TCP ports of interest from a remote security assessment perspective are listed in Table A-1. I have included references to chapters within this book, along with other details that I deem appropriate, including MITRE CVE references to known issues.
Port |
Name |
Notes |
---|---|---|
1 |
tcpmux |
TCP port multiplexer, indicates the host is running IRIX |
11 |
systat |
System status service; see Chapter 5 |
15 |
netstat |
Network status service; see Chapter 5 |
21 |
ftp |
File Transfer Protocol (FTP) service; see Chapter 8 |
22 |
ssh |
Secure Shell (SSH); see Chapter 7 |
23 |
telnet |
Telnet service; see Chapter 7 |
25 |
smtp |
Simple Mail Transfer Protocol (SMTP); see Chapter 10 |
42 |
wins |
Microsoft WINS name service |
43 |
whois |
WHOIS service; see Chapter 3 |
53 |
domain |
Domain Name Service (DNS); see Chapter 5 |
79 |
finger |
Finger service, used to report active users; see Chapter 5 |
80 |
http |
Hypertext Transfer Protocol (HTTP); see Chapter 6 |
81 |
proxy-alt |
Alternate web proxy service port; see Chapter 6 |
82 |
proxy-alt |
Alternate web proxy service port; see Chapter 6 |
88 |
kerberos |
Kerberos distributed authentication mechanism |
98 |
linuxconf |
Linuxconf service, remotely exploitable under older Linux distributions; see CVE-2000-0017 |
109 |
pop2 |
Post Office Protocol version 2 (POP-2), rarely used |
110 |
pop3 |
Post Office Protocol version 3 (POP-3); see Chapter 10 |
111 |
sunrpc |
RPC portmapper (also known as rpcbind); see Chapter 12 |
113 |
auth |
Authentication service (also known as identd); see Chapter 5 |
119 |
nntp |
Network News Transfer Protocol (NNTP) |
135 |
loc-srv |
Microsoft RPC server service; see Chapter 9 |
139 |
netbios-ssn |
Microsoft NetBIOS session service; see Chapter 9 |
143 |
imap |
Internet Message Access Protocol (IMAP); see Chapter 10 |
179 |
bgp |
Border Gateway Protocol (BGP), found on routing devices |
256 |
fw1-sremote |
Check Point SecuRemote VPN service (FW-1 4.0 and prior); see Chapter 11 |
257 |
fw1-mgmt |
Check Point management service; see Chapter 11 |
258 |
fw1-gui |
Check Point management GUI service; see Chapter 11 |
259 |
fw1-telnet |
Check Point Telnet authentication service; see Chapter 11 |
264 |
fw1-sremote |
Check Point SecuRemote VPN service (FW-1 4.1 and later); see Chapter 11 |
389 |
ldap |
Lightweight Directory Access Protocol (LDAP); see Chapter 5 |
443 |
https |
SSL-enhanced HTTP web service; see Chapter 6 |
445 |
cifs |
Common Internet File System (CIFS); see Chapter 9 |
464 |
kerberos |
Kerberos distributed authentication mechanism |
465 |
ssmtp |
SSL-enhanced SMTP mail service; see Chapter 10 |
512 |
exec |
Remote execution service (in.rexecd); see Chapter 7 |
513 |
login |
Remote login service (in.rlogind); see Chapter 7 |
514 |
shell |
Remote shell service (in.rshd); see Chapter 7 |
515 |
printer |
Known as the Line Printer Daemon (LPD) and commonly exploitable under Linux and Solaris |
540 |
uucp |
Unix-to-Unix copy service |
554 |
rtsp |
Real Time Streaming Protocol (RTSP), vulnerable to a serious remote exploit; see CVE-2003-0725 |
593 |
http-rpc |
Microsoft RPC over HTTP port; see Chapter 9 |
636 |
ldaps |
SSL-enhanced LDAP service; see Chapter 5 |
706 |
silc |
Secure Internet Live Conferencing (SILC) |
873 |
rsync |
Linux rsync service, remotely exploitable in some cases; see CVE-2002-0048 |
993 |
imaps |
SSL-enhanced IMAP mail service; see Chapter 10 |
994 |
ircs |
SSL-enhanced Internet Relay Chat (IRC) service |
995 |
pop3s |
SSL enhanced POP-3 mail service; see Chapter 10 |
1080 |
socks |
SOCKS proxy service; see Chapter 4 |
1352 |
lotusnote |
Lotus Notes service |
1433 |
ms-sql |
Microsoft SQL Server; see Chapter 8 |
1494 |
citrix-ica |
Citrix ICA service; see Chapter 7 |
1521 |
oracle-tns |
Oracle TNS Listener; see Chapter 8 |
1526 |
oracle-tns |
Alternate Oracle TNS Listener port; see Chapter 8 |
1541 |
oracle-tns |
Alternate Oracle TNS Listener port; see Chapter 8 |
1720 |
videoconf |
H.323 video conferencing service |
1723 |
pptp |
Point to Point Tunneling Protocol (PPTP); see Chapter 11 |
1999 |
cisco-disc |
Discovery port found on Cisco IOS devices |
2301 |
compaq-dq |
Compaq diagnostics HTTP web service; see Chapter 6 |
2401 |
cvspserver |
Unix CVS service, vulnerable to a number of attacks |
2433 |
ms-sql |
Alternate Microsoft SQL Server port; see Chapter 8 |
3128 |
squid |
SQUID web proxy service; see Chapter 6 |
3268 |
globalcat |
Active Directory Global Catalog service; see Chapter 5 |
3269 |
globalcats |
SSL-enhanced Global Catalog service; see Chapter 5 |
3306 |
mysql |
MySQL database service; see Chapter 8 |
3372 |
msdtc |
Microsoft Distributed Transaction Coordinator (DTC) |
3389 |
ms-rdp |
Microsoft Remote Desktop Protocol (RDP); see Chapter 7 |
4110 |
wg-vpn |
WatchGuard branch office VPN service |
4321 |
rwhois |
NSI rwhoisd service, remotely exploitable in some cases; see CVE-2001-0913 |
4480 |
proxy+ |
Proxy+ web proxy service; see Chapter 6 |
5000 |
upnp |
Windows XP plug and play service |
5631 |
pcanywhere |
pcAnywhere service |
5632 |
pcanywhere |
pcAnywhere service |
5800 |
vnc-java |
Virtual Network Computing (VNC) web service; see Chapter 7 |
5900 |
vnc |
Virtual Network Computing (VNC) service; see Chapter 7 |
6000 |
x11 |
X Windows service; see Chapter 7 |
6103 |
backupexec |
VERTIAS Backup Exec service |
6112 |
dtspcd |
Unix CDE window manager Desktop Subprocess Control Service Daemon (DTSPCD), vulnerable on multiple commercial platforms; see CVE-2001-0803 |
6588 |
analogx |
AnalogX web proxy; see Chapter 6 |
7100 |
font-service |
X Server font service |
8000 |
proxy-alt |
Alternate web proxy service port; see Chapter 6 |
8080 |
proxy-alt |
Alternate web proxy service port; see Chapter 6 |
8081 |
proxy-alt |
Alternate web proxy service port; see Chapter 6 |
8890 |
sourcesafe |
Microsoft Source Safe service |
9100 |
jetdirect |
HP JetDirect printer management port |