Results 1 to 9 of 9

Thread: What port is that?

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    324

    Question What port is that?

    Outline

    This is a quick, mini-tutorial based around a port list I found. I was trying to figure out some more about a port I found I had open on one of my boxes and was searching for information on what it might be (either malevolent or benign). I came across this list, which, if not exclusive (and I don't really see how any such list could be), certainly seemed to be as good a reference as I could find.

    I wanted to post this up, but after staring for half an hour at the forum list the only place it seemed to fit was under tutorials. But to post it there it had to have at least some origional content and be of at least some value to someone.

    So I have written a small preface to the list covering some basic topics on ports, services and protocols and the method of scanning a computer for open ports under Win32. If you are comfortable in doing this anyway (and let's face it - if you don't use Win32 you probably will be) I won't be at all offended if you skip the preface entirely and scroll straight to the list.

    Introduction

    The Internet can be imagined as a really big pipe. Inside this pipe there are thousands of garden hose size pipes, each one with a number, called ports. There are a vast number of Client-Server programs that run on the Internet. These programs are called services (in a Win32 environment) or Daemons (in a *nix environment) and many of these services have been assigned a default garden hose, or port, number.

    For example port 80 is the standard web service port. You can run a web server on any port you want of course, but 80 is the default port that web-browser sortware will look on. (I appreciate that this is a simplification, Souleman , but in the context or the readership this is aimed at that's as deep as I want to go.

    Each of these services, or daemons, have a specific language, or protocol, that allows clients of the server to make requests for information etc

    In the example of our webserver on port 80 the language spoken is that of Hyper Text Transfer Protocol, and therefore our requests to the server are prefaced by http://. This tells the server that we wish to communicate using the http protocol.

    An example of such a conversation with the AntiOnline webserver is as follows:

    HEAD / HTTP/1.1<crlf>
    HOST:www.antionline.com<crlf>
    <crlf>
    This first specifies that the communication will be held using version 1.1 of the HTTP protocol and asks the web server to return the header information for the default document (specified by / but this could also have been in the format /fileIwant.html)

    Next I tell the web server that the host (or website) that I want the information from is www.antionline.com. This is important because under the HTTP/1.1 convention a computer may host multiple sites and you need to select which one will process your query.

    Finally the last line is blank - just a carrige return / line feed (the [Enter] key) which tells the server I have finished my request.

    The server will return the following header information as requested:

    HTTP/1.1 302 Found
    Date: Sat, 29 Jun 2002 11:07:22 GMT
    Content-Type: text/html
    Connection: close
    Server: Apache/1.3.26
    P3P: policyref="http://www.antionline.com/w3c/p3p.xml"
    Set-Cookie: sessionhash=2028cexxxxxxxxxxxd456939ebd8f1f1; path=/; domain=.antionline.com
    Set-Cookie: bblastvisit=1025348921; expires=Sun, 29-Jun-03 11:08:41 GMT; path=/;
    domain=.antionline.com
    Location: http://www.antionline.com/index.php
    Via: 1.1 webcacheB11 (NetCache NetApp/5.2.1R1D9)
    These protocols are defined by what are called 'Requests for comments' or RFCs. The current full list of RFCs is availible from www.w3.org .

    Now we have covered the basics of ports and what they do let's have a look at how we find out what ports are open on a computer. This is one of the first steps you should take in securing a computer. Using the list below we can figure out what each open port is likley to be for and whether we wish to let it remain so.

    To do this under a Win32 O/S I use the command line application xport, which can be downloaded from my public FTP here . I like xport because it allows you to scan only 1 IP at a time for ranges of open ports. To do it the other way - ie to scan a range of IPs for a subset of ports - is, to my mind at least, tantamount to cracking, unless you own all of the IPs in the range. xport is also the simplest w32 port scanner I've come accross.

    Xport Usage

    To use xport from the command line you should add the path to the executable to your environment variables. To do this you must:
    1...Type PATH at a command prompt
    2...Copy (Mouse select and [Enter] from command prompt) the list of path in the environement (note each path is deliminated by the ; character)
    3...Type PATH again but this time paste the existing environment paths after the PATH command
    4...Add a new path by appending ;<pathtoexe> where <pathtoexe> will be something like c:\xport
    5...Hit [Enter] to save the new environment paths.

    Once you have Xport in your environment you can use it from the command line from any drive/folder. The usage for xport is as follows:

    Usage: xport <Host> <Ports Scope> [Options]
    <Ports Scope> means:
    <Start Port>[-<End Port>][,Port1,Port2-Port3,...]
    [Options] means:
    -m [mode] : specify scan mode (tcp/syn), default is tcp connect mode
    -t [count]: specify threads count, default is 50
    -v : display verbose information

    Example: xport 127.0.0.1 80 -m syn
    xport 127.0.0.1 1-1024 -t 200 -v
    This will give you a list of open ports on the target machine.

    List of port numbers

    As I said before I am not claiming any credit for the compilation of the following list and I connot garuntee that it is 100% complete or accurate. Remember also that these are default ports which the administrator can usually change.

    That said I found this list very useful. There's and extract below and I've uploaded the list as a text file for your offline pleasure Enjoy.

    port 0|- Reserved
    port 1|tcpmux - TCP Port Service Multiplexer
    ...$h1tloads of ports...
    port 65000|devil - Devil TROJAN

    from: http://www.efnet.org/software/bots/p...eSQL/ports.txt
    If you enjoyed this article then check out these others also by ntsa:
    Building your own IDS tripwire.
    Credit card security
    Dumping SQL data to a text file
    Hunting down skript kiddies
    Search Engine submission 'exploit'
    Forced shutdown of a remote nt/2k server
    Securing an installation of IIS 4. (No, seriously)
    Remote DSN Connections, using WinAPIs and the registry
    Scripting Internet Connections Under Window$
    \"I may not agree with what you say, but I will defend to the death your right to say it.\"
    Sir Winston Churchill.

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    *claps his hands*

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    ntsa another fine tutorial u never ceese to amaze with u r vast amount of knowledge *me salutes u*
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    734
    Another very good tutorial ntsa, well done.

    ``If you enjoyed this article then check out these others also by ntsa:``
    <--- Not too sure about that part though...

  5. #5
    Banned
    Join Date
    Oct 2001
    Posts
    263
    yeah i keep a port list handy in my home directory also

  6. #6
    Junior Member
    Join Date
    Sep 2001
    Posts
    15
    hmmm... worth.

  7. #7
    Yeah, you post good stuff. Another good one here, you'll make it to the top of the tut list in no time.

  8. #8
    ntsa,
    i own you AO points, i wish am able to issue you.
    so, brilliant.

    it's me V-I-R-U-S

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    good tut, i use sam spade for win32, managed it in telnet too :P

    good stuff

    Preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •