September 12th, 2003, 05:10 AM
Learning all them darn ports!
Okay guys, I'm still a bit green and need to be pointed in a direction...
I'm eagerly trying to learn security, and I've gotten pretty good with firewalls and other little security toys, but I just have no clue when it comes to ports. Everywhere I go, I read "block this port" and "look at that port" and of course everyone but stupid me is lightyears ahead and knows what all these ports are.
So where do I start with learning about ports? Are there any good places to go to that any of you can recommend? I know this is very fundamental and vital to fully protecting a system, so please...teach me your ways!
With humble thanks,
September 12th, 2003, 05:22 AM
Heres a list of all know port numbers and what they are associated with.
What I would suggest you do, is find the port that you are looking for on that list then go to www.google.com and do a search on what the service that runs on that port does.
Heres another site that migh be helpful.
Actually, thats a pretty good site there. Just click on the port number and it takes to links that explains what that ports used for.
September 12th, 2003, 05:29 AM
80 is http, 25 is mail, 6667 is normally IRC, 8080 often proxy, & blah blah... But its really the programs that use 'em that you need to worry about. As for ports each of them can be used for very little or a large number of things... deppending on which one though. You could however find 6667 and say, hey that looks like one of my users is into IRC... due to the fact that its a common port for services like that, but just by seeing that its open doesn't actually mean thats what is actually going on though... Hell you can do alot of stuff VIA: (some randomly chosen port).
September 12th, 2003, 05:33 AM
If you really want to learn about networking and security I recommend you pick up a good book. Almost every security book goes over in great detail what ports do what and why you should block them/how to protect yourself. You learn the good and the bad.
So where do I start with learning about ports? Are there any good places to go to that any of you can recommend?
Some books that I'd recommend that cover all the basics along with various operating systems are:
Hack attacks revealed . It is a couple of years old, but still has great info.
Hacking exposed . This one is updated a lot more and they have a great "hacking series" Such titles include Hacking 2000 exposed, hacking linux exposed and hacking web apps.
The hacking exposed series even offers a hackers challenge series after you have learned a bit about security to test your skills at forensics. Forensics is a whole other topic... but in security it is very important that you know both. At least you'll get the basics and the money is well worth it. You don't have to spend ages looking for what you want... it is all in front of your face.
September 12th, 2003, 05:36 AM
Just minor correction Specialist, Imsure its an oversight, 21 is not mail,,,
mail is 25 outgoing 110 incoming....21 is asociated with FTP
September 12th, 2003, 05:42 AM
Opps typo... ???
Bleh... whatever... I've had enought cool-aid and booz for one night.
September 12th, 2003, 06:02 AM
Yeh, there are only several *key* ports you're gonna have to know.
Kurt Seifried has compiled a HUGE database of ports (I think 8,547 of them, to be exact), including general firewall rules. Check him out here: http://www.seifried.org/security/ports/
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
September 12th, 2003, 06:30 AM
Heres a simple overview of what ports are all about to help you get started...I recommend you follow up with reading material others have provided.
1) They are only associated with the TCP/IP protocol stack.
2) There are a maximum of 65535 available within TCP/IP stack...
3) Ports are nothing more than a fancy name for TCP/IP applications or process .
4) Ports are always associated with using either TCP or UDP transport protocols. (think of TCP and UDP as "trucks" that carry your applications)
5) Ports 0-1023 are what's referred to as well known ports. This means you cannot write your own application/socket and assign it a number within that range.
Some of the popular ports that you use every day fall within this range. They include:
20/21- FTP which uses TCP
23- Telnet which uses TCP
80-HTTP which uses TCP
53-DNS Which uses UDP
25-SMTP which uses TCP (outgoing mail)
110-POP3 which uses TCP (incoming mail)
69-DHCP which uses UDP
The last thing you need to know is:
If you have a port open or what they refer to as listening, it means you are running that application. For example if you have port 80 open, it means you are a web server and are accepting connections.
Anytime a device is running an application, meaning a port is listening, there will always be some risk/vulnerability to someone finding an exploit to compromising that system..
I hope this helped you a bit...
September 12th, 2003, 11:19 AM
if you have ever herd of STC (Simple Tool Kit) that has quite a good application on it that tell you what ports have what service. Stc 4 is the current version.
i hope this helps
the tallest blade of grass is first to be cut by the lawnmower
September 12th, 2003, 12:47 PM
gunit0072003: Good post. Something to help visualize it is a 15min animation called "warriors of the net". It is pretty good. I think it was made by erricson a while back. It is available for free and in various quality ratings.
It is an animatation that shows what exactly happens when you click on a hyperlink. It takes all the steps that take less than seconds, and streaches them out into about 15min. It helped people in my cisco classes understand exactly what was going on.
Whoever has not seen this animation... I recommend you download it right now. It is quite large. It is about 121mb for the highest quality, 80mb for the other one.
There is a 5mb sample trailer if you want to see if this is really for you or not.
Make sure your right click on a video link and save target, or it'll try to play in a media player.