-
June 29th, 2002, 12:44 PM
#1
What port is that?
Outline
This is a quick, mini-tutorial based around a port list I found. I was trying to figure out some more about a port I found I had open on one of my boxes and was searching for information on what it might be (either malevolent or benign). I came across this list, which, if not exclusive (and I don't really see how any such list could be), certainly seemed to be as good a reference as I could find.
I wanted to post this up, but after staring for half an hour at the forum list the only place it seemed to fit was under tutorials. But to post it there it had to have at least some origional content and be of at least some value to someone.
So I have written a small preface to the list covering some basic topics on ports, services and protocols and the method of scanning a computer for open ports under Win32. If you are comfortable in doing this anyway (and let's face it - if you don't use Win32 you probably will be) I won't be at all offended if you skip the preface entirely and scroll straight to the list.
Introduction
The Internet can be imagined as a really big pipe. Inside this pipe there are thousands of garden hose size pipes, each one with a number, called ports. There are a vast number of Client-Server programs that run on the Internet. These programs are called services (in a Win32 environment) or Daemons (in a *nix environment) and many of these services have been assigned a default garden hose, or port, number.
For example port 80 is the standard web service port. You can run a web server on any port you want of course, but 80 is the default port that web-browser sortware will look on. (I appreciate that this is a simplification, Souleman , but in the context or the readership this is aimed at that's as deep as I want to go.
Each of these services, or daemons, have a specific language, or protocol, that allows clients of the server to make requests for information etc
In the example of our webserver on port 80 the language spoken is that of Hyper Text Transfer Protocol, and therefore our requests to the server are prefaced by http://. This tells the server that we wish to communicate using the http protocol.
An example of such a conversation with the AntiOnline webserver is as follows:
This first specifies that the communication will be held using version 1.1 of the HTTP protocol and asks the web server to return the header information for the default document (specified by / but this could also have been in the format /fileIwant.html)
Next I tell the web server that the host (or website) that I want the information from is www.antionline.com. This is important because under the HTTP/1.1 convention a computer may host multiple sites and you need to select which one will process your query.
Finally the last line is blank - just a carrige return / line feed (the [Enter] key) which tells the server I have finished my request.
The server will return the following header information as requested:
HTTP/1.1 302 Found
Date: Sat, 29 Jun 2002 11:07:22 GMT
Content-Type: text/html
Connection: close
Server: Apache/1.3.26
P3P: policyref="http://www.antionline.com/w3c/p3p.xml"
Set-Cookie: sessionhash=2028cexxxxxxxxxxxd456939ebd8f1f1; path=/; domain=.antionline.com
Set-Cookie: bblastvisit=1025348921; expires=Sun, 29-Jun-03 11:08:41 GMT; path=/;
domain=.antionline.com
Location: http://www.antionline.com/index.php
Via: 1.1 webcacheB11 (NetCache NetApp/5.2.1R1D9)
These protocols are defined by what are called 'Requests for comments' or RFCs. The current full list of RFCs is availible from www.w3.org .
Now we have covered the basics of ports and what they do let's have a look at how we find out what ports are open on a computer. This is one of the first steps you should take in securing a computer. Using the list below we can figure out what each open port is likley to be for and whether we wish to let it remain so.
To do this under a Win32 O/S I use the command line application xport, which can be downloaded from my public FTP here . I like xport because it allows you to scan only 1 IP at a time for ranges of open ports. To do it the other way - ie to scan a range of IPs for a subset of ports - is, to my mind at least, tantamount to cracking, unless you own all of the IPs in the range. xport is also the simplest w32 port scanner I've come accross.
Xport Usage
To use xport from the command line you should add the path to the executable to your environment variables. To do this you must:
1...Type PATH at a command prompt
2...Copy (Mouse select and [Enter] from command prompt) the list of path in the environement (note each path is deliminated by the ; character)
3...Type PATH again but this time paste the existing environment paths after the PATH command
4...Add a new path by appending ;<pathtoexe> where <pathtoexe> will be something like c:\xport
5...Hit [Enter] to save the new environment paths.
Once you have Xport in your environment you can use it from the command line from any drive/folder. The usage for xport is as follows:
Usage: xport <Host> <Ports Scope> [Options]
<Ports Scope> means:
<Start Port>[-<End Port>][,Port1,Port2-Port3,...]
[Options] means:
-m [mode] : specify scan mode (tcp/syn), default is tcp connect mode
-t [count]: specify threads count, default is 50
-v : display verbose information
Example: xport 127.0.0.1 80 -m syn
xport 127.0.0.1 1-1024 -t 200 -v
This will give you a list of open ports on the target machine.
List of port numbers
As I said before I am not claiming any credit for the compilation of the following list and I connot garuntee that it is 100% complete or accurate. Remember also that these are default ports which the administrator can usually change.
That said I found this list very useful. There's and extract below and I've uploaded the list as a text file for your offline pleasure Enjoy.
If you enjoyed this article then check out these others also by ntsa:
Building your own IDS tripwire.
Credit card security
Dumping SQL data to a text file
Hunting down skript kiddies
Search Engine submission 'exploit'
Forced shutdown of a remote nt/2k server
Securing an installation of IIS 4. (No, seriously)
Remote DSN Connections, using WinAPIs and the registry
Scripting Internet Connections Under Window$
\"I may not agree with what you say, but I will defend to the death your right to say it.\"
Sir Winston Churchill.
-
June 29th, 2002, 12:51 PM
#2
*claps his hands*
-
June 29th, 2002, 01:54 PM
#3
ntsa another fine tutorial u never ceese to amaze with u r vast amount of knowledge *me salutes u*
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
-
June 29th, 2002, 02:20 PM
#4
Another very good tutorial ntsa, well done.
``If you enjoyed this article then check out these others also by ntsa:``
<--- Not too sure about that part though...
-
June 29th, 2002, 02:30 PM
#5
Banned
yeah i keep a port list handy in my home directory also
-
June 29th, 2002, 02:47 PM
#6
Junior Member
-
June 30th, 2002, 01:42 AM
#7
Banned
Yeah, you post good stuff. Another good one here, you'll make it to the top of the tut list in no time.
-
July 8th, 2002, 02:00 PM
#8
ntsa,
i own you AO points, i wish am able to issue you.
so, brilliant.
it's me V-I-R-U-S
-
July 8th, 2002, 05:58 PM
#9
good tut, i use sam spade for win32, managed it in telnet too :P
good stuff
Preep
http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|