Program |
Initial |
Initial |
Initial |
Subquent |
Notes |
|
|---|---|---|---|---|---|---|
| AOL | 5190 | TCP | outbound | none | has its own internet protocol | |
| Back Orifice | 31337 | UDP | outbound | none | the notorious Back Orfice, he-he | |
| DNS | 53 | UDP | Outbound | 0, UDP, inbound |
used to associate plan-language names to IP addresses. either you use your ISP's DNS server or an international one compromising a DNS server via TCP zone transfers | |
| Echo | 7 | TCP | Outbound | none | both the TCP and UDP use the Echo protocol as defined in RCF 862, written in 1983. This trouble shooting protocol does not perform the same function as ICMP. It reterns the info it receives from the client to ensure the transmitio is error free. | |
| Enliven | 537 | TCP | Outbound | none | Enliven is a series of products by narrative Commmunications that gives Webmasters the ability to place advertisement banner on a Web page and to track info-such as number of hits, demographics and sales about the users who click on the banner. For more info see www.narrative.com | |
| Finger | 79 | TCP | Outbound | None | used to identify users on a system by their logon names and the Finger server can supply more info such as full name, email address, phone number. because of that Finger is seldom implemented today | |
| FTP | 21 | TCP | Outbound | 0 TCP, inbound 1025-5000 TCP, outbound 32768-65555 TCP, outbound |
used to manage file transfers on the Net from FTP servers. Along with HTTP, FTP is one of the most often used protocols on the net today. Look at RFCs 959 and 2228 | |
| HTTP | 80 or 8080 | TCP | Outbound | None | the most widely used protocol on the Net today because any idiot can click and point. lokk at RFC 1945, 2068. | |
| HTTP-S | 443 | TCP | outbound | none | is the secure implementation of HTTP. it uses SSL(Secure Sockets Layer) to encript messages being sent. for more info read home.netscape.com | |
| ICQ | 4000 | UDP | Outbound | 0, TCP, inbound, 0, UDP, inbound, 1025-5000, TCP, inbound 1025-5000, TCP, outbound |
(I seek you) is a vary popular chat protocol used to communicate in real time with other ICQ users. Lousy security | |
| IMAP4 | 143 | TCP | outbound | none | The Internet Messaging Access Protocol version 4 is an email transfer protocol. Whether IMAP4 depends on which applications you and your ISP are using. Outlook, Exchange Server ets. | |
| IRC | 6667 | TCP | Outbound | none | notoriously insecure, used for text based communication betweenclients, nothing more. RFCs 1459 | |
| MSN | 569 | TCP | Outbound | None | Microsoft's own news service at www.MSN.com | |
| NetBIOS | 137 | TCP/UDP | Outbound | 138, 139 | used by Windoze as a Name Service, also as a file and printer sharing option. It should definetly be turned OFF, y'hear? | |
| NetBus | 12345, 12346, 20034 | TCP/UDP | Outbound | If you have this on your system, and you didn't put it there, it's already way too late | ||
| NNTP | 119 | TCP | Outbound | none | started back in 1986, the Network News Transfer Protocol is used to transfer news messages through the Usenet news system. RFC 977 | |
| POP3 | 110 | TCP | outbound | none | the Post Office Protocol yet another protocol for transfering mails b'ween clients and servers. Many of the email packagestoday use POP3 toreceive mail messages. RFC1725 | |
| RealAudio | 7070 or 7075 | TCP | outbound | 6770, UDP, outbound 6970-7170, UDP, inbound |
multimedia formats supporting streaming vid and streaming audio, viewed through RealPlayer from RealNetworks. It has been known for ages that the RealPlayer used to collect info on what movies or music the users were listening to and send them back to the server at RealNetworks. Supposetly the newer versions DO NOT do that anymore. | |
| SMTP | 25 | TCP | Outbound | None | the Simple mail Transfer Protocol is often used to transfer from clients to servers and not vice versa. many ISPs use separate servers to receive and send mail. A client usually retrieves its mail from a POP3 server and send its outgoing messages to SMTP server. | |
| Telnet | 23 | TCP | Outbound | None | an almost forgotten terminal emmulation protocol that can be used to manipulate a computer acrss a networkas if the user is sitting at the keyboard(sounds like a trojan, anyone?). it's one of the earliest protocols and is defined in RFC 215, written in 1971 | |
| traceroute | 33434-33523 | UDP | inbound | none | incoming traceroute | |
| Whois | 43 | TCP | Outbound | None | used to query WhoIs servers for info on registered users. For example, the WhoIS at InterNIC ar rs.internic.net has all the info on all registerd DNS domains and system admin responsible for those domains. it is defined in RFC 954 | |
| unassigned | 15 | TCP | outbound | none | was netstat: open connections, routing tables, etc. | |
| more to come |
| Service | Port | Protocol | Hostility | Explanation | ||||||||||||||||||||||||||||||||||||||||||||||||||
| ttymux | 1 | TCP | Hi | possibly part of an sscan probe | ||||||||||||||||||||||||||||||||||||||||||||||||||
| systat | 11 | TCP | Hi | system/user information (ps) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| >chargen | 19 | TCP/UDP | Hi | potential UDP attack | ||||||||||||||||||||||||||||||||||||||||||||||||||
| ssh | 22 | TCP | Med | secure shell service | ||||||||||||||||||||||||||||||||||||||||||||||||||
| ssh | 22 | UDP | Lo | old version of PC Anywhere | ||||||||||||||||||||||||||||||||||||||||||||||||||
| telnet | 23 | TCP | Med | remote login | ||||||||||||||||||||||||||||||||||||||||||||||||||
| dhcpc | 67 | UDP | Lo | probably a mistake | ||||||||||||||||||||||||||||||||||||||||||||||||||
| link | 87 | TCP | Hi | terminal link - commonly used by intruders | ||||||||||||||||||||||||||||||||||||||||||||||||||
| sunrpc | 111 | TCP/UDP | Hi | NFS, NIS, any rpc-based service | ||||||||||||||||||||||||||||||||||||||||||||||||||
| ntp | 123 | UDP | Lo | network time synchroniztion; ok, but impolite | ||||||||||||||||||||||||||||||||||||||||||||||||||
| imap | 143 | TCP | Hi | famous security hole | ||||||||||||||||||||||||||||||||||||||||||||||||||
| NeWS | 144 | TCP | Hi | Sun windowing management system | ||||||||||||||||||||||||||||||||||||||||||||||||||
| snmp | 161, 162 | UDP | Hi | remote network administration | ||||||||||||||||||||||||||||||||||||||||||||||||||
| xdmcp | 177 | UDP | Hi | xdm: XDMCP, X Display Manager | ||||||||||||||||||||||||||||||||||||||||||||||||||
| route | 520 | UDP | Hi | routed | ||||||||||||||||||||||||||||||||||||||||||||||||||
| <>uucp | 540 | TCP | Med | a "famous" file transfer service | ||||||||||||||||||||||||||||||||||||||||||||||||||
| 635 | UDP | Hi | NFS mount service
| socks | 1080 | TCP | Hi | potential spam relay point
| SQL | 1114 | TCP | Hi | part of an sscan signature
| openwin | 2000 | TCP | Hi | OpenWindows windowing system
| NFS | 2049 | TCP/UDP | Hi | remote filesystem access
| pcanywherestat | 5632 | UDP | Lo | PC Anywhere
| X11 | 6000+n | TCP | Hi | X Windows
| ping | 8 | ICMP | Lo | incoming ping
| redirect | 5 | ICMP | Hi | incoming routing redirect bomb
| traceroute | 11 | ICMP | Lo | outgoing response to traceroute
| OS type probe | 0 | TCP/UDP | Hi | broadcasts to destination address 0.0.0.0/0
| |