Port Numbers List. Enjoy.

Port Numbers List. Enjoy.

Post by Barry Margoli » Wed, 15 Sep 1999 04:00:00





Quote:>There's a few posters wanting to know what services are associated
>with certain port numbers.  Here's a list I've been working with that
>has been a great help.

What's the Yes/No at the end of each line?

Quote:>0 ICMP Click attack Yes

ICMP doesn't have a port number, since it's not TCP or UDP.

Quote:>19 UDP Chargen Yes
>21 TCP Detects if someone is trying to FTP to you. No
>23 TCP Detects if someone is trying to Telnet to you. No
>53 TCP DNS Yes
>129 TCP Password Generator Protocol Yes
>137 TCP Netbios name (DoS attacks) Yes
>138 TCP Netbios datagram (DoS attacks) Yes
>139 TCP Netbios session (DoS attacks) Yes
>555 TCP Stealth Spy - Beta 3 No
>666 TCP Attack FTP No
>1027 TCP ICQ Yes
>1029 TCP ICQ Yes
>1032 TCP ICQ Yes
>1080 TCP Used to detect Wingate sniffers. Yes
>1243 TCP Sub Seven (Also see TCP 6776 and TCP 6711) No
>1981 TCP Shockrave No
>2140 UDP Deep Throat No
>2989 UDP Rat No
>3150 UDP Deep Throat No
>5000 2 TCP Detects & blocks Sokets de Trois v1. Yes
>5001 TCP Detects & blocks Sokets de Trois v1. Yes
>6711 TCP Sub Seven (Also see TCP 1243 and TCP 6776) No
>6776 TCP Sub Seven (Also see TCP 1243 and TCP 6711) No
>6969 TCP Gate Crasher No
>7300 TCP Net Monitor No
>7301 TCP Net Monitor No
>10067 UDP Portal of Doom No
>10167 UDP Portal of Doom No
>12076 TCP GJamer No
>12345 TCP Netbus No
>12346 TCP Netbus No
>20000 TCP Millennium No
>20001 TCP Millennium No
>21554 TCP GirlFriend No
>23456 TCP EvilFTP No
>30100 TCP NetSphere No
>30102 TCP NetSphere No
>31337 UDP Backorifice (BO) No
>31337 TCP Netpatch No
>31338 UDP Deep BO No
>31785 TCP Hack'a'Tack No
>31789 UDP Hack'a'Tack No
>31791 UDP Hack'a'Tack No
>40421 TCP Master's Paradise - Hacked No
>40422 TCP Master's Paradise - Hacked No
>40423 TCP Master's Paradise - Hacked No
>40425 TCP Master's Paradise - Hacked No
>50505 TCP Detects & blocks Sokets de Trois v2. No
>54320 TCP Backorifice 2000 No
>54321 UDP Backorifice 2000 No
>65000 TCP Devil No

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
 
 
 

Port Numbers List. Enjoy.

Post by Jim Hutchis » Wed, 15 Sep 1999 04:00:00


There's a few posters wanting to know what services are associated
with certain port numbers.  Here's a list I've been working with that
has been a great help.

0 ICMP Click attack Yes
19 UDP Chargen Yes
21 TCP Detects if someone is trying to FTP to you. No
23 TCP Detects if someone is trying to Telnet to you. No
53 TCP DNS Yes
129 TCP Password Generator Protocol Yes
137 TCP Netbios name (DoS attacks) Yes
138 TCP Netbios datagram (DoS attacks) Yes
139 TCP Netbios session (DoS attacks) Yes
555 TCP Stealth Spy - Beta 3 No
666 TCP Attack FTP No
1027 TCP ICQ Yes
1029 TCP ICQ Yes
1032 TCP ICQ Yes
1080 TCP Used to detect Wingate sniffers. Yes
1243 TCP Sub Seven (Also see TCP 6776 and TCP 6711) No
1981 TCP Shockrave No
2140 UDP Deep Throat No
2989 UDP Rat No
3150 UDP Deep Throat No
5000 2 TCP Detects & blocks Sokets de Trois v1. Yes
5001 TCP Detects & blocks Sokets de Trois v1. Yes
6711 TCP Sub Seven (Also see TCP 1243 and TCP 6776) No
6776 TCP Sub Seven (Also see TCP 1243 and TCP 6711) No
6969 TCP Gate Crasher No
7300 TCP Net Monitor No
7301 TCP Net Monitor No
10067 UDP Portal of Doom No
10167 UDP Portal of Doom No
12076 TCP GJamer No
12345 TCP Netbus No
12346 TCP Netbus No
20000 TCP Millennium No
20001 TCP Millennium No
21554 TCP GirlFriend No
23456 TCP EvilFTP No
30100 TCP NetSphere No
30102 TCP NetSphere No
31337 UDP Backorifice (BO) No
31337 TCP Netpatch No
31338 UDP Deep BO No
31785 TCP Hack'a'Tack No
31789 UDP Hack'a'Tack No
31791 UDP Hack'a'Tack No
40421 TCP Master's Paradise - Hacked No
40422 TCP Master's Paradise - Hacked No
40423 TCP Master's Paradise - Hacked No
40425 TCP Master's Paradise - Hacked No
50505 TCP Detects & blocks Sokets de Trois v2. No
54320 TCP Backorifice 2000 No
54321 UDP Backorifice 2000 No
65000 TCP Devil No

tcpmux            1/tcp      # TCP Port Service Multiplexer [rfc-1078]
tcpmux            1/udp      # TCP Port Service Multiplexer
compressnet       2/tcp      # Management Utility
compressnet       2/udp      # Management Utility
compressnet       3/tcp      # Compression Process
compressnet       3/udp      # Compression Process
rje               5/tcp      # Remote Job Entry
rje               5/udp      # Remote Job Entry
echo              7/tcp      #
echo              7/udp      #
discard           9/tcp      # sink null
discard           9/udp      # sink null
systat            11/tcp     # Active Users
systat            11/udp     # Active Users
daytime           13/tcp     #
daytime           13/udp     #
netstat           15/tcp     #
qotd              17/tcp     # Quote of the Day
qotd              17/udp     # Quote of the Day
msp               18/tcp     # Message Send Protocol
msp               18/udp     # Message Send Protocol
chargen           19/tcp     # ttytst source Character Generator
chargen           19/udp     # ttytst source Character Generator
ftp-data          20/tcp     # File Transfer [Default Data]
ftp-data          20/udp     # File Transfer [Default Data]
ftp               21/tcp     # File Transfer [Control]
ftp               21/udp     # File Transfer [Control]
ssh               22/tcp     # Secure Shell Login
ssh               22/udp     # Secure Shell Login
telnet            23/tcp     #
telnet            23/udp     #
priv-mail         24/tcp     # any private mail system
priv-mail         24/udp     # any private mail system
smtp              25/tcp     # Simple Mail Transfer
smtp              25/udp     # Simple Mail Transfer
nsw-fe            27/tcp     # NSW User System FE
nsw-fe            27/udp     # NSW User System FE
msg-icp           29/tcp     # MSG ICP
msg-icp           29/udp     # MSG ICP
msg-auth          31/tcp     # MSG Authentication
msg-auth          31/udp     # MSG Authentication
dsp               33/tcp     # Display Support Protocol
dsp               33/udp     # Display Support Protocol
priv-print        35/tcp     # any private printer server
priv-print        35/udp     # any private printer server
time              37/tcp     # timserver
time              37/udp     # timserver
rap               38/tcp     # Route Access Protocol
rap               38/udp     # Route Access Protocol
rlp               39/tcp     # Resource Location Protocol
rlp               39/udp     # Resource Location Protocol
graphics          41/tcp     #
graphics          41/udp     #
nameserver        42/tcp     # Host Name Server
nameserver        42/udp     # Host Name Server
whois             43/tcp     # nicname
shois             43/udp     # nicname
mpm-flags         44/tcp     # MPM FLAGS Protocol
mpm-flags         44/udp     # MPM FLAGS Protocol
mpm               45/tcp     # Message Processing Module [recv]
mpm               45/udp     # Message Processing Module [recv]
mpm-snd           46/tcp     # MPM [default send]
mpm-snd           46/udp     # MPM [default send]
ni-ftp            47/tcp     # NI FTP
ni-ftp            47/udp     # NI FTP
auditd            48/tcp     # Digital Audit Daemon
auditd            48/udp     # Digital Audit Daemon
tacacs            49/tcp     # Login Host Protocol (TACACS)
tacacs            49/udp     # Login Host Protocol (TACACS)
re-mail-ck        50/tcp     # Remote Mail Checking Protocol
re-mail-ck        50/udp     # Remote Mail Checking Protocol
la-maint          51/tcp     # IMP Logical Address Maintenance
la-maint          51/udp     # IMP Logical Address Maintenance
xns-time          52/tcp     # XNS Time Protocol
xns-time          52/udp     # XNS Time Protocol
domain            53/tcp     # Domain Name Server
domain            53/udp     # Domain Name Server
xns-ch            54/tcp     # XNS Clearinghouse
xns-ch            54/udp     # XNS Clearinghouse
isi-gl            55/tcp     # ISI Graphics Language
isi-gl            55/udp     # ISI Graphics Language
xns-auth          56/tcp     # XNS Authentication
xns-auth          56/udp     # XNS Authentication
priv-term         57/tcp     # any private terminal access
priv-term         57/udp     # any private terminal access
xns-mail          58/tcp     # XNS Mail
xns-mail          58/udp     # XNS Mail
priv-file         59/tcp     # any private file service
priv-file         59/udp     # any private file service
ni-mail           61/tcp     # NI MAIL
ni-mail           61/udp     # NI MAIL
acas              62/tcp     # ACA Services
acas              62/udp     # ACA Services
via-ftp           63/tcp     # VIA Systems - FTP & whois++
via-ftp           63/udp     # VIA Systems - FTP & whois++
covia             64/tcp     # Communications Integrator (CI)
covia             64/udp     # Communications Integrator (CI)
tacacs-ds         65/tcp     # TACACS-Database Service
tacacs-ds         65/udp     # TACACS-Database Service
sql*net           66/tcp     # Oracle SQL*NET
sql*net           66/udp     # Oracle SQL*NET
bootps            67/tcp     # Bootstrap Protocol Server
bootps            67/udp     # Bootstrap Protocol Server
bootpc            68/tcp     # Bootstrap Protocol Client
bootpc            68/udp     # Bootstrap Protocol Client
tftp              69/tcp     # Trivial File Transfer
tftp              69/udp     # Trivial File Transfer
gopher            70/tcp     #
gopher            70/udp     #
netrjs-1          71/tcp     # Remote Job Service
netrjs-1          71/udp     # Remote Job Service
netrjs-2          72/tcp     # Remote Job Service
netrjs-2          72/udp     # Remote Job Service
netrjs-3          73/tcp     # Remote Job Service
netrjs-3          73/udp     # Remote Job Service
netrjs-4          74/tcp     # Remote Job Service
netrjs-4          74/udp     # Remote Job Service
priv-dial         75/tcp     # any private dial out service
priv-dial         75/udp     # any private dial out service
deos              76/tcp     # Distributed External Object Store
deos              76/udp     # Distributed External Object Store
priv-rje          77/tcp     # any private RJE service, netrjs
priv-rje          77/udp     # any private RJE service, netjrs
vettcp            78/tcp     #
vettcp            78/udp     #
finger            79/tcp     #
finger            79/udp     #
http              80/tcp     # World Wide Web HTTP
http              80/udp     # World Wide Web HTTP
hosts2-ns         81/tcp     # HOSTS2 Name Server
hosts2-ns         81/udp     # HOSTS2 Name Server
xfer              82/tcp     # XFER Utility
xfer              82/udp     # XFER Utility
mit-ml-dev        83/tcp     # MIT ML Device
mit-ml-dev        83/udp     # MIT ML Device
ctf               84/tcp     # Common Trace Facility
ctf               84/udp     # Common Trace Facility
mit-ml-dev        85/tcp     # MIT ML Device
mit-ml-dev        85/udp     # MIT ML Device
mfcobol           86/tcp     # Micro Focus Cobol
mfcobol           86/udp     # Micro Focus Cobol
priv-term-l       87/tcp     # any private terminal link, ttylink
kerberos-sec      88/tcp     # Kerberos (v5)
kerberos-sec      88/udp     # Kerberos (v5)
su-mit-tg         89/tcp     # SU/MIT Telnet Gateway
su-mit-tg         89/udp     # SU/MIT Telnet Gateway
dnsix             90/tcp     # DNSIX Securit Attribute Token Map
dnsix             90/udp     # DNSIX Securit Attribute Token Map
mit-dov           91/tcp     # MIT Dover Spooler
mit-dov           91/udp     # MIT Dover Spooler
npp               92/tcp     # Network Printing Protocol
npp               92/udp     # Network Printing Protocol
dcp               93/tcp     # Device Control Protocol
dcp               93/udp     # Device Control Protocol
objcall           94/tcp     # Tivoli Object Dispatcher
objcall           94/udp     # Tivoli Object Dispatcher
supdup            95/tcp     # BSD supdupd(8)
supdup            95/udp     #
dixie             96/tcp     # DIXIE Protocol Specification
dixie             96/udp     # DIXIE Protocol Specification
swift-rvf         97/tcp     # Swift Remote Virtural File Protocol
swift-rvf         97/udp     # Swift Remote Virtural File Protocol
...

read more »

 
 
 

Port Numbers List. Enjoy.

Post by Jose Nazari » Thu, 16 Sep 1999 23:43:00



> What's the Yes/No at the end of each line?
> >19 UDP Chargen Yes

my best guess when i saw the list was if well known exploits exist for the ports
(and thus they're good candidates for filtering). is this right, jim?