| ||
Because the biggest hurdle of any security assessment is understanding what systems are running on your networks, an accurate listing of ports and their application owners can be critical to identifying the holes in your systems. Scanning all 131,070 ports (1-65,535 for both TCP and UDP) for every host can take days (if not weeks) to complete, depending on your technique, so a more fine- tuned list of ports and services should be used to address what we call the "Low Hanging Fruit"the potentially vulnerable services.
The following list is by no means a complete one, and some of the applications we present here may be configured to use entirely different ports to listen on. However, this list will give you a good start on tracking down those rogue applications. The ports listed in this table are commonly used to gain information from or access to computer systems. For a more comprehensive listing of ports, see http://www.iana.org/assignments/portnumbers.
Service or Application | Port/Protocol |
---|---|
echo | 7/tcp |
systat | 11/tcp |
chargen | 19/tcp |
ftp-data | 21/tcp |
ssh | 22/tcp |
telnet | 23/tcp |
SMTP | 25/tcp |
nameserver | 42/tcp |
Whois | 43/tcp |
Tacacs | 49/udp |
xns-time | 52/tcp |
xns-time | 52/udp |
dns-lookup | 53/udp |
dns-zone | 53/tcp |
Whois++ | 63/tcp/udp |
Oracle-sqlnet | 66/tcp |
Bootps | 67/tcp/udp |
bootpc | 68/tcp/udp |
Tftp | 69/udp |
gopher | 70/tcp/udp |
Finger | 79/tcp |
http | 80/tcp |
alternate web port (http) | 81/tcp |
kerberos or alternate web port (http) | 88/tcp |
pop2 | 109/tcp |
pop3 | 110/tcp |
Sunrpc | 111/tcp |
sqlserv | 118/tcp |
nntp | 119/tcp |
ntp | 123/tcp/udp |
ntrpc-or-dce (epmap) | 135/tcp/udp |
netbios-ns | 137/tcp/udp |
netbios-dgm | 138/tcp/udp |
netbios | 139/tcp |
imap | 143/tcp |
snmp | 161/udp |
snmp-trap | 162/udp |
xdmcp | 177/tcp/udp |
bgp | 179/tcp |
snmp-checkpoint | 256/tcp |
snmp-checkpoint | 257/tcp |
snmp-checkpoint | 258/tcp |
snmp-checkpoint | 259/tcp |
ldap | 389/tcp |
netware-ip | 396/tcp |
timbuktu | 407/tcp |
https /ssl | 443/tcp |
ms-smb-alternate | 445/tcp/udp |
ipsec-internet-key-exchange(ike) | 500/udp |
exec | 512/tcp |
rlogin | 513/tcp |
rwho | 513/udp |
rshell | 514/tcp |
syslog | 514/udp |
printer | 515/tcp |
printer | 515/udp |
talk | 517/tcp/udp |
ntalk | 518/tcp/udp |
Route/RIP/RIPv2 | 520/udp |
netware-ncp | 524/tcp |
irc-serv | 529/tcp/udp |
Uucp | 540/tcp/udp |
Klogin | 543/tcp/udp |
Mount | 645/udp |
remotelypossible | 799/tcp |
rsync | 873/tcp |
Samba-swat | 901/tcp |
w2k rpc services | 1024-1030/tcp 1024-1030/udp |
Socks | 1080/tcp |
Kpop | 1109/tcp |
bmc-patrol-db | 1313/tcp |
Notes | 1352/tcp |
timbuktu-srv1 | 1417-1420/tcp/udp |
ms-sql | 1433/tcp |
Citrix | 1494/tcp |
Sybase-sql- anywhere | 1498/tcp |
funkproxy | 1505/tcp/udp |
ingres-lock | 1524/tcp |
oracle-srv | 1525/tcp |
oracle-tli | 1527/tcp |
pptp | 1723/tcp |
winsock-proxy | 1745/tcp |
radius | 1812/udp |
remotely-anywhere | 2000/tcp |
cisco-mgmt | 2001/tcp |
nfs | 2049/tcp |
compaq-web | 2301/tcp |
sybase | 2368 |
openview | 2447/tcp |
realsecure | 2998/tcp |
nessusd | 3001/tcp |
ccmail | 3264/tcp/udp |
ms-active-dir-global-catalog | 3268/tcp/udp |
bmc-patrol-agent | 3300/tcp |
mysql | 3306/tcp |
ssql | 3351/tcp |
ms-termserv | 3389/tcp |
cisco-mgmt | 4001/tcp |
nfs-lockd | 4045/tcp |
rwhois | 4321/tcp/udp |
postgress | 5432/tcp |
secured | 5500/udp |
pcanywhere | 5631/tcp |
vnc | 5800/tcp |
vnc-java | 5900/tcp |
xwindows | 6000/tcp |
cisco-mgmt | 6001/tcp |
arcserve | 6050/tcp |
apc | 6549/tcp |
irc | 6667/tcp |
font-service | 7100/tcp/udp |
web | 8000/tcp |
web | 8001/tcp |
web | 8002/tcp |
web | 8080/tcp |
blackice-icecap | 8081/tcp |
cisco-xremote | 9001/tcp |
jetdirect | 9100/tcp |
dragon-ids | 9111/tcp |
iss system scanner agent | 9991/tcp |
iss system scanner console | 9992/tcp |
stel | 10005/tcp |
Netbus | 12345/tcp |
snmp-checkpoint | 18210/tcp |
snmp-checkpoint | 18211/tcp |
snmp-checkpoint | 18186/tcp |
snmp-checkpoint | 18190/tcp |
snmp-checkpoint | 18191/tcp |
snmp-checkpoint | 18192/tcp |
Trinoo_bcast | 27444/tcp |
Trinoo_master | 27665/tcp |
Quake | 27960/udp |
backorifice | 31337/udp |
rpc-solaris | 32771/tcp |
snmp-solaris | 32780/udp |
reachout | 43188/tcp |
bo2k | 54320/tcp |
bo2k | 54321/udp |
netprowler-manager | 61440/tcp |
pcanywhere-def | 65301/tcp |