Common Ports by Platform | Honeypots for Windows (Books for Professionals by Professionals)

Chapter 3 - Windows Honeypot Modeling
Honeypots for Windows
by Roger A. Grimes
Apress 2005

As I’ve stressed in this chapter, when creating your Windows honeypot, it is important to recognize what ports do and don’t belong to a particular Windows version. Tables 3-13 and 3-14 list the common Windows UDP and TCP ports, respectively, by platform. In the tables, an X means the service, and thus its default port, is available on that platform, and a - means that it is not available.

Note

It is also important that an emulated honeypot correctly responds at the IP stack level to ICMP, UDP, and TCP fingerprinting probes. This will be covered in Chapter 4.

Table 3-13: Common Windows Listening UDP Ports by Platform
Ports/Platform	9x	Me	NT	2000	XP	2003
7—Echo	-	-	X	X	X	X
9—Discard	-	-	X	X	X	X
13—Time	-	-	X	X	X	X
17—Quote of the Day	-	-	X	X	X	X
19—CharGen	-	-	X	X	X	X
53—DNS	-	-	X	X	-	X
67, 68—DHCP	-	-	X	X	X	X
88—Kerberos	-	-	-	X	X	X
123—NTP	-	-	-	X	X	X
135—RPC	X	X	X	X	X	X
137—NetBIOS	X	X	X	X	X	X
138—NetBIOS	X	X	X	X	X	X
379, 389—LDAP	With special client software	With special client software	With special client software	X	X	X
445—CIFS	-	-	-	X	X	X
464—Kerberos	-		-	X	X	X
500—IPSec	-	-	With special client software	X	X	X
1434—SQL	-	-	X	X	-	X
1645—IAS	-	-	-	X	-	X
1646—IAS	-	-	-	X	-	X
1701—L2TP	-	-	With special client software	X	X	X
1812—IAS	-	-	-	X	-	X
1813—IAS	-	-	-	X	-	X
1900—UPnP	-	X	-	-	X	-
4500—IPSec	With special client software	-	With special client software	X	X	X
8080—Proxy	-	-	With proxy software	With proxy software	With proxy software	With proxy software

Table 3-14: Common Windows Listening TCP Ports by Platform
Ports/Platform	9x	Me	NT	2000	XP	2003
7—Echo	-	-	X	X	X	X
9—Discard	-	-	X	X	X	X
13—Time	-	-	X	X	X	X
17—Quote of the Day	-	-	X	X	X	X
19—CharGen	-	-	X	X	X	X
20, 21—FTP	-	-	FTP service in IIS	FTP service in IIS	FTP service in IIS	FTP service in IIS
23—Telnet	-	-	Only with Services for Unix	X	-	X
25-SMTP	-	-	With IIS or Exchange	With IIS or Exchange	With IIS	With IIS or Exchange
42—WINS	-	-	X	X	-	X
53—DNS	-	-	X	X	-	X
70—Gopher	-	-	With IIS	With IIS	With IIS	With IIS
80—HTTP	With Personal Web Server	With Personal Web Server	With IIS	With IIS	With IIS	With IIS
88—Kerberos	-	-	-	X	X	X
102—X.400	-	-	With Exchange	With Exchange	-	With Exchange
110—POP3	-	-	With Exchange	With Exchange	-	With Exchange
119—NNTP	-	-	With Exchange	With Exchange	-	With Exchange
135—RPC	X	X	X	X	X	X
137—NetBIOS	X	X	X	X	X	X
139—NetBIOS	X	X	X	X	X	X
143—IMAP	X	X	With Exchange	With Exchange	-	With Exchange
161, 162—SNMP	-	-	X	X	X	X
379, 389—LDAP	With special client software	With special client software	With special client software	X	X	X
443—HTTPS	-	-	With IIS	With IIS	With IIS	With IIS
515—IPP	-	-	-	With IIS	With IIS	With IIS
563—SNEWS	-	-	-	X	X	X
593—RPC over HTTP	-	-	-	X	-	X
636—LDAP SSL	-	-	-	X	-	X
993—IMAP SSL	-	-	-	X	-	X
995—POP SSL	-	-	-	X	-	X
1067, 1068—IBS	-	-	-	X	-	X
1433—SQL Server	-	-	X	X	-	X
3268, 3269—Global Catalog	-	-	-	X	-	X
3389—Terminal Server, RDP	-	-	X	X	X	X
5000—UPnP	-	X	-	-	X	-
8080—Proxy	X	X	With proxy software	With proxy software	With proxy software	With proxy software

Note

Port 2869 is used by UPnP starting with XP Pro Service Pack 2.