Ports?

hey, I have looked through quite a few of the tutorials...but there isn't much (that I could find) on ports. Now I could be looking in the wrong places (most likely)...but anyways, Can someone just give me a bit of info on ports, and what they do? That would be a great help...and also, from my understanding, Hackers can enter your system via ports, how do they do this?? and is there a way to stop them? I have Zone alarm running, and also another nifty little program that tells me if anyone is looking at my ports...so yeah, if some peeps can answer this, or point me in the right direction I would be very greatful :)
Thanks.

I'm sure you found some pretty nice google tutorials on the site, hm, anyway ::


Ports are doors into computers. Hosts are computer names.
(ip number or a name that is translated into the ip automatically)
Different programs open different ports, but they always open the same ports so other computers know which port to connect to. You can get a port list listing all the different ports, but a basic one is:
11 :- Sends info on the computer
21 :- FTP (File transfer program)
23 :- Telnet (Login to the computers command line)
25 :- Smtp (Sends mail)
80 :- Http (Web pages)
There are thousands of different programs using different ports. You can get programs called portscanners which check a computer for all ports up to a certain number, looking for ways in. You can portscan a computer looking for ways-in.

( the link to this info is pretty groovy, so im not mentioning the source, but it's not me )


Some extra links:


List of Ports

If you can convert through a language convertor , here's some german for you : Here

Thanks alot! Am I going the right way about stopping people accessing my comp??
one more thing...I am a little confused about how someone can actually access your comp via the ports...I mean its all well and good that these ports open for certain things, or is there a way to manipulate the ports and allow something else in??

Thanks again, I sorta know whats going on now :D

Of course hades, you're going the right way stopping people to access your computer.
I dont think it can be explicitly mentioned here how you enter ports and manipulate what.
Read the first line of post(#2) in this discussion.
That just about tells ya what to do.

Alrighty, thanks a lot :D

I just thought I would mention a few things. First, invader did a good job listing the main ones that a "normal" Internet user would connect to (although I do not know about 11, invader maybe you could explain that one to me). If you want a more thorough list of ports (port numbers can range from 0 to 65535) go to http://www.iana.org/assignments/port-numbers.

Second, you have to remember that even if you use a personal firewall (ZoneAlarm is an excellent choice), your safety is not guaranteed. You should disable any services that you do not want. For Windows 95 - Me, you should only need to worry about File Sharing (I don't know about XP Home). Windows NT - XP Pro come with additional services (sorry, I cannot tell you how to disable them). Make sure your OS is always updated with the latest security patches. Make sure you have (and use) anti-virus software. It would be possible for a trojan writer to program his/her trojan to bypass ZoneAlarm, so you should also run a port scan on yourself every once in a while. Depending on how paranoid you are, you can follow any of the steps I have recommended. You are definitely on the right track with ZoneAlarm though.

Hey, I gotsta question for you guys. Are ports something different than the Hub Linksys system, because I've got a Cable/DSL router for my RR, but also have a 20 Hub/Port Linksys system that takes 20 different devices with external cable extensions and hooks them up on one network. The funny thing is, all this time i've been thinking that there are only 20 ports, my main question is, where are the other 65515 ports that are supposedly in my computer-if the 20 Hub/Port Linksys system is actually part of the entire 'port network.'

Hi Jag. It sounds to me - although I am not sure - that you could be confusing physical ports on your hub with the "doors" to your computer. A hub is merely a device that is used to connect multiple machines on a network among other things. Basically, every time one of the machines on your network needs to communicate with another, it goes to the hub which broadcasts the message out to every physical port to find the destination. For small home networks, they are very efficient; however, as a network gets bigger, a hub becomes less feasible. At this point, switches may need to be introduced as a more "intelligent" device. How so, they actually learn the MAC address of the connected devices, thus reducing the noisy broadcast traffic. As far as the ports of which we are speaking, they are - as already has been mentioned - doors to your computer. However, they are more software than hardware, so don't think of them as physical hardware connections. Look at it like this: think of your computer as an apartment building with many, many apartments (around 65,000 or so). Now, in order to get mail to the proper place, you need two things - the building number, and the apartment number. Consider the building number your machine's IP address and the apartment number your port number. You need both to deliver information to the right application (telnet, smtp/mail, DNS, ...). The first 1024 ports are considered well known and include the ones mentioned. I hope that helped you a bit. I apologize if I am totally off here, but this is how I interpreted your post.

t2k2

TCP/UDP port 11 is for Systat... In the unix world it was originally going to be used for remote process monitoring, the whole idea fell a bit short.

you can find the RFC at http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc0866.html if you truly crave more information...

Excallent, thanks again guys.

and just one other thing...can Hackers connect to my comp via Telnet?? I am guessing the answer is yes...but since I don't know a whole lot about Telnet I thought it is better to ask.

Hades, it depends on what you mean by Telnet. Telnet is both a service, and program that comes with Windows and *nix distributions. As for the service, Windows NT-XP Pro include a Telnet service, and even if you only have Windows 95-XP Home, there is still a possibility that you could be running one. You can check for this by opening a command line and typing "telnet 127.0.0.1 23" (without the quotes of course). This runs the Telnet program, connecting to the IP-address 127.0.0.1 on port 23. 127.0.0.1 is the IP-address that you can use to connect to your own computer, and 23 is designated port for Telnet. If the connection goes through, the Telnet service is running, and unless you specifically want this service to run, disable it. With ZoneAlarm, no one would likely be able to connect to a Telnet service running on your computer, but as I said before, a trojan could set up it's own service on port 23. (Just because a port is usually used for one service, does not restrict another service from using it.)

As for the Telnet program, it can be used to connect to a computer on any port, so if you have configured ZoneAlarm to keep a specific port open, a hacker could use the Telnet program to connect to your computer on that port. For an example, try going to the command prompt again, and typing "telnet google.com 80". 80 is the port for HTTP (or WWW) connections, and I am sure you know what google.com is. Once connected (by the way, for this you want to have local echoing turned on in the preferences for Windows Telnet) type "GET / HTTP/1.1{Enter key}{Enter key}". Do not type {Enter Key}{Enter key}, I mean for you to press the Enter key twice(could someone tell me how I could write that better?); the Enter key is essential. This is a basic HTTP command (maybe I'll write a tutorial on HTTP sometime). The google.com server should send you some HTML code which a browser would translate into a pretty-looking web page (hey! I could write a tutorial on HTML too!). Hopefully, this has enlightened (and not confused ;))both you and JagFire19 a little more about how ports work.

By the way, I am glad that both of you have asked your questions. I takes bravery to ask questions, especially when you are new to something, and I know that your questions and the answers to your questions are useful to a lot of people who are not quite as brave. Oh! Also, thanks THEJRC, for posting your info on port 11. I will have to read that RFC.

Hey, thanks alot!!! That has really helped me!!! I just have one more query...I am running xp, and when I run talnet, after it connects or soemthing the program just closes itself! Whats going on there?? or am I doing something wrong.
Once again, thanks!

Not sure. They might have changed the way the Telnet program works since Me. If I try to connect to a server with Telnet, and I cannot get a connection, an error message pops up, but Telnet keeps running. Similarly, if the server closes the connection (because of timing-out or whatever), a different error pops up, but Telnet does not close. Oh, and I forgot on the last post, you have to press Enter twice. Sorry about that.

Yes! Thank you T2K2...It wasn't clear until you explained it. I now understand that a HUB just connects a network of computers and that ports are not the physical devices on the back of it.

Hades: How are you going about running the telnet client? Do you just go to a Run prompt and type telnet xx.xx.xx.xx or are you going to a Run prompt and typing cmd to get a command prompt, then typing telnet xx.xx.xx.xx? Just curious since this happens when you try to run certain progs from the run prompt instead of in the command terminal window.

Jagfire: I'm glad I could help. ;)

Now that you know all about the ports, here is a list of common ports and their most likley services : http://www.hackerwhacker.com/portslist.html

I go to run>Telnet then type: o <server (eg: www.hotmail.com)> <Port # eg 23)

I also tried the way susgested to me: run> telnet google.com 80

I think it's because the server's you're trying to connect to are not listening for a telnet connection, or you cannot use telnet to connect to the specific ports you are trying to connect to. For example, I used your first method to connect to my company's smtp server to try and send an email via telnet (which you can do, but I have not really put any time into it). The syntax was: start, run, telnet, o, smtp.xxxxx.com 25 (since smtp server's listen on port 25 by default for smtp service. If I were to just do smtp.xxxxx.com, it would try to connect that server on the default telnet port - port 23. However, what if the telnet daemon/server was not running? That would mean that the connection would timeout/fail. I tried a server that I knew was not running the telnet service, and I got the problem you described. Maybe you are trying to connect to something that will not accept a telnet client connection. I hope this helps you at least a little.


t2k2

Yes that makes sense! Well maybe thats my problem...I'll have a look for a server I know works and I shall try it. Thanks alot :)

Here is one place for you to telnet to on port 23: tcfreenet.org . It only lets you use a limited version of Lynx as a guest, but I do not know what it would let you do as a registered user.

What program you using to find out if some ones viewing ur ports?
Please could you tell me. Thankyou

Plus some Information for you:
------------------------------------------------------------------------------------------------------------------------
In news group alt.hacking, you wrote...
>
> the main thing i want to learn is to get into some ones pc just by
> knowing their IP. So all this is just to ask I'm ready to start learing
> hacking were do i go.................

Port 139. NetBIOS Session (TCP), Windows File and Printer Sharing
This is the single most dangerous port on the Internet. All "File and
Printer Sharing" on a Windows machine runs over this port. About 10% of
all users on the Internet leave their hard disks exposed on this port.
This is the first port hackers want to connect to, and the port that
firewalls block.
http://www.iss.net/security_center/a...39/default.htm

Very simple. Search the net for info on how to exploit this port. It's
out there. Commands can be given in an msdos window. Good luck finding a
machine with filesharing turned on.

A tool to help you:
http://www.webattack.com/get/superscan.shtml

-Neb.
------------------------------------------------------------------------------------------------------------------------

I am running Zone alarm pro 3.5 and a program called Genius 3.1
I'm downloading that program u susgested, thanks a lot :) I read the blerb (sp) and it sounds really good!
Is it what hackers use to connect to peoples computers? 'cause then I will find more about it and see what I can do to prevent it happening to me.
Thanks again!

What really gets me mad is that there are these sites set up that talk about port scanners and they say stuff like "Port scanners are the number one tool in the script kiddies arsenal" , I mean these ignorant people never heard of testing out your own systems security and seeing if your system is vulnerable !? wtf , they need to stop stereo-typing.

Well, I don't know whether I would call it stereotyping. It's just that it's a double-edged sword. On the one hand, you can discover vulnerabilities before attackers have the chance to get to them. And on the other, the attacker could easily discover that you have something crazy like anonymous FTP running on an internet-exposed machine or something else that could open you up to becoming a zombie for the attacker. I think they are probably right in saying that it is the attackers #1 tool. Of course, it all depends on how they come across. They could have said that all people that use port scanners are attackers, and maybe that's why the statement is rubbing you the wrong way. From that aspect, I can understand why you would be a little upset. You know they say that ignorance is a curse, or at least my High School Algebra teacher used to say that all the time.


Cheers,

t2k2

Well, first about ports: as have been stated before, there´s a comprehensive list o well-known ports and protocols related to them on IANA (Internet Assigned Numbers Authority).
But it doesn´t mean a program can´t listen on another port, which would be useful to be able to work through some firewalls. A Trojan may use a ftp port, for instance. (21). If you have access to a *nix like so, you may know the inetd. It controls a lot of servers, and reading the lines of inetd.conf (its configuration file) you may where are the programs running on each port (or that may run, since most are commented). Having a look at the line about systat, you may notice this command line : ps auxx . Try this on you machine and you will know how systat works. At least one implementation..
Ah, a nice substitute for telnet as a general "connect-on-everything" is netcat. I think it is way better than any telnet client for several situations. Well, one problem is that it doesn't filter ansi color code, so its awful for playing MUD.. ;) . But its features are pretty nice :) .
And you may want to know about ssh, and use it instead of telnet when you want access to another computer, since it offers you encryption of data. Passwords are easily captured in a telnet session, for they travel in plain text. hmm and emails are usually sent "naked" .. another thing to worry? Probably.