Common Ports by Platform

skip navigation

honeypots for windows
Chapter 3 - Windows Honeypot Modeling
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

As I’ve stressed in this chapter, when creating your Windows honeypot, it is important to recognize what ports do and don’t belong to a particular Windows version. Tables 3-13 and 3-14 list the common Windows UDP and TCP ports, respectively, by platform. In the tables, an X means the service, and thus its default port, is available on that platform, and a - means that it is not available.

Note 

It is also important that an emulated honeypot correctly responds at the IP stack level to ICMP, UDP, and TCP fingerprinting probes. This will be covered in Chapter 4.

Table 3-13: Common Windows Listening UDP Ports by Platform

Ports/Platform

9x

Me

NT

2000

XP

2003

7—Echo

-

-

X

X

X

X

9—Discard

-

-

X

X

X

X

13—Time

-

-

X

X

X

X

17—Quote of the Day

-

-

X

X

X

X

19—CharGen

-

-

X

X

X

X

53—DNS

-

-

X

X

-

X

67, 68—DHCP

-

-

X

X

X

X

88—Kerberos

-

-

-

X

X

X

123—NTP

-

-

-

X

X

X

135—RPC

X

X

X

X

X

X

137—NetBIOS

X

X

X

X

X

X

138—NetBIOS

X

X

X

X

X

X

379, 389—LDAP

With special client software

With special client software

With special client software

X

X

X

445—CIFS

-

-

-

X

X

X

464—Kerberos

-

 

-

X

X

X

500—IPSec

-

-

With special client software

X

X

X

1434—SQL

-

-

X

X

-

X

1645—IAS

-

-

-

X

-

X

1646—IAS

-

-

-

X

-

X

1701—L2TP

-

-

With special client software

X

X

X

1812—IAS

-

-

-

X

-

X

1813—IAS

-

-

-

X

-

X

1900—UPnP

-

X

-

-

X

-

4500—IPSec

With special client software

-

With special client software

X

X

X

8080—Proxy

-

-

With proxy software

With proxy software

With proxy software

With proxy software

Table 3-14: Common Windows Listening TCP Ports by Platform

Ports/Platform

9x

Me

NT

2000

XP

2003

7—Echo

-

-

X

X

X

X

9—Discard

-

-

X

X

X

X

13—Time

-

-

X

X

X

X

17—Quote of the Day

-

-

X

X

X

X

19—CharGen

-

-

X

X

X

X

20, 21—FTP

-

-

FTP service in IIS

FTP service in IIS

FTP service in IIS

FTP service in IIS

23—Telnet

-

-

Only with Services for Unix

X

-

X

25-SMTP

-

-

With IIS or Exchange

With IIS or Exchange

With IIS

With IIS or Exchange

42—WINS

-

-

X

X

-

X

53—DNS

-

-

X

X

-

X

70—Gopher

-

-

With IIS

With IIS

With IIS

With IIS

80—HTTP

With Personal Web Server

With Personal Web Server

With IIS

With IIS

With IIS

With IIS

88—Kerberos

-

-

-

X

X

X

102—X.400

-

-

With Exchange

With Exchange

-

With Exchange

110—POP3

-

-

With Exchange

With Exchange

-

With Exchange

119—NNTP

-

-

With Exchange

With Exchange

-

With Exchange

135—RPC

X

X

X

X

X

X

137—NetBIOS

X

X

X

X

X

X

139—NetBIOS

X

X

X

X

X

X

143—IMAP

X

X

With Exchange

With Exchange

-

With Exchange

161, 162—SNMP

-

-

X

X

X

X

379, 389—LDAP

With special client software

With special client software

With special client software

X

X

X

443—HTTPS

-

-

With IIS

With IIS

With IIS

With IIS

515—IPP

-

-

-

With IIS

With IIS

With IIS

563—SNEWS

-

-

-

X

X

X

593—RPC over HTTP

-

-

-

X

-

X

636—LDAP SSL

-

-

-

X

-

X

993—IMAP SSL

-

-

-

X

-

X

995—POP SSL

-

-

-

X

-

X

1067, 1068—IBS

-

-

-

X

-

X

1433—SQL Server

-

-

X

X

-

X

3268, 3269—Global Catalog

-

-

-

X

-

X

3389—Terminal Server, RDP

-

-

X

X

X

X

5000—UPnP

-

X

-

-

X

-

8080—Proxy

X

X

With proxy software

With proxy software

With proxy software

With proxy software

Note 

Port 2869 is used by UPnP starting with XP Pro Service Pack 2.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net