Common port number comparison table

Posted on

Common port number comparison table


-Detailed explanation of commonly used ports


Now Trojans, a bunch of hackers, it is very important to protect their own computers
The dos command netstat is easier to use. I can see the ports and statuses that I have opened more generally. I usually use
netstat -a
Port: 0
Service: Reserved
Description: Usually used to analyze the operating system. This method works because "0" is an invalid port in some systems, and it will produce different results when you try to connect it with the usual closed port. A typical scan, using
The IP address is 0.0.0.0, set the ACK bit and broadcast on the Ethernet layer.

Port: 1
Service: tcpmux
Description: This shows that someone is looking for an SGI Irix machine. Irix is ​​the main provider of tcpmux, by default
tcpmux is opened in this system. Irix machines are released with several default passwordless accounts, such as:
IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So HACKER searches tcpmux on the Internet and uses these accounts.

Port: 7
Service: Echo
Note: You can see the information sent to XXX0 and XXX255 when many people searched for Fraggle amplifiers.

Port: 19
Service: Character Generator
Note: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. TCP connection will send a data stream containing garbage characters until the connection is closed. HACKER uses IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers. Similarly, the Fraggle DoS attack broadcasts a packet with a fake victim IP to the port of the target address, and the victim is overloaded in response to the data.

Port: 21
Service: FTP
Note: The port opened by the FTP server is used for uploading and downloading. The most common attackers used to find open
Anonymous FTP server method. These servers have readable and writable directories. Trojan Doly Trojan,
Ports opened by Fore, Invisible FTP, WebEx, WinCrash, and Blade Runner.

Port: 22
Service: Ssh
Note: The connection between TCP and this port established by PcAnywhere may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions using the RSAREF library will have many vulnerabilities.

Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for remote login to UNIX services. In most cases, this port is scanned to find the operating system the machine is running on. There are other techniques that the intruder will find the password. Trojan TIny
Telnet Server opens this port.

Port: 25
Service: SMTP
Note: The port opened by the SMTP server is used to send mail. Intruders look for SMTP servers to deliver their SPAM. The intruder's account is closed and they need to connect to the high-bandwidth E-mail server to pass simple information to different addresses. Trojan AnTIgen, Email Password Sender, Haebu Coceda,
Shtrilitz Stealth, WinPC, WinSpy all open this port.

Port: 31
Service: MSG AuthenTIcaTIon
Description: The Trojan Master Paradise and Hackers Paradise open this port.

Port: 42
Service: WINS Replication
Description: WINS replication

Port: 53
Service: Domain Name Server (DNS)
Description: The port opened by the DNS server. The intruder may be trying to perform zone transfer (TCP) to deceive the DNS
(UDP) or hide other communications. Therefore, firewalls often filter or record this port.

Port: 67
Service: Bootstrap Protocol Server
Note: Firewalls through DSL and Cable modem often see a large number of broadcast addresses sent to the broadcast address 255.255.255.255
The data. These machines are requesting an address from the DHCP server. HACKER often enters them, assigns an address and uses itself as a local router to launch a large number of man-in-middle attacks. The client broadcasts the configuration request to port 68, and the server broadcasts the response request to port 67. This response uses broadcast because the client does not yet know the IP address that can be sent.

Port: 69
Service: Trival File Transfer
Note: Many servers provide this service together with bootp to facilitate downloading the startup code from the system. But they often allow intruders to steal any files from the system due to misconfiguration. They can also be used by the system to write files.

Port: 79
Service: Finger Server
Description: The intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to Finger scans from his own machine to other machines.

Port: 80
Service: HTTP
Description: Used for web browsing. The Trojan Executor opens this port.

Port: 99
Service: Metagram Relay
Note: The backdoor ncx99 opens this port.

Port: 102
Service: Message transfer agent (MTA) -X.400 over TCP / IP
Description: Message transfer agent.

Port: 109
Service: Post Office Protocol -Version3
Note: The POP3 server opens this port for receiving mail, and the client accesses the mail service on the server. POP3
The service has many recognized weaknesses. There are at least 20 weaknesses regarding the overflow of username and password exchange buffers, which means that an intruder can enter the system before actually logging in. There are other buffer overflow errors after successful login.

Port: 110
Service: All port descriptions of SUN's RPC service: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc

Port: 113
Service: Authentication Service
Description: This is a protocol that runs on many computers and is used to authenticate users of TCP connections. Using this standard service, you can get information from many computers. But it can be used as a recorder for many services, especially FTP, POP,
Services such as IMAP, SMTP and IRC. Usually if there are many clients accessing these services through the firewall, you will see many connection requests on this port. Remember, if you block this port, the client will feel on the other side of the firewall with
Slow connection of E-MAIL server. Many firewalls support sending RST back during TCP connection blocking. This will stop the slow connection.

Port: 119
Service: Network News Transfer Protocol
Description: NEWS newsgroup transmission protocol, carrying USENET communication. The connection to this port is usually what people are looking for
USENET server. Most ISPs restrict that only their customers can access their newsgroup server. Opening the newsgroup server will allow posting / reading anyone's posts, accessing the restricted newsgroup server, posting anonymously or sending
SPAM.

Port: 135
Service: Location Service
Note: Microsoft runs DCE RPC end-point mapper on this port for its DCOM service. This is
The function of the UNIX 111 port is very similar. Services that use DCOM and RPC use the end-point mapper on the computer
Register their location. When remote clients connect to the computer, they look up the end-point mapper to find the location of the service. Is HACKER scanning this port of the computer to find Exchange Server running on this computer?
What version? Some DOS attacks directly target this port.

Port: 137, 138, 139
Service: NETBIOS Name Service
Note: 137 and 138 are UDP ports. This port is used when transferring files through My Network Places. And port 139:
The connection entered through this port attempts to obtain NetBIOS / SMB service. This protocol is used for Windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.

Port: 143
Service: Interim Mail Access Protocol v2
Note: As with POP3 security issues, many IMAP servers have buffer overflow vulnerabilities. Remember: a
The LINUX worm (admv0rm) will multiply through this port, so many scans of this port come from uninformed infected users. When REDHAT allowed IMAP by default in their Linux release, these vulnerabilities became very popular. This port is also used for IMAP2, but it is not popular.

Port: 161
Service: SNMP
Note: SNMP allows remote management of devices. All configuration and operation information is stored in the database, which can be obtained through SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will attempt to use the default passwords public and private to access the system. They may experiment with all possible combinations. SNMP packets may be wrongly pointed to the user's network.

Port: 177
Service: X Display Manager Control Protocol
Note: Many intruders use it to access the X-windows console.

Port: 389
Services: LDAP, ILS
Note: The Lightweight Directory Access Protocol and NetMeeting Internet Locator Server share this port.

Port: 443
Service: Https
Description: The web browsing port can provide another HTTP for encryption and transmission through a secure port.

Port: 456
Service: [NULL]
Description: Trojan HACKERS PARADISE opens this port.

Port: 513
Services: Login, remote login
Description: It is a broadcast sent from a UNIX computer using a cable modem or DSL to log into the subnet. These people provide information for intruders to enter their systems.

Port: 544
Service: [NULL]
Description: kerberos kshell

Port: 548
Services: Macintosh, File Services (AFP / IP)
Description: Macintosh, file service.

Port: 553
Service: CORBA IIOP (UDP)
Note: Use cable modem, DSL or VLAN will see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.

Port: 555
Service: DSF
Note: The Trojan PhAse1.0, Stealth Spy, and IniKiller open this port.

Port: 568
Service: Membership DPA
Description: Membership DPA.

Port: 569
Service: Membership MSN
Description: Membership MSN.

Port: 635
Service: mountd
Description: Linux mountd bug. This is a popular BUG for scanning. Most scans of this port are based on
UDP, but TCP-based mountd has increased (mountd runs on two ports at the same time). Remember that mountd can be run on any port (which port is it, you need to do portmap query on port 111), but Linux default port is 635, just like NFS usually runs on port 2049.

Port: 636
Service: LDAP
Description: SSL (Secure Sockets layer)

Port: 666
Service: Doom Id Software
Description: Trojan Attack FTP, Satanz Backdoor open this port

Port: 993
Service: IMAP
Description: SSL (Secure Sockets layer)

Port: 1001, 1011
Service: [NULL]
Description: Trojan Silencer and WebEx open port 1001. The Trojan Doly Trojan opens port 1011.

Port: 1024
Service: Reserved
Note: It is the beginning of a dynamic port. Many programs do not care which port is used to connect to the network. They request the system to allocate the next free port for them. Based on this allocation starts at port 1024. This means that the first request to the system will be allocated to port 1024. You can restart the machine, open Telnet, and then open a window to run
natstat -a will see that Telnet is assigned port 1024. And SQL session also uses this port and 5000 port.

Port: 1025, 1033
Service: 1025: network blackjack 1033: [NULL]
Description: Trojan netspy opens these 2 ports.

Port: 1080
Service: SOCKS
Description: This protocol passes through the firewall in a tunnel mode, allowing people behind the firewall to access through an IP address
INTERNET. In theory, it should only allow internal communications to reach the Internet. But due to the wrong configuration,
It will allow attacks located outside the firewall to pass through the firewall. This kind of error often occurs in WinGate, which is often seen when joining IRC chat rooms.
Port: 1170
Service: [NULL]
Description: Trojan Streaming Audio Trojan, Psyber Stream Server, Voice open this port.

Port: 1234, 1243, 6711, 6776
Service: [NULL]
Description: Trojan SubSeven2.0, Ultors Trojan open ports 1234 and 6776. Trojan SubSeven1.0 / 1.9
Open ports 1243, 6711, 6776.

Port: 1245
Service: [NULL]
Description: Trojan Vodoo opens this port.

Port: 1433
Service: SQL
Description: Open port of Microsoft's SQL service.

Port: 1492
Service: stone-design-1
Description: Trojan FTP99CMP opens this port.

Port: 1500
Service: RPC client fixed port session queries
Description: RPC client fixed port session query

Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120

Port: 1524
Service: ingress
Note: Many attack scripts will install a backdoor shell on this port, especially for Sendmail in the SUN
And RPC service vulnerability scripts. If you see the connection attempt on this port just after installing the firewall, it may be the above reason. You can try Telnet to this port on the user's computer to see if it will give you a
SHELL. This problem also exists when connecting to 600 / pcserver.
-------------------------------------------------- ------------------------------

- Author: Old Wrangler
-Release time: 2004-10-3 16:47:21

-
Port: 1600
Service: issd
Description: Trojan Shivka-Burka opens this port.

Port: 1720
Service: NetMeeting
Description: NetMeeting H.233 call Setup.

Port: 1731
Service: NetMeeting Audio Call Control
Description: NetMeeting audio call control.

Port: 1807
Service: [NULL]
Description: Trojan SpySender opens this port.

Port: 1981
Service: [NULL]
Description: Trojan ShockRave opens this port.

Port: 1999
Service: cisco identification port
Note: The Trojan BackDoor opens this port.

Port: 2000
Service: [NULL]
Description: Trojan GirlFriend 1.3 and Millenium 1.0 open this port.

Port: 2001
Service: [NULL]
Note: The Trojan Millenium 1.0 and Trojan Cow open this port.

Port: 2023
Service: Xinuexpansion 4
Description: The Trojan Pass Ripper opens this port.

Port: 2049
Service: NFS
Note: NFS programs often run on this port. Usually need to visit Portmapper to query which port this service is running on.

Port: 2115
Service: [NULL]
Description: Trojan Bugs open this port.

Port: 2140, 3150
Service: [NULL]
Description: The Trojan Deep Throat 1.0 / 3.0 opens this port.

Port: 2500
Service: RPC client using a fixed port session replication
Description: RPC client applying fixed port session replication

Port: 2583
Service: [NULL]
Description: The Trojan Wincrash 2.0 opens this port.

Port: 2801
Service: [NULL]
Description: The Trojan Phineas Phucker opens this port.

Port: 3024, 4092
Service: [NULL]
Description: The Trojan WinCrash opens this port.

Port: 3128
Service: Squid
Note: This is the default port of the Squid HTTP proxy server. The attacker scans this port to search for a proxy server and access the Internet anonymously. You will also see ports 8000, 8001 for searching other proxy servers
8080, 8888. Another reason for scanning this port is that the user is entering the chat room. Other users will also check this port to determine whether the user's machine supports proxy.

Detailed explanation of common port control 2
Port: 3129
Service: [NULL]
Description: The Trojan Master Paradise opens this port.

Port: 3150
Service: [NULL]
Description: The Invasor Trojan opens this port.

Port: 3210, 4321
Service: [NULL]
Description: Trojan SchoolBus opens this port

Port: 3333
Service: dec-notes
Description: Trojan Prosiak opens this port

Port: 3389
Service: Super Terminal Description: WINDOWS 2000 terminal opens this port.

Port: 3700
Service: [NULL]
Description: Trojan Portal of Doom opens this port

Port: 3996, 4060
Service: [NULL]
Description: Trojan RemoteAnything opens this port

Port: 4000
Service: QQ client Description: Tencent QQ client opens this port.

Port: 4092
Service: [NULL]
Description: The Trojan WinCrash opens this port.

Port: 4590
Service: [NULL]
Description: Trojan ICQTrojan opens this port.

Port: 5000, 5001, 5321, 50505
Service: [NULL]
Description: Trojan blazer5 opens 5000 ports. Trojan Sockets de Troie open 5000, 5001, 5321,
50505 port.

Port: 5400, 5401, 5402
Service: [NULL]
Description: Trojan Blade Runner opens this port.

Port: 5550
Service: [NULL]
Description: Trojan xtcp open this port.

Port: 5569
Service: [NULL]
Description: The Trojan Robo-Hack opens this port.

Port: 5632
Service: pcAnywere
Note: Sometimes you will see a lot of scans of this port, depending on the location of the user. When the user opens
When pcAnywere, it will automatically scan the LAN class C network for possible agents (the agent here refers to agent rather than proxy). Intruders will also look for computers that open this service. , So you should check the source address of this scan. Some scan packets searching for pcAnywere often contain UDP packets on port 22.

Port: 5742
Service: [NULL]
Description: The Trojan WinCrash1.03 opens this port.

Port: 6267
Service: [NULL]
Description: The Trojan Horse Girls open this port.

Port: 6400
Service: [NULL]
Description: The Trojan The tHing opens this port.

Port: 6670, 6671
Service: [NULL]
Description: The Trojan Deep Throat opens port 6670. And Deep Throat 3.0 opens port 6671.

Port: 6883
Service: [NULL]
Description: Trojan DeltaSource opens this port.

Port: 6969
Service: [NULL]
Description: Trojan Gatecrasher and Priority open this port.

Port: 6970
Service: RealAudio
Note: RealAudio clients will receive audio data streams from the UDP port of 6970-7170 on the server. This is caused by
TCP-7070 port is set for outgoing control connection.

Port: 7000
Service: [NULL]
Description: Remote Grab Trojan opens this port.

Port: 7300, 7301, 7306, 7307, 7308
Service: [NULL]
Description: Trojan NetMonitor opens this port. In addition, NetSpy1.0 also opens port 7306.

Port: 7323
Service: [NULL]
Description: Sygate server side.

Port: 7626
Service: [NULL]
Description: The Trojan Giscier opens this port.

Port: 7789
Service: [NULL]
Description: The Trojan ICKiller opens this port.

Port: 8000
Service: OICQ
Note: Open this port on Tencent QQ server.

Port: 8010
Service: Wingate
Note: Wingate proxy opens this port.

Port: 8080
Service: Proxy port Description: WWW proxy opens this port.

Port: 9400, 9401, 9402
Service: [NULL]
Description: Trojan Incommand 1.0 opens this port.

Ports: 9872, 9873, 9874, 9875, 10067, 10167
Service: [NULL]
Description: The Trojan Portal of Doom opens this port.

Port: 9989
Service: [NULL]
Description: The Trojan iNi-Killer opens this port.

Port: 11000
Service: [NULL]
Description: The Trojan SennaSpy opens this port.

Port: 11223
Service: [NULL]
Description: Trogenic Progenic trojan opens this port.

Port: 12076, 61466
Service: [NULL]
Description: The Trojan Telecommando opens this port.

Port: 12223
Service: [NULL]
Description: The Trojan Hack \ '99 KeyLogger opens this port.

Port: 12345, 12346
Service: [NULL]
Description: Trojan NetBus1.60 / 1.70, GabanBus open this port.

Port: 12361
Service: [NULL]
Description: The Trojan Whack-a-mole opens this port.

Port: 13223
Service: PowWow
Note: PowWow is a chat program for Tribal Voice. It allows users to open private chat connections on this port.
This procedure is very aggressive for establishing connections. It will be stationed on this TCP port and wait for a response. Causes connection requests similar to heartbeat intervals. If a dial-up user inherits an IP address from another chatter, it will happen as if many different people are testing the port. This protocol uses OPNG as the first 4 bytes of its connection request.

Port: 16969
Service: [NULL]
Description: The Trojan Priority opens this port.

Port: 17027
Service: Conducent
Explanation: This is an outgoing connection. This is due to the fact that someone inside the company has installed shareware with a "adbot". Conducent "adbot" is for the display advertising of sharing software. A popular software that uses this service is Pkware.

Port: 19191
Service: [NULL]
Description: Trojan blue flames open this port.

Port: 20000, 20001
Service: [NULL]
Description: The Trojan Millennium opens this port.

Port: 20034
Service: [NULL]
Description: Trojan NetBus Pro opens this port.

Port: 21554
Service: [NULL]
Description: Trojan GirlFriend opens this port.

Port: 22222
Service: [NULL]
Description: The Trojan Prosiak opens this port.

Port: 23456
Service: [NULL]
Note: Trojan Evil FTP and Ugly FTP open this port.

Port: 26274, 47262
Service: [NULL]
Description: The Trojan Delta opens this port.

Port: 27374
Service: [NULL]
Description: Trojan Subseven 2.1 opens this port.

Port: 30100
Service: [NULL]
Description: Trojan NetSphere opens this port.

Port: 30303
Service: [NULL]
Description: Trojan Socket23 opens this port.

Port: 30999
Service: [NULL]
Description: Trojan Kuang opens this port.

Port: 31337, 31338
Service: [NULL]
Description: Trojan BO (Back Orifice) opens this port. In addition, Trojan DeepBO also opened port 31338.

Port: 31339
Service: [NULL]
Description: Trojan NetSpy DK opens this port.

Port: 31666
Service: [NULL]
Description: Trojan BOWhack opens this port.

Port: 33333
Service: [NULL]
Description: The Trojan Prosiak opens this port.

Port: 34324
Service: [NULL]
Note: The Trojan Tiny Telnet Server, BigGluck, and TN open this port.

Port: 40412
Service: [NULL]
Description: The Spy Trojan opens this port.

Ports: 40421, 40422, 40423, 40426,
Service: [NULL]
Description: The Trojan Masters Paradise opens this port.

Port: 43210, 54321
Service: [NULL]
Description: The Trojan SchoolBus 1.0 / 2.0 opens this port.

Port: 44445
Service: [NULL]
Description: Trojan Happypig opens this port.

Port: 50766
Service: [NULL]
Description: The Trojan Fore opens this port.

Port: 53001
Service: [NULL]
Description: The Trojan Remote Windows Shutdown opens this port.

Port: 65000
Service: [NULL]
Description: The Trojan Devil 1.03 opens this port.



To guarantee process quality control, Xunda has line leakage detecting system, line laser barcode system, Range Hoods appliances testing system, and apply finished product sample test, first article inspection and other complete spot testing systems.

Stainless steel+tempered glass

760m³/h air flow

3 speed electronic switch

6 layers washable aluminum grease filters

2x2LED lamps


Kitchen Range Hoods

Kitchen Range Hoods

Kitchen Range Hoods,Slim Hoods,Recirculating Range Hood,Stainless Steel Range Hood

xunda science&technology group co.ltd , https://www.gasstove.be