Networking Solutions

Ports and services

There are hundreds of ports and services registered with the Internet Assigned Number Authority (for the complete list) look here at IANA.) In practice, less than one hundred are in common use.
Services have assigned ports so that a client can find the service easily on a remote host. For example, telnet servers listen at port 23, and SMTP (Simple Mail Transport Protocol) servers listen at port 25. Client applications, like a telnet program or mail reader, use randomly assigned ports typically greater than 1023.
Although a particular service may have an assigned port, there is nothing about TCP/IP to prevent most services from listening to another port. A common example of this is HTTP, the protocol used for accessing Web servers. The assigned port for HTTP is port 80, but other ports are relatively common. An intruder who sets up a backdoor may use an assigned port for an unregistered service (like a program that provides a root shell on demand), or the intruder may put a service, like a telnet server, on some other port than port 23. In other words, there is nothing sacred about port numbers--it is just customary to use them, as well as making things a lot simpler.

Port Numbers and Description

The purpose of this table is to list some of the port addresses associated either with popular services, or port addresses associated with services that have often been abused in the past. This list is by no means complete, but has in the past proven to be helpful. For example, if you have set up a firewall, and are noticing lots of connection attempts to port 113/tcp, you might be worried about an attack. But port 113/tcp is used by mail transport agents (sendmail in particular) in an attempt to identify the name of the user sending email.
Note also that many port addresses appear twice: once for a TCP-based service and again for a different UDP-based one. In the past, the custom was to allocated each type of port independently, so port 514/tcp belongs to the remote shell (rsh) and 514/udp is used by the system logger (syslogd). More recently, ports of both types have been assigned together, for example, ports 135, 138, and 139, both TCP and UDP, are assigned to Microsoft services.

In the list that follows you will find a column labeled "Safe?" No service is inherently safe, but some are much more dangerous than others. In most cases, things marked with a Y are considered useful and are more or less safe. There are certain protocols, such as SMB (ports 138 and 139) that are considered useful but not at all safe to pass through a firewall. Unsafe services are listed with an N.
A few services are listed with a dash. These services can be used more securely by limiting access to particular server addresses only. In the recent past, DNS servers have been attacked, gaining root access, and SMTP servers have always been a problem. Where ever practical, put public servers outside of your internal network. For the greatest level of security, permit no incoming connections to servers at all, with the exception of strongly authenticated and encrypted connections (such as SSH).

Security Advisory Services

The Treachery Unlimited has a useful search feature and comprehensive ports list, and includes ports often used by Trojans like SubSeven. Neohapsis also has a very complete ports list that is, one that includes not only official ports, but trojan ports as well.

Comments are closed.