 993

Service: IMAP

Description: SSL (Secure Sockets layer)

10 Network port 10 series port meaning

Port: 1001, 1011

Service: [NULL]

Note: The Trojan Horse Silencer and WebEx open port 1001. The Trojan Doly Trojan opens port 1011.

Port: 1024

Service: Reserved

Explanation: It is the beginning of dynamic ports. Many programs don't care which port is used to connect to the network. They ask the system to assign them the next idle port. Based on this allocation starts at port 1024. This means that the first request to the system will be allocated to port 1024. You can restart the machine, open Telnet, open a window and run netstat -a and you will see that Telnet is assigned 1024 ports. There are also SQL sessions using this port and port 5000.

Port: 1025, 1033

Service: 1025: network blackjack 1033: [NULL]

Explanation: Trojan netspy opens these 2 ports.

Port: 1080

Service: SOCKS

Explanation: This protocol passes through the firewall in a tunnel mode, allowing people behind the firewall to access the Internet through an IP address. In theory it should only allow internal communications to reach the Internet. However, due to misconfiguration, it will allow attacks outside the firewall to pass through the firewall. This error often occurs in WinGate, and it is often seen when joining IRC chat rooms.

11 Network port 11 series port meaning

Port: 1170

Service: [NULL]

Note: Trojans Streaming Audio Trojan, Psyber Stream Server, and Voice open this port.

12 Network port 12 series port meaning

Ports: 1234, 1243, 6711, 6776

Service: [NULL]

Note: Trojans SubSeven2.0 and Ultors Trojan open ports 1234 and 6776. Trojan SubSeven 1.0 / 1.9 opens ports 1243, 6711, 6776.

Port: 1245

Service: [NULL]

Description: Trojan Vodoo opens this port.

14 Network port 14 series port meaning

Port: 1433

Service: SQL

Description: Microsoft SQL service open port.

Port: 1492

Service: stone-design-1

Description: Trojan FTP99CMP opens this port.

15 Network port 15 series port meaning

Port: 1500

Service: RPC client fixed port session queries

Description: RPC client fixed port session query

Port: 1503

Service: NetMeeting T.120

Description: NetMeeting T.120

Port: 1524

Service: inress

Note: Many attack scripts will install a backdoor shell on this port, especially scripts that target the Sendmail and RPC service vulnerabilities in the SUN system. If you see a connection attempt on this port just after installing the firewall, it is most likely the reason described above. You can try to Telnet to this port on the user's computer and see if it will give you a shell. Connecting to 600 / pcserver also has this problem.

16 Network port 16 series port meaning

Port: 1600

Service: issd

Note: This port is open by the Trojan Shivka-Burka.

17 Network port 17 series port meaning

Port: 1720

Service: NetMeeting

Description: NetMeeting H.233 call Setup.

Port: 1731

Service: NetMeeting Audio Call Control

Description: NetMeeting audio call control.

18 Network port 18 series port meaning

Port: 1807

Service: [NULL]

Description: Trojan SpySender opens this port.

19 Network port 19 series port meaning

Port: 1981

Service: [NULL]

Note: This port is open by Trojan ShockRave.

Port: 1999

Service: cisco identification port

Description: Trojan BackDoor opens this port.

20 Network port 20 series port meaning

Port: 2000

Service: [NULL]

Note: Trojans GirlFriend 1.3 and Millenium 1.0 open this port.

Port: 2001

Service: [NULL]

Description: Trojans Millenium 1.0 and Trojan Cow open this port.

Port: 2023

Service: xinuexpansion 4

Description: Trojan Horse Pass Ripper opens this port.

Port: 2049

Service: NFS

Note: NFS programs often run on this port. You usually need to access the Portmapper to find out which port this service is running on.

21 Network port 21 series port meaning

Port: 2115

Service: [NULL]

Description: Trojan horse Bugs open this port.

Port: 2140, 3150

Service: [NULL]

Note: This port is open for Trojan Deep Throat 1.0 / 3.0.

25 Network port 25 series port meaning

Port: 2500

Service: RPC client using a fixed port session replication

Description: RPC client applying fixed port session replication

Port: 2583

Service: [NULL]

Description: The Trojan horse Wincrash 2.0 opens this port.

28 Network port 28 series port meaning

Port: 2801

Service: [NULL]

Note: This port is open by the Trojan Phineas Phucker.

30 Network port 30 series port meaning

Port: 3024, 4092

Service: [NULL]

Note: This port is open by Trojan WinCrash.

31 Network port 31 series port meaning

Port: 3128

Service: squid

Explanation: This is the default port of the Squid HTTP proxy server. An attacker scans this port to access the Internet anonymously in search of a proxy server. You will also see ports 8000, 8001, 8080, and 8888 that search for other proxy servers. Another reason to scan this port is that the user is entering the chat room. Other users will also check this port to determine if the user's machine supports agents.

Port: 3129

Service: [NULL]

Description: Trojan horse Master Paradise opens this port.

Port: 3150

Service: [NULL]

Explanation: The port is open by The Invasor.

32 Network port 32 series port meaning

Port: 3210, 4321

Service: [NULL]

Description: Trojan Horse SchoolBus opens this port

33 Network port 33 series port meaning

Port: 3333

Service: dec-notes

Description: Trojan Prosiak opens this port

Port: 3389

Service: HyperTerminal

Note: WINDOWS 2000 terminal opens this port.

37 Network port 37 series port meaning

Port: 3700

Service: [NULL]

Description: The Trojan Portal of Doom opens this port

39 Network port 39 series port meaning

Port: 3996, 4060

Service: [NULL]

Description: Trojan RemoteAnything opens this port

40 Network port 40 series port meaning

Port: 4000

Service: QQ Client

Explanation: Tencent QQ client opens this port.

Port: 4092

Service: [NULL]

Note: This port is open by Trojan WinCrash.

45 Network port 45 series port meaning

Port: 4590

Service: [NULL]

Description: Trojan horse ICQTrojan opens this port.

50 Network port 50 series port meaning

Port: 5000, 5001, 5321, 50505 Service: [NULL]

Description: Trojan blazer5 opens 5000 ports. Trojan Sockets de Troie opens ports 5000, 5001, 5321, and 50505.

54 Network port 54 is the port meaning

Port: 5400, 5401, 5402

Service: [NULL]

Note: The Trojan Blade Runner opens this port.

55 Network port 55 series port meaning

Port: 5550

Service: [NULL]

Explanation: Trojan horse xtcp opens this port.

Port: 5569

Service: [NULL]

Note: Robo-Hack Trojan opens this port.

56 Network port 56 series port meaning

Port: 5632

Service: pcAnywere

How to view the network port

To view the ports in Windows 2000 / XP / Server 2003, you can use the NETSTAT command:

Start> Run> cmd to open a command prompt window. Type "NETSTAT -a -n" at the command prompt and press the Enter key to see the port numbers and status of TCP and UDP connections in numerical form.

Command format: Netstat? -A?? -E?? -N?? -O?? -S?

-A shows all active TCP connections and TCP and UDP ports the computer is listening on.

-E means to display the number of bytes and data packets sent and received by Ethernet.

-N indicates that only the addresses and port numbers of all active TCP connections are displayed in numbers.

-O indicates to display active TCP connections and includes the process ID (PID) of each connection.

-S indicates to display the statistics of various connections, including the port number, according to the protocol.

How to close the network port

For example, to close port 25 of the SMTP service in Windows 2000 / XP, you can do this: First open the Control Panel, double-click Administrative Tools, and then double-click Services. Then find and double-click the "Simple Mail Transfer Protocol (SMTP)" service in the opened service window, click the "Stop" button to stop the service, then select "Disabled" in the "Startup type", and finally click "OK" "Button. In this way, closing the SMTP service is equivalent to closing the corresponding port. ^[1]

How to open a network port

If you want to open the port, just select "Auto" in "Startup Type", click the "OK" button, then open the service, and click the "Startup" button in "Service Status" to enable the port. Click the "OK" button.

In addition, in the network connection properties, select the "TCP / IP protocol" property to open the advanced TCP / IP settings. In the option page, open TCP / IP filtering. In the settings window that appears, you can also set the port opening and Off, TCP / IP filtering is not enabled by default.

IN OTHER LANGUAGES

• English
• Čeština
• Dansk
• Deutsch
• Svenska
• Français
• Italiano
• Nederlands
• Norsk
• Polski
• Português
• Español
• 日本語
• 한국어