TCP ports of interest from a remote security assessment perspective are listed in Table A-1. I have included references to chapters within this book, along with other details that I deem appropriate, including MITRE CVE references to known issues.
Table A-1. TCP ports
| Port | Name | Notes |
|---|
| 1 | tcpmux | TCP port multiplexer, indicates the host is running IRIX |
| 11 | systat | System status service; see Chapter 5 |
| 15 | netstat | Network status service; see Chapter 5 |
| 21 | ftp | File Transfer Protocol (FTP) service; see Chapter 8 |
| 22 | ssh | Secure Shell (SSH); see Chapter 7 |
| 23 | telnet | Telnet service; see Chapter 7 |
| 25 | smtp | Simple Mail Transfer Protocol (SMTP); see Chapter 10 |
| 42 | wins | Microsoft WINS name service |
| 43 | whois | WHOIS service; see Chapter 3 |
| 53 | domain | Domain Name Service (DNS); see Chapter 5 |
| 79 | finger | Finger service, used to report active users; see Chapter 5 |
| 80 | http | Hypertext Transfer Protocol (HTTP); see Chapter 6 |
| 81 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
| 82 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
| 88 | kerberos | Kerberos distributed authentication mechanism |
| 98 | linuxconf | Linuxconf service, remotely exploitable under older Linux distributions; see CVE-2000-0017 |
| 109 | pop2 | Post Office Protocol version 2 (POP-2), rarely used |
| 110 | pop3 | Post Office Protocol version 3 (POP-3); see Chapter 10 |
| 111 | sunrpc | RPC portmapper (also known as rpcbind); see Chapter 12 |
| 113 | auth | Authentication service (also known as identd); see Chapter 5 |
| 119 | nntp | Network News Transfer Protocol (NNTP) |
| 135 | loc-srv | Microsoft RPC server service; see Chapter 9 |
| 139 | netbios-ssn | Microsoft NetBIOS session service; see Chapter 9 |
| 143 | imap | Internet Message Access Protocol (IMAP); see Chapter 10 |
| 179 | bgp | Border Gateway Protocol (BGP), found on routing devices |
| 256 | fw1-sremote | Check Point SecuRemote VPN service (FW-1 4.0 and prior); see Chapter 11 |
| 257 | fw1-mgmt | Check Point management service; see Chapter 11 |
| 258 | fw1-gui | Check Point management GUI service; see Chapter 11 |
| 259 | fw1-telnet | Check Point Telnet authentication service; see Chapter 11 |
| 264 | fw1-sremote | Check Point SecuRemote VPN service (FW-1 4.1 and later); see Chapter 11 |
| 389 | ldap | Lightweight Directory Access Protocol (LDAP); see Chapter 5 |
| 443 | https | SSL-enhanced HTTP web service; see Chapter 6 |
| 445 | cifs | Common Internet File System (CIFS); see Chapter 9 |
| 464 | kerberos | Kerberos distributed authentication mechanism |
| 465 | ssmtp | SSL-enhanced SMTP mail service; see Chapter 10 |
| 512 | exec | Remote execution service (in.rexecd); see Chapter 7 |
| 513 | login | Remote login service (in.rlogind); see Chapter 7 |
| 514 | shell | Remote shell service (in.rshd); see Chapter 7 |
| 515 | printer | Known as the Line Printer Daemon (LPD) and commonly exploitable under Linux and Solaris |
| 540 | uucp | Unix-to-Unix copy service |
| 554 | rtsp | Real Time Streaming Protocol (RTSP), vulnerable to a serious remote exploit; see CVE-2003-0725 |
| 593 | http-rpc | Microsoft RPC over HTTP port; see Chapter 9 |
| 636 | ldaps | SSL-enhanced LDAP service; see Chapter 5 |
| 706 | silc | Secure Internet Live Conferencing (SILC) |
| 873 | rsync | Linux rsync service, remotely exploitable in some cases; see CVE-2002-0048 |
| 993 | imaps | SSL-enhanced IMAP mail service; see Chapter 10 |
| 994 | ircs | SSL-enhanced Internet Relay Chat (IRC) service |
| 995 | pop3s | SSL enhanced POP-3 mail service; see Chapter 10 |
| 1080 | socks | SOCKS proxy service; see Chapter 4 |
| 1352 | lotusnote | Lotus Notes service |
| 1433 | ms-sql | Microsoft SQL Server; see Chapter 8 |
| 1494 | citrix-ica | Citrix ICA service; see Chapter 7 |
| 1521 | oracle-tns | Oracle TNS Listener; see Chapter 8 |
| 1526 | oracle-tns | Alternate Oracle TNS Listener port; see Chapter 8 |
| 1541 | oracle-tns | Alternate Oracle TNS Listener port; see Chapter 8 |
| 1720 | videoconf | H.323 video conferencing service |
| 1723 | pptp | Point to Point Tunneling Protocol (PPTP); see Chapter 11 |
| 1999 | cisco-disc | Discovery port found on Cisco IOS devices |
| 2301 | compaq-dq | Compaq diagnostics HTTP web service; see Chapter 6 |
| 2401 | cvspserver | Unix CVS service, vulnerable to a number of attacks |
| 2433 | ms-sql | Alternate Microsoft SQL Server port; see Chapter 8 |
| 3128 | squid | SQUID web proxy service; see Chapter 6 |
| 3268 | globalcat | Active Directory Global Catalog service; see Chapter 5 |
| 3269 | globalcats | SSL-enhanced Global Catalog service; see Chapter 5 |
| 3306 | mysql | MySQL database service; see Chapter 8 |
| 3372 | msdtc | Microsoft Distributed Transaction Coordinator (DTC) |
| 3389 | ms-rdp | Microsoft Remote Desktop Protocol (RDP); see Chapter 7 |
| 4110 | wg-vpn | WatchGuard branch office VPN service |
| 4321 | rwhois | NSI rwhoisd service, remotely exploitable in some cases; see CVE-2001-0913 |
| 4480 | proxy+ | Proxy+ web proxy service; see Chapter 6 |
| 5000 | upnp | Windows XP plug and play service |
| 5631 | pcanywhere | pcAnywhere service |
| 5632 | pcanywhere | pcAnywhere service |
| 5800 | vnc-java | Virtual Network Computing (VNC) web service; see Chapter 7 |
| 5900 | vnc | Virtual Network Computing (VNC) service; see Chapter 7 |
| 6000 | x11 | X Windows service; see Chapter 7 |
| 6103 | backupexec | VERTIAS Backup Exec service |
| 6112 | dtspcd | Unix CDE window manager Desktop Subprocess Control Service Daemon (DTSPCD), vulnerable on multiple commercial platforms; see CVE-2001-0803 |
| 6588 | analogx | AnalogX web proxy; see Chapter 6 |
| 7100 | font-service | X Server font service |
| 8000 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
| 8080 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
| 8081 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
| 8890 | sourcesafe | Microsoft Source Safe service |
| 9100 | jetdirect | HP JetDirect printer management port |
