TCP ports of interest from a remote security assessment perspective are listed in Table A-1. I have included references to chapters within this book, along with other details that I deem appropriate, including MITRE CVE references to known issues.
Table A-1. TCP ports
Port | Name | Notes |
---|
1 | tcpmux | TCP port multiplexer, indicates the host is running IRIX |
11 | systat | System status service; see Chapter 5 |
15 | netstat | Network status service; see Chapter 5 |
21 | ftp | File Transfer Protocol (FTP) service; see Chapter 8 |
22 | ssh | Secure Shell (SSH); see Chapter 7 |
23 | telnet | Telnet service; see Chapter 7 |
25 | smtp | Simple Mail Transfer Protocol (SMTP); see Chapter 10 |
42 | wins | Microsoft WINS name service |
43 | whois | WHOIS service; see Chapter 3 |
53 | domain | Domain Name Service (DNS); see Chapter 5 |
79 | finger | Finger service, used to report active users; see Chapter 5 |
80 | http | Hypertext Transfer Protocol (HTTP); see Chapter 6 |
81 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
82 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
88 | kerberos | Kerberos distributed authentication mechanism |
98 | linuxconf | Linuxconf service, remotely exploitable under older Linux distributions; see CVE-2000-0017 |
109 | pop2 | Post Office Protocol version 2 (POP-2), rarely used |
110 | pop3 | Post Office Protocol version 3 (POP-3); see Chapter 10 |
111 | sunrpc | RPC portmapper (also known as rpcbind); see Chapter 12 |
113 | auth | Authentication service (also known as identd); see Chapter 5 |
119 | nntp | Network News Transfer Protocol (NNTP) |
135 | loc-srv | Microsoft RPC server service; see Chapter 9 |
139 | netbios-ssn | Microsoft NetBIOS session service; see Chapter 9 |
143 | imap | Internet Message Access Protocol (IMAP); see Chapter 10 |
179 | bgp | Border Gateway Protocol (BGP), found on routing devices |
256 | fw1-sremote | Check Point SecuRemote VPN service (FW-1 4.0 and prior); see Chapter 11 |
257 | fw1-mgmt | Check Point management service; see Chapter 11 |
258 | fw1-gui | Check Point management GUI service; see Chapter 11 |
259 | fw1-telnet | Check Point Telnet authentication service; see Chapter 11 |
264 | fw1-sremote | Check Point SecuRemote VPN service (FW-1 4.1 and later); see Chapter 11 |
389 | ldap | Lightweight Directory Access Protocol (LDAP); see Chapter 5 |
443 | https | SSL-enhanced HTTP web service; see Chapter 6 |
445 | cifs | Common Internet File System (CIFS); see Chapter 9 |
464 | kerberos | Kerberos distributed authentication mechanism |
465 | ssmtp | SSL-enhanced SMTP mail service; see Chapter 10 |
512 | exec | Remote execution service (in.rexecd); see Chapter 7 |
513 | login | Remote login service (in.rlogind); see Chapter 7 |
514 | shell | Remote shell service (in.rshd); see Chapter 7 |
515 | printer | Known as the Line Printer Daemon (LPD) and commonly exploitable under Linux and Solaris |
540 | uucp | Unix-to-Unix copy service |
554 | rtsp | Real Time Streaming Protocol (RTSP), vulnerable to a serious remote exploit; see CVE-2003-0725 |
593 | http-rpc | Microsoft RPC over HTTP port; see Chapter 9 |
636 | ldaps | SSL-enhanced LDAP service; see Chapter 5 |
706 | silc | Secure Internet Live Conferencing (SILC) |
873 | rsync | Linux rsync service, remotely exploitable in some cases; see CVE-2002-0048 |
993 | imaps | SSL-enhanced IMAP mail service; see Chapter 10 |
994 | ircs | SSL-enhanced Internet Relay Chat (IRC) service |
995 | pop3s | SSL enhanced POP-3 mail service; see Chapter 10 |
1080 | socks | SOCKS proxy service; see Chapter 4 |
1352 | lotusnote | Lotus Notes service |
1433 | ms-sql | Microsoft SQL Server; see Chapter 8 |
1494 | citrix-ica | Citrix ICA service; see Chapter 7 |
1521 | oracle-tns | Oracle TNS Listener; see Chapter 8 |
1526 | oracle-tns | Alternate Oracle TNS Listener port; see Chapter 8 |
1541 | oracle-tns | Alternate Oracle TNS Listener port; see Chapter 8 |
1720 | videoconf | H.323 video conferencing service |
1723 | pptp | Point to Point Tunneling Protocol (PPTP); see Chapter 11 |
1999 | cisco-disc | Discovery port found on Cisco IOS devices |
2301 | compaq-dq | Compaq diagnostics HTTP web service; see Chapter 6 |
2401 | cvspserver | Unix CVS service, vulnerable to a number of attacks |
2433 | ms-sql | Alternate Microsoft SQL Server port; see Chapter 8 |
3128 | squid | SQUID web proxy service; see Chapter 6 |
3268 | globalcat | Active Directory Global Catalog service; see Chapter 5 |
3269 | globalcats | SSL-enhanced Global Catalog service; see Chapter 5 |
3306 | mysql | MySQL database service; see Chapter 8 |
3372 | msdtc | Microsoft Distributed Transaction Coordinator (DTC) |
3389 | ms-rdp | Microsoft Remote Desktop Protocol (RDP); see Chapter 7 |
4110 | wg-vpn | WatchGuard branch office VPN service |
4321 | rwhois | NSI rwhoisd service, remotely exploitable in some cases; see CVE-2001-0913 |
4480 | proxy+ | Proxy+ web proxy service; see Chapter 6 |
5000 | upnp | Windows XP plug and play service |
5631 | pcanywhere | pcAnywhere service |
5632 | pcanywhere | pcAnywhere service |
5800 | vnc-java | Virtual Network Computing (VNC) web service; see Chapter 7 |
5900 | vnc | Virtual Network Computing (VNC) service; see Chapter 7 |
6000 | x11 | X Windows service; see Chapter 7 |
6103 | backupexec | VERTIAS Backup Exec service |
6112 | dtspcd | Unix CDE window manager Desktop Subprocess Control Service Daemon (DTSPCD), vulnerable on multiple commercial platforms; see CVE-2001-0803 |
6588 | analogx | AnalogX web proxy; see Chapter 6 |
7100 | font-service | X Server font service |
8000 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
8080 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
8081 | proxy-alt | Alternate web proxy service port; see Chapter 6 |
8890 | sourcesafe | Microsoft Source Safe service |
9100 | jetdirect | HP JetDirect printer management port |