Appendix C. TCP/IP Ports When your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your computer, it opens a port to which other computers can connect. Port numbers are used to distinguish one network service from another. Mostly, this is done invisibly behind the scenes. However, knowing which programs use a specific port number becomes important when you start considering security. A firewall uses ports to form its rules about which types of network traffic to allow and which to prohibit. And the Active Connections utility (netstat.exe), used to determine which ports are currently in use, allows you to uncover vulnerabilities in your system using ports. Ports, firewalls, and the Active Connections utility are all discussed in Chapter 7. Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports, which is usually unnecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the less-reliable UDP protocol. Ports are divided into three ranges: - Well-known ports: 0-1023
- Registered ports: 1024-49151
- Dynamic and/or private ports: 49152-65535
Since a complete port listing would consume about a hundred pages of this book, only the most commonly used ports are listed here. For a more complete listing, see any of these resources: - http://www.portsdb.org/
- http://www.iana.org/assignments/port-numbers
- http://www.faqs.org/rfcs/rfc1700.html
Table C-1 lists the more commonly used TCP/IP ports. | Those ports marked with an in Table C-1 are commonly exploited by worms and other types of remote attacks. Unless you specifically need them, you should block them in your firewall or router. |
|
Table C-1. Commonly used TCP/IP Ports and how they're used Port number | Description |
---|
21 | FTP (File Transfer Protocol) | 22 | SSH (Secure Shell) | 23 | Telnet | 25 | SMTP (Simple Mail Transfer Protocol), used for sending email | 43 | WhoIs | 50-51 | IPSec (PPTP Passthrough for VPN, Virtual Private Networking) | 53 | DNS (Domain Name Server), used for looking up domain names | 69 | TFTP | 70 | Gopher | 79 | Finger | 80 | HTTP (Hypertext Transfer Protocol), used by web browsers to download standard web pages | 81 | Kerberos | 110 | POP3 (Post Office Protocol, version 3), used for retrieving email | 119 | NNTP (Network News Transfer Protocol), used for newsgroups | 123 | NTP (Network Time Protocol), used for XP's Internet Time feature | 135 | RPC (Microsoft Windows Remote Procedure Call) | 139 | NETBIOS Session Service | 143 | IMAP4 (Internet Mail Access Protocol version 4) | 161, 162 | SNMP (Simple Network Management Protocol) | 220 | IMAP3 (Internet Mail Access Protocol version 3) | 443 | HTTPS (HTTP over TLS/SSL), used by web browsers to download secure web pages | 445 | File sharing for Microsoft Windows networks | 500 | IPSec (PPTP Passthrough for VPN, Virtual Private Networking) | 563 | NNTPS (Network News Transfer Protocol over SSL), used for secure newsgroups | 593 | RPC (Microsoft Windows Remote Procedure Call) over HTTP | 1026 | Windows Messenger - pop-ups (spam) | 1352 | Lotus Notes mail routing | 1503 | Windows Messenger - application sharing and whiteboard | 1701 | VPN (Virtual Private Networking) over L2TP | 1723 | VPN (Virtual Private Networking) over PPTP | 1863 | Windows Messenger - instant messenging | 3389 | Remote Desktop Sharing (Microsoft Terminal Services), used for remote control | 4444 | W32.BLASTER.WORM virus | 5004 and up | Windows Messenger - audio and video conferencing (port is chosen dynamically) | 5010 | Yahoo! Messenger | 5190 | AOL Instant Messenger | 5631, 5632 | pcAnywhere, used for remote control | 5800, 58015900, 5901 | VNC (Virtual Network Computing), used for remote control | 6699 | Peer-to-peer file sharing, used by Napster-like programs | 6891-6900 | Windows Messenger - file transfer | 7648, 7649 | CU-SeeMe video conferencing |
|