2. Port: 2 1
Service: FTP
Description: FTP server opens ports for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports.
3. Port: 22
Service: Ssh
Description: The connection between TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes.
4. Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port.
5. Port: 25
Service: SMTP
Description: The port opened by SMTP server is used to send mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port.
6. Port: 53
Service: Domain Name Server (DNS)
Description: For the port opened by DNS server, intruders may try to pass TCP, cheat DNS(UDP) or hide other communication. Therefore, firewalls usually filter or record this port.
7. Port: 80
Service: HTTP
Description: used for web browsing. The Trojan Executor opened the port.
8. Port: 102
Service: Message Transfer Agent (MTA)-x.400 over TCP/IP.
Description: Message Transfer Agent.
9. Port: 1 10
Service: pop3
Description: The POP3 (post office protocol 3) server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
10, port: 137, 138, 139.
Service: NETBIOS name service
Note: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.
1 1, port: 143
Service: Temporary Mail Access Protocol v2.
Description: Like the security problem of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: LINUX worms (admv0rm) will spread through this port, so many scans of this port come from uninformed infected users. These vulnerabilities became popular when REDHAT allowed IMAP by default in its LINUX distribution. This port is also used for IMAP2, but it is not popular.
12, port: 16 1
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfigurations will be exposed online. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packets may be incorrectly pointed to the user's network.
13, port: 389
Services: LDAP, ILS
Description: Lightweight Directory Access Protocol and NetMeeting Internet Locator server * * * use this port.
14, port: 443
Service: Https
Description: Web browsing port, another HTTP that can provide encryption and transmission through a secure port.
15, port: 993
Service: IMAP
Description: SSL (Secure Sockets Layer)
16, port: 1433.
Service: SQL
Description: Microsoft SQL service open port.
17, port: 1503.
Service: NetMeeting T. 120
Description: network conference T. 120
18, port: 1720.
Service: NetMeeting
Description: NetMeeting H.233 call setup.