JC Software Solutions - Ports List
Port Name Protocol Safe?          Description
         
1 tcpmux TCP N Connection-oriented portmapper-like
        service, can start applications, 
        cannot reject selected hosts
7 echo TCP/UDP N Echo server, returns what is sent
9 discard TCP/UDP Y A sink, like /dev/null
11 systat TCP N May be connected to systat, w, or ps
13 daytime TCP/UDP Y Sends time-of-day (date)
15 netstat TCP N Similar to systat
19 chargen TCP/UDP N Random character generator
20 ftpdata TCP N Data connection from FTP server
21 ftp TCP N Control connection from FTP client (use SSH)
23 telnet TCP N Server port for Telnet (use SSH)
25 smtp TCP - Server port for SMTP (sendmail)
37 time TCP/UDP Y Time of day in machine readable form
42 wins TCP/UDP N WINS server often found here (not 1512) 
43 whois TCP N whois server (rs.internic.net)
49 tacacs TCP N TACACS authentication service
         
Port Name Protocol Safe?          Description
         
53 domain TCP/UDP - Domain Name Service, permit only to
        servers, TCP only for zone transfers;
        use up-to-date name servers!!!
67 bootp UDP N Useful for probing networks (NIS name)
69 tftp UDP N Unauthenticated file transfer
70 gopher TCP - Safer if controlled using proxy servers
79 finger TCP N Useful for collecting user names and 
        password cracking information
80 http TCP - WWW, safer if controlled using proxy 
        servers
87 link TCP N Like talk, rare, good trap port
88 kerberos UDP - Used for Kerberos authentication, 
        required if external use of Kerberos,
        block otherwise (also 749-751)
95 supdup TCP N Port probed by hackers, good trap port
109 pop-2 TCP - Used for collecting e-mail from an
        external server, block if unused
110 pop-3 TCP - Like pop-2
         
Port Name Protocol Safe?          Description
         
111 sunrpc TCP/UDP N The portmapper, block it
113 auth TCP ? Identification, RFC 931 and 1413
119 nntp TCP Y Safest if permitted only between 
        server and newsfeed
123 ntp UDP - Network Time Protocol (update your server!)
135 loc-srv TCP/UDP N NT's RPC service (like portmapper)
137 nbname TCP/UDP N NetBEUI over TCP/IP name service
138 nbdgram UDP N NetBEUI over TCP/IP (NB datagram)
139 nbsess TCP N NetBEUI over TCP/IP (NB session)
143 imap TCP - Used for collecting e-mail (pop)
144 NeWs TCP N NeWs windowing system, dangerous
161 snmp UDP N Useful for probing, reconfiguring 
        network devices; dangerous
162 snmptrap UDP ? Block, unless you receive SNMP traps 
        from outside your border
177 xdmcp UDP N Used by X Display Manager for logins
179 bgp TCP Y Border Gateway Protocol
         
Port Name Protocol Safe?          Description
         
389 ad TCP N Win2K Active Directory, only internal use
443 ssl TCP - Used by SSL for https (secure Web transfer)
445 MS-ds TCP/UDP N Microsoft data service, Win2k and later
512 exec TCP N Used by rexec(), no logging, unsafe
513 login TCP N Used by rlogin, trust makes it unsafe
514 shell TCP N Used by rsh, interactive shell without 
        any logging (also rcp)
515 printer TCP N Used by lpr, but not through firewall
512 biff UDP N Mail notifier, buggy
513 who UDP N Remote who, good trap port
514 syslog UDP N Denial of service attack on your logging 
        system
517 talk UDP N Sets up TCP connection in random port
518 ntalk UDP N Like talk
520 route UDP N Used by routed, don't accept from 
        outside
540 uucp TCP N Historically unsafe, mostly obsolete
543 klogind TCP N Kerberos Login port, May 2000 buffer overflow
        target
993 i-ssl TCP Y IMAP over SSL
         
Port Name Protocol Safe?          Description
         
1025 listen TCP N System V R3 listener, used by UUCP
1028 unknown TCP N NT inetinfo
1433 ms-sql TCP N MSDE and SQL Server, w/o patches System login
1723 PPTPC TCP ? Control channel (DoS)
1725 PPTP TCP ? Microsoft's tunneling protocol (type 47)
2000+ openwin TCP N Like X11, block range of ports
4000 ICQ UDP N Control port, requires a range of TCP ports,
        but can also use SOCKS 4 or 5
2049 nfs TCP/UDP N Default NFS port; very dangerous
2401 cvs TCP ? Versioning server used with open source
2766 listen TCP N System V R3, like tcpmux, but worse
4144 CIM TCP ? Compuserve Information Manager
5190 AOL TCP ? America On Line via TCP
5556 rwd TCP N HP's remote watch daemon
6000+ x11 TCP N X11, block range of ports
6667 IRC TCP N Internet Relay Chat, trapdoor client 
        distributed, CB radio of Internet
7000 xfont TCP N X Window font server
8002 rcgi TCP N PERL.NLM on Novell 4.1 Webserver 
        (execute any Perl script on server)
12345 n/a      TCP     N Used by NetBus v1 (also 12346)
20123 n/a      TCP      N Used by NetBus v2 (also 20124)
27374 n/a TCP N

Used by SubSeven v2 trojan
31337 n/a TCP N Used by Back Orifice and some
        other hacker backdoors like socdmini (ElEET)

close this window