The port number of the client will only open the corresponding port number (so it is also called temporary port number) when the user opens the corresponding program. Most of them assign the port number between 1024 and 5000 to the temporary port number. Port numbers greater than 5000 are reserved for other services (services that are not commonly used on the Internet).
Extended data:
Specific description of port number
Port: 0
Service: reserved
Description: Usually used to analyze the operating system. This method is effective because "0" is an invalid port in some systems, and when you try to connect it to a port that is usually closed, it will produce different results. A typical scan uses the IP address 0.0.0.0, sets the ACK bit and broadcasts it in the Ethernet layer.
Port: 1
Service: tcpmux
Description: This means that someone is looking for SGI Irix machine. Irix is the main provider of tcpmux, which is turned on by default in this system. Irix machine contains several default password-free accounts when it is released, such as: IP, guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc.
Many administrators forget to delete these accounts after installation. So hackers searched for tcpmux online and used these accounts.
Port: 7
Service: echo
Description: When searching for Fraggle amplifier, you can see many messages sent by people to X.X.X.0 and X.X.X.255.
Port: 19
Service: Character Generator
Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. When TCP connects, it sends a data stream containing junk characters until the connection is closed. Hackers can use IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers.
Similarly, the Fraggle DoS attack will broadcast a packet with a forged victim IP to this port of the target address, and the victim will be overloaded in response to the data.
Port: 2 1
Service: FTP
Description: FTP server opens ports for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports.
Port: 22
Service: Ssh
Description: The connection between TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes.
Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port.
Port: 25
Service: SMTP
Description: The port opened by SMTP server is used to send mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses.
Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port.
Port: 3 1
Service: message authentication
Description: Trojan Master Park and Hacker Park open this port.
Port: 42
Service: WINS replication
Description: WINS replication
Port: 53
Service: Domain Name Server (DNS)
Description: For the port opened by DNS server, intruders may try to pass TCP, cheat DNS(UDP) or hide other communication. Therefore, firewalls usually filter or record this port.
Port: 67
Service: Boot Protocol Server
Description: A large amount of data sent to the broadcast address 255.255.255.255 is often seen through the firewall of DSL and Cable modem. These machines are requesting addresses from the DHCP server. Hackers often enter them, assign an address and use themselves as local routers to launch a large number of man-in-the-middle attacks.
The client broadcasts the requested configuration to port 68 and the server broadcasts the response request to port 67. This response is broadcast because the client does not know the IP address that can be sent.
Port: 69
Service: cumbersome file transfer
Description: Many servers provide this service together with bootp, so it is convenient to download the startup code from the system. However, they often allow intruders to steal any files from the system due to configuration errors. They can also be used for system writing files.
Port: 79
Service: finger server
Description: Intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scanning from their own machines to other machines.
Port: 80
Service: HTTP
Description: used for web browsing. The Trojan Executor opened the port.
Port: 99
Service: Metagrammar Relay
Description: Backdoor program ncx99 opens this port.
Port: 1 10
Service: POP3
Description: post office protocol 3 is used to send and receive e-mail.
Port: 102
Port: 553
Service: CORBA IIOP (UDP)
Description: Use a cable modem, DSL or VLAN to view the broadcast on this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.
Baidu Encyclopedia-Port Address