Port: 0
Service: reserved
Description: Usually used to analyze the operating system. This method is feasible because "0" is an invalid terminal in some systems.
Port, when you try to connect it to a port that is usually closed, it will produce different results. Typical scanning, using
The IP address is 0.0.0.0, and the ACK bit is set and broadcast at the Ethernet layer.
Port: 1
Service: tcpmux
Explanation: Does this mean that someone is looking for SGI? Irix machine Irix is the main provider to realize tcpmux. By default,
Tcpmux is turned on in this system. The Irix machine contains several default password-free accounts when it is published, such as:
IP, guests? UUCP, NUUCP, Demos? , tutor, DIAG, unpacking, etc. Many administrators forget it after installation.
Remember to delete these accounts. So hackers searched for tcpmux online and used these accounts.
Port: 7
Service: echo
Description: When searching for Fraggle amplifier, you can see many messages sent by people to X.X.X.0 and X.X.X.255.
Port: 19
Service: character? generator
Description: This is a service that only sends characters. The UDP version will respond to the version containing junk characters after receiving the UDP packet.
Bag. When TCP connects, it sends a data stream containing junk characters until the connection is closed. Hackers can use IP spoofing to send.
DoS attack. Forge UDP packets between two chargen servers. The same, Flagell? DoS attack on target address
This port broadcasts a packet with a forged victim IP, and the victim is overloaded in response to these data.
Port: 2 1
Service: FTP
Description: FTP server opens ports for uploading and downloading. The most common attacker is used to find out.
Anonymous FTP server method. These servers have read-write directories. Troy Dolly? Troy,
Fore, invisible? FTP, WebEx, WinCrash and Blade? The runner opened the harbor.
Port: 22
Service: Ssh
Description: The connection between TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses.
Point, if configured in a specific mode, many versions that use the RSAREF library will have many loopholes.
Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, this port is scanned for
In order to find the operating system that the machine is running. And using other technologies, intruders will also find the password. Muma Tiny
Telnet? The server will open this port.
Port: 25
Service: SMTP
Description: The port opened by SMTP server is used to send mail. The intruder is looking for an SMTP server to send him.
Our junk mail. The intruder's account is closed, and they need to connect to a high-bandwidth email server, which will be simple.
Information is sent to different addresses. Trojan horse antigen, email? Password? Sender, Haebu? Coceda,
What Tritz? Stealth, WinPC, WinSpy all open this port.
Port: 3 1
Service: msg? certificate
Caption: Trojan horse owner? Heaven, hackers? Heaven opened the port.
Port: 42
Service: win? Separation
Description: WINS replication
Port: 53
Service: domain name? Name? Server (DNS)
Description: For the port opened by DNS server, intruders may try to execute TCP to cheat DNS.
(UDP) or hide other communications. Therefore, firewalls usually filter or record this port.
Port: 67
Service: Bootstrap? Agreement? Computer network server
Description: Through DSL and cable? The firewall of modem often sees a large number of messages sent to the broadcast address 255.255.255.255.
Data. These machines are requesting addresses from the DHCP server. Hackers often enter them and assign them an address.
As a local router, I launched a lot of man-in-the-middle attacks. The client broadcasts to port 68.
Request configuration, and the server broadcasts a response request to port 67. This response uses broadcast because the client does not know that it can
Send an IP address.
Port: 69
Service: cumbersome? Documents? transfer
Description: Many servers provide this service together with bootp, so it is convenient to download the startup code from the system. But they often
Usually due to configuration errors, intruders can steal anything from the system. Documents. They can also be used for system writing files.
Port: 79
Service: finger? Computer network server
Description: Intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and download information from.
Finger scanning from your own machine to other machines.
Port: 80
Service: HTTP
Description: used for web browsing. The Trojan Executor opened the port.
Port: 99
Service: Metagrammar? relay
Description: Backdoor program ncx99 opens this port.
Port: 102
Service: leave a message? Transfer? Special agent (MTA)-X.400? Is it over? transmission control protocol (TCP)
Description: Message Transfer Agent.
Port: 109
Service: post? Office? Agreement? -Version 3
Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3
Services have many recognized weaknesses. About user name and password? There are at least 20 weaknesses in changing buffer overflow, which means
This means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 1 10
Service: all ports of SUN's RPC service.
Description: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 1 13
Service: certification? service
Description: This is a protocol that runs on many computers and is used to identify users of TCP connections. Use the standard one.
Services can get information about many computers. But it can be used as a recorder for many services, especially FTP, POP,
IMAP, SMTP and IRC services. Usually, if many customers access these services through firewalls, they will see Xu.
More connection requests for this port. Remember, if you block this port, the client will feel it is on the other side of the firewall.
The connection to the e-mail server is slow. Many firewalls support sending back RST during blocking of TCP connections. This will stop.
Slow connection.
Port: 1 19
Service: network? News? Transfer? draft
Description: news newsgroup transport protocol, which carries USENET communication. The connection of this port is usually what people are looking for.
USENET server. Most ISPs only allow their customers to access their newsgroup servers. Open a new one
The newsgroup server will allow posting/reading anyone's posts, accessing restricted newsgroup servers, posting or sending anonymously.
Spam mail.
Port: 135
Service: location? service
Description: Does Microsoft run DCE on this port? RPC? End point? Mapper serves its DCOM. This is related to
UNIX? The function of11port is very similar. Services that use DCOM and RPC take advantage of endpoints on computers? mapper
Record their location. When remote clients connect to computers, they look for endpoints. The mapper found a part of the service.
Settings. Hackers scan this port of a computer to find Exchange running on this computer? Server?
What version? There are also some DOS attacks on this port.
Ports: 137, 138, 139
Service: NETBIOS? Name? service
Note: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139:
Connections coming in through this port attempt to obtain NetBIOS/SMB services. This protocol is used for windows files and typing.
Printers like samba. Did you win? Regisrtation also uses it.
Port: 143
Service: Inter Milan? Mail? Visit? Agreement? v2
Description: Like the security problem of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: a kind of
LINUX worms (admv0rm) will multiply through this port, so many scans of this port are from unsuspecting users.
Infected users. These vulnerabilities changed when REDHAT allowed IMAP by default in its LINUX distribution.
Very popular. This port is also used for IMAP2, but it is not popular.
Port: 16 1
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP.
Get this information. Many administrators' misconfigurations will be exposed online. Cackers will try to use the default value.
Public and private password access systems. They will try all possible combinations. The SNMP packet may be wrong.
Wrong point to the user's network.
Port: 177
Service: x? Show? Manager? Control? draft
Description: Many intruders access the X-windows console through it, and it needs to open 6000 ports at the same time.
Port: 389
Services: LDAP, ILS
Description: Lightweight Directory Access Protocol and NetMeeting? Internet? Locator? The server * * * uses this port.
Port: 443
Service: Https
Description: Web browsing port, another HTTP that can provide encryption and transmission through a secure port.
Port: 456
Service: [empty]
Caption: Trojan hacker? Heaven opened the port.
Port: 5 13
Service: login, remote? log in
Description: From using cables? A broadcast from a UNIX computer in which a modem or DSL logs on to a subnet. These people are artificial.
Intruders enter their systems and provide information.
Port: 544
Service: [empty]
Description: kerberos? Keshel
Port: 548
Service: Macintosh, file? Service (AFP/IP)
Description: Macintosh, file service.
Port: 553
Service: CORBA? IIOP? (UDP)
Description: Use cable? The modem, DSL or VLAN will see the broadcast on this port. CORBA is object-oriented.
RPC system is based on. Intruders can use this information to enter the system.
Port: 555
Service: DSF
Description: Trojan PhAse 1.0, stealth? Spy, killer, open this port.
Port: 568
Service: member? Deutsche Presse Agentur
Description: Membership? DPA .
Port: 569
Service: member? Microsoft network
Description: Membership? MSN .
Port: 635
Service: install d
Description: mountd for Linux? Bug. This is a common error in scanning. Most scans for this port are based on
UDP, but mountd based on TCP is increased (mountd runs on two ports at the same time). Remember, Monte can
Running on any port (which port is it, you need to make a portmap query at port11) is just the default of Linux.
The port is 635, just as NFS usually runs on port 2049.
Port: 636
Service: LDAP
Description: SSL (secure? Socket? Layer)
Port: 666
W: Doom? Id? software
Caption: Trojan attack? FTP、Satanz? The back door opens this port.
Port: 993
Service: IMAP
Description: SSL (secure? Socket? Layer)
Port: 100 1,101/
Service: [empty]
Description: Trojan silencer and WebEx open port 100 1. Troy Dolly? Trojan open port 10 1 1.
Port: 1024
Service: reserved
Description: It is the beginning of a dynamic port. Many programs don't care which port to use to connect to the network. They requested the system
They allocate the next free port. Based on this, the allocation starts from port 1024. That is, it is sent to the system first.
The request will be assigned to port 1024. You can restart the machine, open Telnet, and then open a window to run.
natstat? -a? You will see that Telnet is assigned the port 1024. And SQL? Sessions also use this port and port 5000.
Mouth.
Port: 1025, 1033
Service: 1025: network? Blackjack? 1033:[ empty]
Description: Trojan netspy opens these two ports.
Port: 1080
Service: socks
Description: The protocol tunnels through the firewall, allowing people behind the firewall to access through an IP address.
Internet. Theoretically, it should only allow internal communication to reach the Internet. But due to the wrong configuration,
It will allow attacks outside the firewall to pass through the firewall. This kind of mistake often happens in wingate. Talk to me after joining IRC.
Heaven often sees this situation.
Port: 1 170
Service: [empty]
Caption: Trojan streaming media? Audio? Troy, a shrink? Stream? Server, voice, open this port.
Ports: 1234,1243,6711,6776.
Service: [empty]
Description: Trojan version 2.0? Open ports of Troy 1234 and 6776. Trojan subeven1.01.9
Open ports 1243, 67 1 1 and 6776.
Port: 1245
Service: [empty]
Caption: Troy Waldo opened this port.
Port: 1433
Service: SQL
Description: Microsoft SQL service open port.
Port: 1492
Service: stone-design-1
Description: Trojan FTP99CMP opens this port.
Port: 1500
Service: RPC? Clients? Fixed it? Port? Conversation? question
Description: RPC client fixed port session query
Port: 1503
Service: NetMeeting? T. 120
Description: NetMeeting? T. 120
Port: 1524
Service: entrance
Description: Many attack scripts will install a backdoor shell on this port, especially for Sendmail in SUN system.
And RPC service vulnerabilities. If you find someone trying to connect to this port after installing a firewall, it is very likely.
That's the reason. You can try Telnet to this port on the user's computer and see if it will give you one.
Shells. Connecting to 600/pcserver also has this problem. ?
Port: 1600
Service: issd
Caption: Troy Shivka-burka opens this port.
Port: 1720
Service: NetMeeting
Description: NetMeeting? H.233? Call? Settings.
Port: 173 1
Service: NetMeeting? Audio? Call? control
Description: NetMeeting audio call control.
Port: 1807
Service: [empty]
Caption: Troy Spisend opens this port.
Port: 198 1
Service: [empty]
Caption: Trojan shock opened this port.
Port: 1999
Service: Cisco? Identification? port
Description: Trojan back door opens this port.
Port: 2000
Service: [empty]
Caption: Troy's girlfriend? 1.3, Millennium? 1.0 Open this port.
Port: 200 1
Service: [empty]
Caption: Trojan Millennium? 1.0, Troy? Open this port.
Port: 2023
Service: xinuexpansion? four
Caption: Trojan Pass? Ripper opens this port.
Port: 2049
Service: NFS
Description: NFS programs often run on this port. You usually need to access the port mapper to find out which service the service is running on.
Port.
Port: 2 1 15
Service: [empty]
Description: Trojan bugs open this port.
Ports: 2 140, 3 150
Service: [empty]
Caption: Troy is deep? Throat? 1.0/3.0 Open this port.
Port: 2500
Service: RPC? Clients? Use? Answer? Fixed it? Port? Conversation? copy
Description: RPC client applying fixed port session replication.
Port: 2583
Service: [empty]
Caption: Troy Winchester? 2.0 Open this port.
Port: 280 1
Service: [empty]
Caption: Troy Mafinehas? Puke opened the port.
Ports: 3024, 4092
Service: [empty]
Caption: Troy Winchester opens this port.
Port: 3 128
Service: squid
Caption: Is this a squid? Default port of HTTP proxy server. An attacker scans the port to search for a proxy.
Manage the server and access the Internet anonymously. You will also see ports 8000, 800 1,
8080、8888。 Another reason for scanning this port is that the user is entering a chat room. Other users will also check this.
Port to determine whether the user's computer supports the proxy.
General port comparison details 2
Port: 3 129
Service: [empty]
Caption: Trojan horse owner? Heaven opened the port.
Port: 3 150
Service: [empty]
Caption: Trojan horse? Invasor opens this port.
Ports: 32 10/0,4321
Service: [empty]
Description: Trojan school bus opens this port.
Port: 3333
Service: detailed description
Caption: Troy Maprothiak opened this port.
Port: 3389
Service: HyperTerminal
Description: WINDOWS? 2000 terminal opens this port.
Port: 3700
Service: [empty]
Description: Trojan Portal? Yes? Bad luck opened the port.
Ports: 3996, 4060
Service: [empty]
Description: Trojan remote anything opens this port.
Port: 4000
Service: QQ client
Description: Tencent QQ client opens this port.
Port: 4092
Service: [empty]
Caption: Troy Winchester opens this port.
Port: 4590
Service: [empty]
Caption: Trojan ICQTrojan opened this port.
Ports: 5000,5001,532 1, 50505.
Service: [empty]
Description: Trojan blazer5 opens 5000 ports. Trojan horse, socket? De? Troie opens 5000,5001,532 1,
Port 50505.
Port: 5400,5401,5402
Service: [empty]
Description: Trojan blade? The runner opens this port.
Port: 5550
Service: [empty]
Description: Trojan xtcp opens this port.
Port: 5569
Service: [empty]
Caption: Trojan robot hackers open this port.
Port: 5632
Service: pcAnywere
Note: Sometimes you will see many scans of this port, depending on the user's location. When the user opens it,
PcAnywere, it will automatically scan the local area network class C network to find possible agents (agents here refer to agents).
Not an agent). Intruders will also look for computers that turn on this service. So you should check the source of this scan.
Address. Some scan packets searching for pcAnywere usually contain UDP packets on port 22.
Port: 5742
Service: [empty]
Description: Trojan WinCrash 1.03 Open this port.
Port: 6267
Service: [empty]
Description: Trojans open this port to girls in Guangwai.
Port: 6400
Service: [empty]
Caption: Trojan horse? Open this port.
Port: 6670,6671
Service: [empty]
Caption: Troy is deep? Throat opens port 6670. And deep? Throat? 3.0 Open 667 1 port.
Port: 6883
Service: [empty]
Caption: The Trojan Delta opened this port.
Port: 6969
Service: [empty]
Description: Trojan uninvited guests and give priority to opening this port.
Port: 6970
Service: real-time audio
Description: RealAudio client will receive audio data stream from UDP port of server 6970-7 170. This is made up of
The outgoing control connection of TCP-7070 port has been set.
Port: 7000
Service: [empty]
Caption: Trojan horse remote control? Open this port.
Ports: 7300, 730 1, 7306, 7307 and 7308.
Service: [empty]
Description: Trojan Network Monitor opens this port. In addition, NetSpy 1.0 also opens port 7306.
Port: 7323
Service: [empty]
Description: Sygate server.
Port: 7626
Service: [empty]
Caption: Troy Giesl opened the harbor.
Port: 7789
Service: [empty]
Caption: Troy Icole opened this port.
Port: 8000
Service: OICQ
Description: Tencent QQ server opens this port.
Port: 80 10
Service: wingate.
Description: Wingate proxy opens this port.
Port: 8080
Service: proxy port
Description: WWW proxy opens this port.
Port: 9400,9401,9402
Service: [empty]
Caption: Troy Inkman? 1.0 Open this port.
Ports: 9872, 9873, 9874, 9875, 10067, 10 167.
Service: [empty]
Description: Trojan Portal? Yes? Bad luck opened the port.
Port: 9989
Service: [empty]
Caption: Trojan iNi- Black Boy opens this port.
Port: 1 1000
Service: [empty]
Caption: Troy Sen Nasby opened the harbor.
Port: 1 1223
Service: [empty]
Caption: Trojan horse parents? Troy, open this port.
Ports:12076,61466
Service: [empty]
Description: Trojan remote command opens this port.
Port: 12223
Service: [empty]
Caption: Trojan horse hacker' 99? Keylogger opens this port.
Port: 12345, 12346
Service: [empty]
Description: Trojan network bus 1.60/ 1.70, GabanBus opens this port.
Port: 1236 1
Service: [empty]
Caption: Trojan whack-a-mole opened this port.
Port: 13223
Service: prayer ceremony
Caption: PowWow is global? Voice chat program. It allows users to open private chat connections at this port.
This program is very aggressive in establishing connections. It will stay on this TCP port and wait for a response. Cause a similar heart
Connection requests at hop intervals. This seems to happen if the dial-up user inherits an IP address from another chat.
There are many different people testing this port. This protocol uses OPNG as the first four words of its connection request.
Festival.
Port: 16969
Service: [empty]
Description: Trojan opens this port first.
Port: 17027
Service: conductor
Description: This is an outgoing connection. This is because someone inside the company has installed * * * fun and helpful "advertising robots".
Software. Help * * * enjoy the software display advertising service. Popular software that uses this service.
This work is Pkware.
Port: 19 19 1
Service: [empty]
Caption: The blue flame of Troy opened this port.
Port: 20000,20001
Service: [empty]
Description: Trojan Millennium opens this port.
Port: 20034
Service: [empty]
Description: Trojan network bus? Pro open this port.
Port: 2 1554
Service: [empty]
Description: Trojan girlfriend opens this port.
Port: 22222
Service: [empty]
Caption: Troy Maprothiak opened this port.
Port: 23456
Service: [empty]
Caption: Troy is evil? FTP, ugly? FTP opens this port.
Ports: 26274, 47262
Service: [empty]
Caption: The Trojan Delta opened this port.
Port: 27374
Service: [empty]
Caption: Trojan horse Subseven? 2. 1 Open this port.
Port: 30 100
Service: [empty]
Description: Trojan Cyberspace opens this port.
Port: 30303
Service: [empty]
Description: Trojan Socket23 opens this port.
Port: 30999
Service: [empty]
Description: Kuang Kai Port.
Ports: 3 1337, 3 1338
Service: [empty]
Caption: Troy Bo (back? Orifice) to open the port. In addition, the port of 3 1338 has been opened in Troy and Shenzhen.
Port: 3 1339
Service: [empty]
Caption: Trojan cyber spy? DK, open this port
Port: 3 1666
Service: [empty]
Caption: Troy Burke opens this port.
Port: 33333
Service: [empty]
Caption: Troy Maprothiak opened this port.
Port: 34324
Service: [empty]
Caption: Little Troy? Telnet? Server, BigGluck, TN, open this port.
Port: 404 12
Service: [empty]
Caption: Trojan horse? The spy opened this port.
Ports: 4042 1, 40422, 40423, 40426,
Service: [empty]
Caption: Master Trojan Horse? Heaven opened the port.
Ports: 432 10/0,54321
Service: [empty]
Caption: Trojan school bus? 1.0/2.0 Open this port.
Port: 44445
Service: [empty]
Description: Trojan Happypig opens this port.
Port: 50766
Service: [empty]
Caption: Troy opened the port.
Port: 5300 1
Service: [empty]
Caption: Trojan horse remote control? Windows? Closing will open this port.
Port: 65000
Service: [empty]
Caption: Trojan devil? 1.03 Open this port. ?