When your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your PC, it opens a port through which other computers can connect to those services. Port numbers are used to distinguish one network service from another.
Mostly, this is done behind the scenes. However, knowing which programs use a specific port number becomes important when you starting considering security. A firewall uses ports to form its rules about which types of network traffic to allow, and which to prohibit. And the Active Connections utility (netstat.exe), used to determine which ports are currently in use, allows you to uncover vulnerabilities in your system using ports. Ports, firewalls, and the Active Connections utility are all discussed in Chapter 7.
Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports, which is typically unnecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the less reliable UDP protocol.
Ports are divided into three ranges:
Well-known ports: 0–1023
Registered ports: 1024–49151
Dynamic and/or private ports: 49152–65535
The below lists are most commonly used ports. For a more complete listing, see any of these resources:
http://www.iana.org/assignments/port-numbers
http://www.faqs.org/rfcs/rfc1700.html
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Those ports marked with an ✗ in are commonly exploited by worms and other types of remote attacks. Unless you specifically need them, you should block them in your firewall or router.
20–21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Simple Mail Transfer Protocol), used for sending email
42 WINS (Windows Internet Name Service)
43 WhoIs
50–51 IPSec (PPTP Passthrough for VPN, Virtual Private Networking)
53 DNS (Domain Name Server), used for looking up domain names
67 DHCP (Dynamic Host Configuration Protocol)
69 ✗ TFTP
70 Gopher
79 Finger
80 HTTP (Hyper Text Transfer Protocol), used by web browsers to download standard web pages
110 POP3 (Post Office Protocol, version 3), used for retrieving email
119 NNTP (Network News Transfer Protocol), used for newsgroups
123 NTP (Network Time Protocol), used for Windows’ Internet Time feature
135 ✗ RPC (Microsoft Windows Remote Procedure Call)
137–139 ✗ NETBIOS Services
143 IMAP4 (Internet Mail Access Protocol version 4)
161–162 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Mail Access Protocol version 3)
443 HTTPS (HTTP over TLS/SSL), used by web browsers to download secure web pages
445 ✗ Active Directory, file sharing for Microsoft Windows networks (445 UDP used for SMB/Samba)
500 IPSec (PPTP Passthrough for VPN, Virtual Private Networking)
514 RSH (Remote Shell)
531 AOL Instant Messenger (AIM)
554 RTSP (Real Time Streaming Protocol), used for streaming audio and video
563 NNTPS (Network News Transfer Protocol over SSL), used for secure newsgroups
593 ✗ RPC (Microsoft Windows Remote Procedure Call) over HTTP
691 Microsoft Exchange Routing
750 Kerberos IV email authenticating agent
989–990 FTP over SSL (secure File Transfer Protocol)
992 Telnet over SSL (secure Telnet)
993 IMAP4 over SSL (secure Internet Mail Access Protocol version 4)
995 POP3 over SSL (secure Post Office Protocol, version 3)
1026 ✗ Windows Messenger - pop ups (spam)
1194 OpenVPN
1214 ✗ Kazaa peer-to-peer file sharing
1270 Microsoft Operations Manager 2005 agent (MOM 2005)
1352 Lotus Notes/Domino mail routing
1433–1434 Microsoft SQL database system, monitor
1503 Windows Messenger - application sharing and whiteboard
1512 WINS (Windows Internet Name Service)
1701 VPN (Virtual Private Networking) over L2TP
1723 VPN (Virtual Private Networking) over PPTP
1755 MMS (Microsoft Media Services) for Windows Media Player
1812–1813 RADIUS authentication protocol
1863 Windows Live Messenger - instant messenging
1900 Microsoft SSDP Enables discovery of UPnP devices
3074 Xbox Live (Microsoft gaming console)
3306 MySQL database
3389 Remote Desktop Sharing (Microsoft Terminal Services), used for remote control
4444 ✗ W32.BLASTER.WORM virus
5004 and up Windows Messenger - audio and video conferencing (port is chosen dynamically)
5010 Yahoo! Messenger
5190 AOL Instant Messenger
5631, 5632 pcAnywhere, used for remote control
5800, 5801
5900, 5901
VNC (Virtual Network Computing), used for remote control
6699 Peer-to-peer file sharing, used by Napster-like programs
6891–6901 Windows Live Messenger - file transfer, voice
6881–6999 BitTorrent peer-to-peer file transfer clients
Source of Information : OReilly Windows Vista Annoyances Tips Secrets and Hacks
Subscribe to:
Post Comments (Atom)
Cloud storage is for blocks too, not just files
One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...
-
Many of the virus, adware, security, and crash problems with Windows occu when someone installs a driver of dubious origin. The driver suppo...
-
The Berkeley motes are a family of embedded sensor nodes sharing roughly the same architecture. Let us take the MICA mote as an example. T...
-
To facilitate the development of network traffic filtering products, Microsoft created the Windows Filtering Platform (WFP). It is available...
No comments:
Post a Comment