Learning all them darn ports!

A good place to find out what trojans run on certain ports so that you can see whether theres a possible secuirty breach is over at blackcode,

http://www.blackcode.com

damn I hate that place,

i2c

GRC has a service called 'Shields up!' that can probe all of your ports (I think it's limited to about 1000 ports each time, but use is unlimited and free). If any of your ports appear open, you can click on the link and it gives you a description of the software which commonly uses that port, as well as information as to why/why not you should be running it.

It's not necessarily the most technical resource, but if you're new to security it's a good place to start learning.

Heres what I reccomend. If you *REALLY* are interested in security. Setup a *nix box and have a look at the /etc/services file. That will get you fresh on the first 1024 out of 65535. :)

I wouldn't bother learning the ports in earnest. I'd go over the most common ones such as ftp, http, etc....and just keep a link handy to the iana port lists. There is enough other information to learn and keep your brain busy.

If you really want to learn security, you should get very familiar with TCP/IP.
You should understand what the 3 way handshake is, SYN, FIN, RST, ACK, ephermal ports, etc...

I would recommend learning what a port is and how they are used before trying to learn which port corresponds to a particular service.

You don't have to go too crazy.... There are some great resources on the Web that give good tutorials on TCP and IP... Here are a few for example:

http://www.pcsupportadvisor.com/TCP_...rial_page1.htm
http://www4.ulpgc.es/tutoriales/tcpip/pru/3376fm.htm
http://fringe.davesource.com/Fringe/...guages/TCP-IP/
http://www.pcnetworkadvisor.com/nasample/c04100-2.pdf


Good Luck !

I have to agree with phish on the book thing. I too am new to the whole networck security thing and got myself a copy of hacking exposed it is an excellent book for people on either side of the fence. They tell you indepth the hacks that are commonly used to get into various servers and computer types and counter measueres to avoid people from using it on you. however I must say that at some points it is rather annoying for them to say the same thing over and over again.

its all about the sevices, not the ports. learn how their used, how to use them, how to abuse them, how to make them work for you. port numbers can be changed. a list of port numbers only lists there default settings. but if you learn the services well you you cant help but remember the ports. like a phone number you call allot. its not about remembering the phone number, that just happens.

1> A port is not an application, it is a socket. It is a way to access an application. Just because an application has a port/socket, that is not the entire application.

2> As J said, don't worry about knowing all the ports. It doesn't matter. Get a copy of the IANA list. Then, if you are doing a scan and see a port open, find out what it is from the list.

3> The ports on the IANA list are INCOMMING ports. When you connect to an http server you connect to port 80, but your computer is not using port 80, it uses a randomly generated high range port number. The port on the list is just the listening port.

4> Shields up sucks. Gibson writes like he thinks he is a god. What he says is normally true, but not the complete truth. Shields up doesn't even scan UDP ports, so there is obviously something wrong with his program. Go download nmap or have a friend download it and run a scan on you. It will give you a lot better results without all the fluff of a crap site.

nmap is a great tool, easy to pick up and you can get it for windows and *nix. It does a mix of scans including tcp, udp, xmas, fin, syn, null, etc. It can read the ip's from a list file, do os recognition, do a ping sweep, and give you a guess on how hard it will be to guess the tcp sequence #'s.

It's also really easy to learn...