Common port number comparison table Port: 1 Port: 7 Port: 19 Port: 21 Port: 22 Port: 23 Port: 25 Port: 31 Port: 42 Port: 53 Port: 67 Port: 69 Port: 79 Port: 80 Port: 99 Port: 102 Port: 109 Port: 110 Port: 113 Port: 119 Port: 135 Port: 137, 138, 139 Port: 143 Port: 161 Port: 177 Port: 389 Port: 443 Port: 456 Port: 513 Port: 544 Port: 548 Port: 553 Port: 555 Port: 568 Port: 569 Port: 635 Port: 636 Port: 666 Port: 993 Port: 1001, 1011 Port: 1024 Port: 1025, 1033 Port: 1080 Port: 1234, 1243, 6711, 6776 Port: 1245 Port: 1433 Port: 1492 Port: 1500 Port: 1503 Port: 1524 - Port: 1720 Port: 1731 Port: 1807 Port: 1981 Port: 1999 Port: 2000 Port: 2001 Port: 2023 Port: 2049 Port: 2115 Port: 2140, 3150 Port: 2500 Port: 2583 Port: 2801 Port: 3024, 4092 Port: 3128 Detailed explanation of common port control 2 Port: 3150 Port: 3210, 4321 Port: 3333 Port: 3389 Port: 3700 Port: 3996, 4060 Port: 4000 Port: 4092 Port: 4590 Port: 5000, 5001, 5321, 50505 Port: 5400, 5401, 5402 Port: 5550 Port: 5569 Port: 5632 Port: 5742 Port: 6267 Port: 6400 Port: 6670, 6671 Port: 6883 Port: 6969 Port: 6970 Port: 7000 Port: 7300, 7301, 7306, 7307, 7308 Port: 7323 Port: 7626 Port: 7789 Port: 8000 Port: 8010 Port: 8080 Port: 9400, 9401, 9402 Ports: 9872, 9873, 9874, 9875, 10067, 10167 Port: 9989 Port: 11000 Port: 11223 Port: 12076, 61466 Port: 12223 Port: 12345, 12346 Port: 12361 Port: 13223 Port: 16969 Port: 17027 Port: 19191 Port: 20000, 20001 Port: 20034 Port: 21554 Port: 22222 Port: 23456 Port: 26274, 47262 Port: 27374 Port: 30100 Port: 30303 Port: 30999 Port: 31337, 31338 Port: 31339 Port: 31666 Port: 33333 Port: 34324 Port: 40412 Ports: 40421, 40422, 40423, 40426, Port: 43210, 54321 Port: 44445 Port: 50766 Port: 53001 Port: 65000
Travel Charger Adapter is convenience for these people who always travel in many countries. Desktop Power Adapter have normal DC connector for your need, and wall power adapter have mutil plug, like US/UK/AU/EU etc. We also can produce the item according to your specific requirement. The material of this product is PC+ABS. All condition of our product is 100% brand new.
Our products built with input/output overvoltage protection, input/output overcurrent protection, over temperature protection, over power protection and short circuit protection. You can send more details of this product, so that we can offer best service to you!
Travel Charger Adapter,Portable Travel Charger Adapter,Mini Travel Charger Adapter,Travel Charger Supply Shenzhen Waweis Technology Co., Ltd. , https://www.szwaweischarger.com
-Detailed explanation of commonly used ports
Now Trojans, a bunch of hackers, it is very important to protect their own computers
The dos command netstat is easier to use. I can see the ports and statuses that I have opened more generally. I usually use
netstat -a
Port: 0
Service: Reserved
Description: Usually used to analyze the operating system. This method works because "0" is an invalid port in some systems, and it will produce different results when you try to connect it with the usual closed port. A typical scan, using
The IP address is 0.0.0.0, set the ACK bit and broadcast on the Ethernet layer.
Service: tcpmux
Description: This shows that someone is looking for an SGI Irix machine. Irix is ​​the main provider of tcpmux, by default
tcpmux is opened in this system. Irix machines are released with several default passwordless accounts, such as:
IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So HACKER searches tcpmux on the Internet and uses these accounts.
Service: Echo
Note: You can see the information sent to XXX0 and XXX255 when many people searched for Fraggle amplifiers.
Service: Character Generator
Note: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. TCP connection will send a data stream containing garbage characters until the connection is closed. HACKER uses IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers. Similarly, the Fraggle DoS attack broadcasts a packet with a fake victim IP to the port of the target address, and the victim is overloaded in response to the data.
Service: FTP
Note: The port opened by the FTP server is used for uploading and downloading. The most common attackers used to find open
Anonymous FTP server method. These servers have readable and writable directories. Trojan Doly Trojan,
Ports opened by Fore, Invisible FTP, WebEx, WinCrash, and Blade Runner.
Service: Ssh
Note: The connection between TCP and this port established by PcAnywhere may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions using the RSAREF library will have many vulnerabilities.
Service: Telnet
Description: Remote login, the intruder is searching for remote login to UNIX services. In most cases, this port is scanned to find the operating system the machine is running on. There are other techniques that the intruder will find the password. Trojan TIny
Telnet Server opens this port.
Service: SMTP
Note: The port opened by the SMTP server is used to send mail. Intruders look for SMTP servers to deliver their SPAM. The intruder's account is closed and they need to connect to the high-bandwidth E-mail server to pass simple information to different addresses. Trojan AnTIgen, Email Password Sender, Haebu Coceda,
Shtrilitz Stealth, WinPC, WinSpy all open this port.
Service: MSG AuthenTIcaTIon
Description: The Trojan Master Paradise and Hackers Paradise open this port.
Service: WINS Replication
Description: WINS replication
Service: Domain Name Server (DNS)
Description: The port opened by the DNS server. The intruder may be trying to perform zone transfer (TCP) to deceive the DNS
(UDP) or hide other communications. Therefore, firewalls often filter or record this port.
Service: Bootstrap Protocol Server
Note: Firewalls through DSL and Cable modem often see a large number of broadcast addresses sent to the broadcast address 255.255.255.255
The data. These machines are requesting an address from the DHCP server. HACKER often enters them, assigns an address and uses itself as a local router to launch a large number of man-in-middle attacks. The client broadcasts the configuration request to port 68, and the server broadcasts the response request to port 67. This response uses broadcast because the client does not yet know the IP address that can be sent.
Service: Trival File Transfer
Note: Many servers provide this service together with bootp to facilitate downloading the startup code from the system. But they often allow intruders to steal any files from the system due to misconfiguration. They can also be used by the system to write files.
Service: Finger Server
Description: The intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to Finger scans from his own machine to other machines.
Service: HTTP
Description: Used for web browsing. The Trojan Executor opens this port.
Service: Metagram Relay
Note: The backdoor ncx99 opens this port.
Service: Message transfer agent (MTA) -X.400 over TCP / IP
Description: Message transfer agent.
Service: Post Office Protocol -Version3
Note: The POP3 server opens this port for receiving mail, and the client accesses the mail service on the server. POP3
The service has many recognized weaknesses. There are at least 20 weaknesses regarding the overflow of username and password exchange buffers, which means that an intruder can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Service: All port descriptions of SUN's RPC service: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc
Service: Authentication Service
Description: This is a protocol that runs on many computers and is used to authenticate users of TCP connections. Using this standard service, you can get information from many computers. But it can be used as a recorder for many services, especially FTP, POP,
Services such as IMAP, SMTP and IRC. Usually if there are many clients accessing these services through the firewall, you will see many connection requests on this port. Remember, if you block this port, the client will feel on the other side of the firewall with
Slow connection of E-MAIL server. Many firewalls support sending RST back during TCP connection blocking. This will stop the slow connection.
Service: Network News Transfer Protocol
Description: NEWS newsgroup transmission protocol, carrying USENET communication. The connection to this port is usually what people are looking for
USENET server. Most ISPs restrict that only their customers can access their newsgroup server. Opening the newsgroup server will allow posting / reading anyone's posts, accessing the restricted newsgroup server, posting anonymously or sending
SPAM.
Service: Location Service
Note: Microsoft runs DCE RPC end-point mapper on this port for its DCOM service. This is
The function of the UNIX 111 port is very similar. Services that use DCOM and RPC use the end-point mapper on the computer
Register their location. When remote clients connect to the computer, they look up the end-point mapper to find the location of the service. Is HACKER scanning this port of the computer to find Exchange Server running on this computer?
What version? Some DOS attacks directly target this port.
Service: NETBIOS Name Service
Note: 137 and 138 are UDP ports. This port is used when transferring files through My Network Places. And port 139:
The connection entered through this port attempts to obtain NetBIOS / SMB service. This protocol is used for Windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.
Service: Interim Mail Access Protocol v2
Note: As with POP3 security issues, many IMAP servers have buffer overflow vulnerabilities. Remember: a
The LINUX worm (admv0rm) will multiply through this port, so many scans of this port come from uninformed infected users. When REDHAT allowed IMAP by default in their Linux release, these vulnerabilities became very popular. This port is also used for IMAP2, but it is not popular.
Service: SNMP
Note: SNMP allows remote management of devices. All configuration and operation information is stored in the database, which can be obtained through SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will attempt to use the default passwords public and private to access the system. They may experiment with all possible combinations. SNMP packets may be wrongly pointed to the user's network.
Service: X Display Manager Control Protocol
Note: Many intruders use it to access the X-windows console.
Services: LDAP, ILS
Note: The Lightweight Directory Access Protocol and NetMeeting Internet Locator Server share this port.
Service: Https
Description: The web browsing port can provide another HTTP for encryption and transmission through a secure port.
Service: [NULL]
Description: Trojan HACKERS PARADISE opens this port.
Services: Login, remote login
Description: It is a broadcast sent from a UNIX computer using a cable modem or DSL to log into the subnet. These people provide information for intruders to enter their systems.
Service: [NULL]
Description: kerberos kshell
Services: Macintosh, File Services (AFP / IP)
Description: Macintosh, file service.
Service: CORBA IIOP (UDP)
Note: Use cable modem, DSL or VLAN will see the broadcast of this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.
Service: DSF
Note: The Trojan PhAse1.0, Stealth Spy, and IniKiller open this port.
Service: Membership DPA
Description: Membership DPA.
Service: Membership MSN
Description: Membership MSN.
Service: mountd
Description: Linux mountd bug. This is a popular BUG for scanning. Most scans of this port are based on
UDP, but TCP-based mountd has increased (mountd runs on two ports at the same time). Remember that mountd can be run on any port (which port is it, you need to do portmap query on port 111), but Linux default port is 635, just like NFS usually runs on port 2049.
Service: LDAP
Description: SSL (Secure Sockets layer)
Service: Doom Id Software
Description: Trojan Attack FTP, Satanz Backdoor open this port
Service: IMAP
Description: SSL (Secure Sockets layer)
Service: [NULL]
Description: Trojan Silencer and WebEx open port 1001. The Trojan Doly Trojan opens port 1011.
Service: Reserved
Note: It is the beginning of a dynamic port. Many programs do not care which port is used to connect to the network. They request the system to allocate the next free port for them. Based on this allocation starts at port 1024. This means that the first request to the system will be allocated to port 1024. You can restart the machine, open Telnet, and then open a window to run
natstat -a will see that Telnet is assigned port 1024. And SQL session also uses this port and 5000 port.
Service: 1025: network blackjack 1033: [NULL]
Description: Trojan netspy opens these 2 ports.
Service: SOCKS
Description: This protocol passes through the firewall in a tunnel mode, allowing people behind the firewall to access through an IP address
INTERNET. In theory, it should only allow internal communications to reach the Internet. But due to the wrong configuration,
It will allow attacks located outside the firewall to pass through the firewall. This kind of error often occurs in WinGate, which is often seen when joining IRC chat rooms.
Port: 1170
Service: [NULL]
Description: Trojan Streaming Audio Trojan, Psyber Stream Server, Voice open this port.
Service: [NULL]
Description: Trojan SubSeven2.0, Ultors Trojan open ports 1234 and 6776. Trojan SubSeven1.0 / 1.9
Open ports 1243, 6711, 6776.
Service: [NULL]
Description: Trojan Vodoo opens this port.
Service: SQL
Description: Open port of Microsoft's SQL service.
Service: stone-design-1
Description: Trojan FTP99CMP opens this port.
Service: RPC client fixed port session queries
Description: RPC client fixed port session query
Service: NetMeeting T.120
Description: NetMeeting T.120
Service: ingress
Note: Many attack scripts will install a backdoor shell on this port, especially for Sendmail in the SUN
And RPC service vulnerability scripts. If you see the connection attempt on this port just after installing the firewall, it may be the above reason. You can try Telnet to this port on the user's computer to see if it will give you a
SHELL. This problem also exists when connecting to 600 / pcserver.
-------------------------------------------------- ------------------------------
- Author: Old Wrangler
-Release time: 2004-10-3 16:47:21
Port: 1600
Service: issd
Description: Trojan Shivka-Burka opens this port.
Service: NetMeeting
Description: NetMeeting H.233 call Setup.
Service: NetMeeting Audio Call Control
Description: NetMeeting audio call control.
Service: [NULL]
Description: Trojan SpySender opens this port.
Service: [NULL]
Description: Trojan ShockRave opens this port.
Service: cisco identification port
Note: The Trojan BackDoor opens this port.
Service: [NULL]
Description: Trojan GirlFriend 1.3 and Millenium 1.0 open this port.
Service: [NULL]
Note: The Trojan Millenium 1.0 and Trojan Cow open this port.
Service: Xinuexpansion 4
Description: The Trojan Pass Ripper opens this port.
Service: NFS
Note: NFS programs often run on this port. Usually need to visit Portmapper to query which port this service is running on.
Service: [NULL]
Description: Trojan Bugs open this port.
Service: [NULL]
Description: The Trojan Deep Throat 1.0 / 3.0 opens this port.
Service: RPC client using a fixed port session replication
Description: RPC client applying fixed port session replication
Service: [NULL]
Description: The Trojan Wincrash 2.0 opens this port.
Service: [NULL]
Description: The Trojan Phineas Phucker opens this port.
Service: [NULL]
Description: The Trojan WinCrash opens this port.
Service: Squid
Note: This is the default port of the Squid HTTP proxy server. The attacker scans this port to search for a proxy server and access the Internet anonymously. You will also see ports 8000, 8001 for searching other proxy servers
8080, 8888. Another reason for scanning this port is that the user is entering the chat room. Other users will also check this port to determine whether the user's machine supports proxy.
Port: 3129
Service: [NULL]
Description: The Trojan Master Paradise opens this port.
Service: [NULL]
Description: The Invasor Trojan opens this port.
Service: [NULL]
Description: Trojan SchoolBus opens this port
Service: dec-notes
Description: Trojan Prosiak opens this port
Service: Super Terminal Description: WINDOWS 2000 terminal opens this port.
Service: [NULL]
Description: Trojan Portal of Doom opens this port
Service: [NULL]
Description: Trojan RemoteAnything opens this port
Service: QQ client Description: Tencent QQ client opens this port.
Service: [NULL]
Description: The Trojan WinCrash opens this port.
Service: [NULL]
Description: Trojan ICQTrojan opens this port.
Service: [NULL]
Description: Trojan blazer5 opens 5000 ports. Trojan Sockets de Troie open 5000, 5001, 5321,
50505 port.
Service: [NULL]
Description: Trojan Blade Runner opens this port.
Service: [NULL]
Description: Trojan xtcp open this port.
Service: [NULL]
Description: The Trojan Robo-Hack opens this port.
Service: pcAnywere
Note: Sometimes you will see a lot of scans of this port, depending on the location of the user. When the user opens
When pcAnywere, it will automatically scan the LAN class C network for possible agents (the agent here refers to agent rather than proxy). Intruders will also look for computers that open this service. , So you should check the source address of this scan. Some scan packets searching for pcAnywere often contain UDP packets on port 22.
Service: [NULL]
Description: The Trojan WinCrash1.03 opens this port.
Service: [NULL]
Description: The Trojan Horse Girls open this port.
Service: [NULL]
Description: The Trojan The tHing opens this port.
Service: [NULL]
Description: The Trojan Deep Throat opens port 6670. And Deep Throat 3.0 opens port 6671.
Service: [NULL]
Description: Trojan DeltaSource opens this port.
Service: [NULL]
Description: Trojan Gatecrasher and Priority open this port.
Service: RealAudio
Note: RealAudio clients will receive audio data streams from the UDP port of 6970-7170 on the server. This is caused by
TCP-7070 port is set for outgoing control connection.
Service: [NULL]
Description: Remote Grab Trojan opens this port.
Service: [NULL]
Description: Trojan NetMonitor opens this port. In addition, NetSpy1.0 also opens port 7306.
Service: [NULL]
Description: Sygate server side.
Service: [NULL]
Description: The Trojan Giscier opens this port.
Service: [NULL]
Description: The Trojan ICKiller opens this port.
Service: OICQ
Note: Open this port on Tencent QQ server.
Service: Wingate
Note: Wingate proxy opens this port.
Service: Proxy port Description: WWW proxy opens this port.
Service: [NULL]
Description: Trojan Incommand 1.0 opens this port.
Service: [NULL]
Description: The Trojan Portal of Doom opens this port.
Service: [NULL]
Description: The Trojan iNi-Killer opens this port.
Service: [NULL]
Description: The Trojan SennaSpy opens this port.
Service: [NULL]
Description: Trogenic Progenic trojan opens this port.
Service: [NULL]
Description: The Trojan Telecommando opens this port.
Service: [NULL]
Description: The Trojan Hack \ '99 KeyLogger opens this port.
Service: [NULL]
Description: Trojan NetBus1.60 / 1.70, GabanBus open this port.
Service: [NULL]
Description: The Trojan Whack-a-mole opens this port.
Service: PowWow
Note: PowWow is a chat program for Tribal Voice. It allows users to open private chat connections on this port.
This procedure is very aggressive for establishing connections. It will be stationed on this TCP port and wait for a response. Causes connection requests similar to heartbeat intervals. If a dial-up user inherits an IP address from another chatter, it will happen as if many different people are testing the port. This protocol uses OPNG as the first 4 bytes of its connection request.
Service: [NULL]
Description: The Trojan Priority opens this port.
Service: Conducent
Explanation: This is an outgoing connection. This is due to the fact that someone inside the company has installed shareware with a "adbot". Conducent "adbot" is for the display advertising of sharing software. A popular software that uses this service is Pkware.
Service: [NULL]
Description: Trojan blue flames open this port.
Service: [NULL]
Description: The Trojan Millennium opens this port.
Service: [NULL]
Description: Trojan NetBus Pro opens this port.
Service: [NULL]
Description: Trojan GirlFriend opens this port.
Service: [NULL]
Description: The Trojan Prosiak opens this port.
Service: [NULL]
Note: Trojan Evil FTP and Ugly FTP open this port.
Service: [NULL]
Description: The Trojan Delta opens this port.
Service: [NULL]
Description: Trojan Subseven 2.1 opens this port.
Service: [NULL]
Description: Trojan NetSphere opens this port.
Service: [NULL]
Description: Trojan Socket23 opens this port.
Service: [NULL]
Description: Trojan Kuang opens this port.
Service: [NULL]
Description: Trojan BO (Back Orifice) opens this port. In addition, Trojan DeepBO also opened port 31338.
Service: [NULL]
Description: Trojan NetSpy DK opens this port.
Service: [NULL]
Description: Trojan BOWhack opens this port.
Service: [NULL]
Description: The Trojan Prosiak opens this port.
Service: [NULL]
Note: The Trojan Tiny Telnet Server, BigGluck, and TN open this port.
Service: [NULL]
Description: The Spy Trojan opens this port.
Service: [NULL]
Description: The Trojan Masters Paradise opens this port.
Service: [NULL]
Description: The Trojan SchoolBus 1.0 / 2.0 opens this port.
Service: [NULL]
Description: Trojan Happypig opens this port.
Service: [NULL]
Description: The Trojan Fore opens this port.
Service: [NULL]
Description: The Trojan Remote Windows Shutdown opens this port.
Service: [NULL]
Description: The Trojan Devil 1.03 opens this port.