Very Computer

by **Barry Margoli** » Wed, 15 Sep 1999 04:00:00

Quote:>There's a few posters wanting to know what services are associated
>with certain port numbers. Here's a list I've been working with that
>has been a great help.

What's the Yes/No at the end of each line?

Quote:>0 ICMP Click attack Yes

ICMP doesn't have a port number, since it's not TCP or UDP.

Quote:>19 UDP Chargen Yes
>21 TCP Detects if someone is trying to FTP to you. No
>23 TCP Detects if someone is trying to Telnet to you. No
>53 TCP DNS Yes
>129 TCP Password Generator Protocol Yes
>137 TCP Netbios name (DoS attacks) Yes
>138 TCP Netbios datagram (DoS attacks) Yes
>139 TCP Netbios session (DoS attacks) Yes
>555 TCP Stealth Spy - Beta 3 No
>666 TCP Attack FTP No
>1027 TCP ICQ Yes
>1029 TCP ICQ Yes
>1032 TCP ICQ Yes
>1080 TCP Used to detect Wingate sniffers. Yes
>1243 TCP Sub Seven (Also see TCP 6776 and TCP 6711) No
>1981 TCP Shockrave No
>2140 UDP Deep Throat No
>2989 UDP Rat No
>3150 UDP Deep Throat No
>5000 2 TCP Detects & blocks Sokets de Trois v1. Yes
>5001 TCP Detects & blocks Sokets de Trois v1. Yes
>6711 TCP Sub Seven (Also see TCP 1243 and TCP 6776) No
>6776 TCP Sub Seven (Also see TCP 1243 and TCP 6711) No
>6969 TCP Gate Crasher No
>7300 TCP Net Monitor No
>7301 TCP Net Monitor No
>10067 UDP Portal of Doom No
>10167 UDP Portal of Doom No
>12076 TCP GJamer No
>12345 TCP Netbus No
>12346 TCP Netbus No
>20000 TCP Millennium No
>20001 TCP Millennium No
>21554 TCP GirlFriend No
>23456 TCP EvilFTP No
>30100 TCP NetSphere No
>30102 TCP NetSphere No
>31337 UDP Backorifice (BO) No
>31337 TCP Netpatch No
>31338 UDP Deep BO No
>31785 TCP Hack'a'Tack No
>31789 UDP Hack'a'Tack No
>31791 UDP Hack'a'Tack No
>40421 TCP Master's Paradise - Hacked No
>40422 TCP Master's Paradise - Hacked No
>40423 TCP Master's Paradise - Hacked No
>40425 TCP Master's Paradise - Hacked No
>50505 TCP Detects & blocks Sokets de Trois v2. No
>54320 TCP Backorifice 2000 No
>54321 UDP Backorifice 2000 No
>65000 TCP Devil No

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

by **Jim Hutchis** » Wed, 15 Sep 1999 04:00:00

There's a few posters wanting to know what services are associated
with certain port numbers. Here's a list I've been working with that
has been a great help.

0 ICMP Click attack Yes
19 UDP Chargen Yes
21 TCP Detects if someone is trying to FTP to you. No
23 TCP Detects if someone is trying to Telnet to you. No
53 TCP DNS Yes
129 TCP Password Generator Protocol Yes
137 TCP Netbios name (DoS attacks) Yes
138 TCP Netbios datagram (DoS attacks) Yes
139 TCP Netbios session (DoS attacks) Yes
555 TCP Stealth Spy - Beta 3 No
666 TCP Attack FTP No
1027 TCP ICQ Yes
1029 TCP ICQ Yes
1032 TCP ICQ Yes
1080 TCP Used to detect Wingate sniffers. Yes
1243 TCP Sub Seven (Also see TCP 6776 and TCP 6711) No
1981 TCP Shockrave No
2140 UDP Deep Throat No
2989 UDP Rat No
3150 UDP Deep Throat No
5000 2 TCP Detects & blocks Sokets de Trois v1. Yes
5001 TCP Detects & blocks Sokets de Trois v1. Yes
6711 TCP Sub Seven (Also see TCP 1243 and TCP 6776) No
6776 TCP Sub Seven (Also see TCP 1243 and TCP 6711) No
6969 TCP Gate Crasher No
7300 TCP Net Monitor No
7301 TCP Net Monitor No
10067 UDP Portal of Doom No
10167 UDP Portal of Doom No
12076 TCP GJamer No
12345 TCP Netbus No
12346 TCP Netbus No
20000 TCP Millennium No
20001 TCP Millennium No
21554 TCP GirlFriend No
23456 TCP EvilFTP No
30100 TCP NetSphere No
30102 TCP NetSphere No
31337 UDP Backorifice (BO) No
31337 TCP Netpatch No
31338 UDP Deep BO No
31785 TCP Hack'a'Tack No
31789 UDP Hack'a'Tack No
31791 UDP Hack'a'Tack No
40421 TCP Master's Paradise - Hacked No
40422 TCP Master's Paradise - Hacked No
40423 TCP Master's Paradise - Hacked No
40425 TCP Master's Paradise - Hacked No
50505 TCP Detects & blocks Sokets de Trois v2. No
54320 TCP Backorifice 2000 No
54321 UDP Backorifice 2000 No
65000 TCP Devil No

tcpmux 1/tcp # TCP Port Service Multiplexer [rfc-1078]
tcpmux 1/udp # TCP Port Service Multiplexer
compressnet 2/tcp # Management Utility
compressnet 2/udp # Management Utility
compressnet 3/tcp # Compression Process
compressnet 3/udp # Compression Process
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp #
echo 7/udp #
discard 9/tcp # sink null
discard 9/udp # sink null
systat 11/tcp # Active Users
systat 11/udp # Active Users
daytime 13/tcp #
daytime 13/udp #
netstat 15/tcp #
qotd 17/tcp # Quote of the Day
qotd 17/udp # Quote of the Day
msp 18/tcp # Message Send Protocol
msp 18/udp # Message Send Protocol
chargen 19/tcp # ttytst source Character Generator
chargen 19/udp # ttytst source Character Generator
ftp-data 20/tcp # File Transfer [Default Data]
ftp-data 20/udp # File Transfer [Default Data]
ftp 21/tcp # File Transfer [Control]
ftp 21/udp # File Transfer [Control]
ssh 22/tcp # Secure Shell Login
ssh 22/udp # Secure Shell Login
telnet 23/tcp #
telnet 23/udp #
priv-mail 24/tcp # any private mail system
priv-mail 24/udp # any private mail system
smtp 25/tcp # Simple Mail Transfer
smtp 25/udp # Simple Mail Transfer
nsw-fe 27/tcp # NSW User System FE
nsw-fe 27/udp # NSW User System FE
msg-icp 29/tcp # MSG ICP
msg-icp 29/udp # MSG ICP
msg-auth 31/tcp # MSG Authentication
msg-auth 31/udp # MSG Authentication
dsp 33/tcp # Display Support Protocol
dsp 33/udp # Display Support Protocol
priv-print 35/tcp # any private printer server
priv-print 35/udp # any private printer server
time 37/tcp # timserver
time 37/udp # timserver
rap 38/tcp # Route Access Protocol
rap 38/udp # Route Access Protocol
rlp 39/tcp # Resource Location Protocol
rlp 39/udp # Resource Location Protocol
graphics 41/tcp #
graphics 41/udp #
nameserver 42/tcp # Host Name Server
nameserver 42/udp # Host Name Server
whois 43/tcp # nicname
shois 43/udp # nicname
mpm-flags 44/tcp # MPM FLAGS Protocol
mpm-flags 44/udp # MPM FLAGS Protocol
mpm 45/tcp # Message Processing Module [recv]
mpm 45/udp # Message Processing Module [recv]
mpm-snd 46/tcp # MPM [default send]
mpm-snd 46/udp # MPM [default send]
ni-ftp 47/tcp # NI FTP
ni-ftp 47/udp # NI FTP
auditd 48/tcp # Digital Audit Daemon
auditd 48/udp # Digital Audit Daemon
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp # Login Host Protocol (TACACS)
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
la-maint 51/tcp # IMP Logical Address Maintenance
la-maint 51/udp # IMP Logical Address Maintenance
xns-time 52/tcp # XNS Time Protocol
xns-time 52/udp # XNS Time Protocol
domain 53/tcp # Domain Name Server
domain 53/udp # Domain Name Server
xns-ch 54/tcp # XNS Clearinghouse
xns-ch 54/udp # XNS Clearinghouse
isi-gl 55/tcp # ISI Graphics Language
isi-gl 55/udp # ISI Graphics Language
xns-auth 56/tcp # XNS Authentication
xns-auth 56/udp # XNS Authentication
priv-term 57/tcp # any private terminal access
priv-term 57/udp # any private terminal access
xns-mail 58/tcp # XNS Mail
xns-mail 58/udp # XNS Mail
priv-file 59/tcp # any private file service
priv-file 59/udp # any private file service
ni-mail 61/tcp # NI MAIL
ni-mail 61/udp # NI MAIL
acas 62/tcp # ACA Services
acas 62/udp # ACA Services
via-ftp 63/tcp # VIA Systems - FTP & whois++
via-ftp 63/udp # VIA Systems - FTP & whois++
covia 64/tcp # Communications Integrator (CI)
covia 64/udp # Communications Integrator (CI)
tacacs-ds 65/tcp # TACACS-Database Service
tacacs-ds 65/udp # TACACS-Database Service
sql*net 66/tcp # Oracle SQL*NET
sql*net 66/udp # Oracle SQL*NET
bootps 67/tcp # Bootstrap Protocol Server
bootps 67/udp # Bootstrap Protocol Server
bootpc 68/tcp # Bootstrap Protocol Client
bootpc 68/udp # Bootstrap Protocol Client
tftp 69/tcp # Trivial File Transfer
tftp 69/udp # Trivial File Transfer
gopher 70/tcp #
gopher 70/udp #
netrjs-1 71/tcp # Remote Job Service
netrjs-1 71/udp # Remote Job Service
netrjs-2 72/tcp # Remote Job Service
netrjs-2 72/udp # Remote Job Service
netrjs-3 73/tcp # Remote Job Service
netrjs-3 73/udp # Remote Job Service
netrjs-4 74/tcp # Remote Job Service
netrjs-4 74/udp # Remote Job Service
priv-dial 75/tcp # any private dial out service
priv-dial 75/udp # any private dial out service
deos 76/tcp # Distributed External Object Store
deos 76/udp # Distributed External Object Store
priv-rje 77/tcp # any private RJE service, netrjs
priv-rje 77/udp # any private RJE service, netjrs
vettcp 78/tcp #
vettcp 78/udp #
finger 79/tcp #
finger 79/udp #
http 80/tcp # World Wide Web HTTP
http 80/udp # World Wide Web HTTP
hosts2-ns 81/tcp # HOSTS2 Name Server
hosts2-ns 81/udp # HOSTS2 Name Server
xfer 82/tcp # XFER Utility
xfer 82/udp # XFER Utility
mit-ml-dev 83/tcp # MIT ML Device
mit-ml-dev 83/udp # MIT ML Device
ctf 84/tcp # Common Trace Facility
ctf 84/udp # Common Trace Facility
mit-ml-dev 85/tcp # MIT ML Device
mit-ml-dev 85/udp # MIT ML Device
mfcobol 86/tcp # Micro Focus Cobol
mfcobol 86/udp # Micro Focus Cobol
priv-term-l 87/tcp # any private terminal link, ttylink
kerberos-sec 88/tcp # Kerberos (v5)
kerberos-sec 88/udp # Kerberos (v5)
su-mit-tg 89/tcp # SU/MIT Telnet Gateway
su-mit-tg 89/udp # SU/MIT Telnet Gateway
dnsix 90/tcp # DNSIX Securit Attribute Token Map
dnsix 90/udp # DNSIX Securit Attribute Token Map
mit-dov 91/tcp # MIT Dover Spooler
mit-dov 91/udp # MIT Dover Spooler
npp 92/tcp # Network Printing Protocol
npp 92/udp # Network Printing Protocol
dcp 93/tcp # Device Control Protocol
dcp 93/udp # Device Control Protocol
objcall 94/tcp # Tivoli Object Dispatcher
objcall 94/udp # Tivoli Object Dispatcher
supdup 95/tcp # BSD supdupd(8)
supdup 95/udp #
dixie 96/tcp # DIXIE Protocol Specification
dixie 96/udp # DIXIE Protocol Specification
swift-rvf 97/tcp # Swift Remote Virtural File Protocol
swift-rvf 97/udp # Swift Remote Virtural File Protocol
...

read more »

by **Jose Nazari** » Thu, 16 Sep 1999 23:43:00

> What's the Yes/No at the end of each line?
> >19 UDP Chargen Yes

my best guess when i saw the list was if well known exploits exist for the ports
(and thus they're good candidates for filtering). is this right, jim?

Very Computer

Port Numbers List. Enjoy.

Port Numbers List. Enjoy.

Port Numbers List. Enjoy.

Port Numbers List. Enjoy.