A.1 TCP Ports

TCP ports of interest from a remote security assessment perspective are listed in Table A-1. I have included references to chapters within this book, along with other details that I deem appropriate, including MITRE CVE references to known issues.

Table A-1. TCP ports

Port

Name

Notes

1

tcpmux

TCP port multiplexer, indicates the host is running IRIX

11

systat

System status service; see Chapter 5

15

netstat

Network status service; see Chapter 5

21

ftp

File Transfer Protocol (FTP) service; see Chapter 8

22

ssh

Secure Shell (SSH); see Chapter 7

23

telnet

Telnet service; see Chapter 7

25

smtp

Simple Mail Transfer Protocol (SMTP); see Chapter 10

42

wins

Microsoft WINS name service

43

whois

WHOIS service; see Chapter 3

53

domain

Domain Name Service (DNS); see Chapter 5

79

finger

Finger service, used to report active users; see Chapter 5

80

http

Hypertext Transfer Protocol (HTTP); see Chapter 6

81

proxy-alt

Alternate web proxy service port; see Chapter 6

82

proxy-alt

Alternate web proxy service port; see Chapter 6

88

kerberos

Kerberos distributed authentication mechanism

98

linuxconf

Linuxconf service, remotely exploitable under older Linux distributions; see CVE-2000-0017

109

pop2

Post Office Protocol version 2 (POP-2), rarely used

110

pop3

Post Office Protocol version 3 (POP-3); see Chapter 10

111

sunrpc

RPC portmapper (also known as rpcbind); see Chapter 12

113

auth

Authentication service (also known as identd); see Chapter 5

119

nntp

Network News Transfer Protocol (NNTP)

135

loc-srv

Microsoft RPC server service; see Chapter 9

139

netbios-ssn

Microsoft NetBIOS session service; see Chapter 9

143

imap

Internet Message Access Protocol (IMAP); see Chapter 10

179

bgp

Border Gateway Protocol (BGP), found on routing devices

256

fw1-sremote

Check Point SecuRemote VPN service (FW-1 4.0 and prior); see Chapter 11

257

fw1-mgmt

Check Point management service; see Chapter 11

258

fw1-gui

Check Point management GUI service; see Chapter 11

259

fw1-telnet

Check Point Telnet authentication service; see Chapter 11

264

fw1-sremote

Check Point SecuRemote VPN service (FW-1 4.1 and later); see Chapter 11

389

ldap

Lightweight Directory Access Protocol (LDAP); see Chapter 5

443

https

SSL-enhanced HTTP web service; see Chapter 6

445

cifs

Common Internet File System (CIFS); see Chapter 9

464

kerberos

Kerberos distributed authentication mechanism

465

ssmtp

SSL-enhanced SMTP mail service; see Chapter 10

512

exec

Remote execution service (in.rexecd); see Chapter 7

513

login

Remote login service (in.rlogind); see Chapter 7

514

shell

Remote shell service (in.rshd); see Chapter 7

515

printer

Known as the Line Printer Daemon (LPD) and commonly exploitable under Linux and Solaris

540

uucp

Unix-to-Unix copy service

554

rtsp

Real Time Streaming Protocol (RTSP), vulnerable to a serious remote exploit; see CVE-2003-0725

593

http-rpc

Microsoft RPC over HTTP port; see Chapter 9

636

ldaps

SSL-enhanced LDAP service; see Chapter 5

706

silc

Secure Internet Live Conferencing (SILC)

873

rsync

Linux rsync service, remotely exploitable in some cases; see CVE-2002-0048

993

imaps

SSL-enhanced IMAP mail service; see Chapter 10

994

ircs

SSL-enhanced Internet Relay Chat (IRC) service

995

pop3s

SSL enhanced POP-3 mail service; see Chapter 10

1080

socks

SOCKS proxy service; see Chapter 4

1352

lotusnote

Lotus Notes service

1433

ms-sql

Microsoft SQL Server; see Chapter 8

1494

citrix-ica

Citrix ICA service; see Chapter 7

1521

oracle-tns

Oracle TNS Listener; see Chapter 8

1526

oracle-tns

Alternate Oracle TNS Listener port; see Chapter 8

1541

oracle-tns

Alternate Oracle TNS Listener port; see Chapter 8

1720

videoconf

H.323 video conferencing service

1723

pptp

Point to Point Tunneling Protocol (PPTP); see Chapter 11

1999

cisco-disc

Discovery port found on Cisco IOS devices

2301

compaq-dq

Compaq diagnostics HTTP web service; see Chapter 6

2401

cvspserver

Unix CVS service, vulnerable to a number of attacks

2433

ms-sql

Alternate Microsoft SQL Server port; see Chapter 8

3128

squid

SQUID web proxy service; see Chapter 6

3268

globalcat

Active Directory Global Catalog service; see Chapter 5

3269

globalcats

SSL-enhanced Global Catalog service; see Chapter 5

3306

mysql

MySQL database service; see Chapter 8

3372

msdtc

Microsoft Distributed Transaction Coordinator (DTC)

3389

ms-rdp

Microsoft Remote Desktop Protocol (RDP); see Chapter 7

4110

wg-vpn

WatchGuard branch office VPN service

4321

rwhois

NSI rwhoisd service, remotely exploitable in some cases; see CVE-2001-0913

4480

proxy+

Proxy+ web proxy service; see Chapter 6

5000

upnp

Windows XP plug and play service

5631

pcanywhere

pcAnywhere service

5632

pcanywhere

pcAnywhere service

5800

vnc-java

Virtual Network Computing (VNC) web service; see Chapter 7

5900

vnc

Virtual Network Computing (VNC) service; see Chapter 7

6000

x11

X Windows service; see Chapter 7

6103

backupexec

VERTIAS Backup Exec service

6112

dtspcd

Unix CDE window manager Desktop Subprocess Control Service Daemon (DTSPCD), vulnerable on multiple commercial platforms; see CVE-2001-0803

6588

analogx

AnalogX web proxy; see Chapter 6

7100

font-service

X Server font service

8000

proxy-alt

Alternate web proxy service port; see Chapter 6

8080

proxy-alt

Alternate web proxy service port; see Chapter 6

8081

proxy-alt

Alternate web proxy service port; see Chapter 6

8890

sourcesafe

Microsoft Source Safe service

9100

jetdirect

HP JetDirect printer management port



     
    ASPTreeView.com
     
    Evaluation has РСУ»ЕХФexpired.
    Info...