UGN Security
Posted By: HikoShintai Open Ports? - 09/30/03 11:33 AM
From what I have been able to gather on the matter is that a port is a connection to and from a computer system. This is a way for a "hacker" to gain entry into a system by exploiting it and using the port as a back door. I have a few questions concerning the matter that hopefully can be answered as I try to obsorb the knowledge that is being handed to me:

1. Is there a list of common ports and what they are used for somewhere?
2. Why are some ports more vulnerable than others? Port 445 opposed to port 1080?
3. How exactly does one gain entry by using an open port? (If this question is considered illegal, forgive me, for security purposes only, i assure you.)

I think that's it. Any info would be most welcome.
Posted By: Infinite Re: Open Ports? - 09/30/03 12:54 PM
First thing, we were just talking about this in IRC the other day. Here's how I explained what a port is:

Quote:
[19:08] <%Infinite> instead of calling em ports, call em 'application numbers'. So now telnet is app number 23, and ssh is 22, smtp is 25, etc. When you receive a packet your nic looks at it and sees a '22' in the port field, so it gives the data portion to the ssh program
So... To answer your question,

1. http://www.google.ca/search?q=commo...p;hl=en&btnG=Google+Search&meta=

2. The only thing that makes a port more vulnerable than another is what program is listening on it. Telnet's default port is 23. You can run a telnet server on any port you so choose to run it on. Said telnet server is no more vulnerable if it is listening on port 69 than on 23.

3. Entry is gained by manipulating the program that is listening on the other side, whether that is a telnet server, smtp server, dns server, irc server, etc.

Infinite
Posted By: HikoShintai Re: Open Ports? - 09/30/03 10:00 PM
Thanks for the info Infinite. Just after I posted I found a couple good sites on port numbers that gave me quite a bit of information. I'm still just curious as to how someone would manipulate the program listening? I found that port 135, 139, and 445 are very open NetBios ports. What would someone do to manipulate that? I'm concerned cause a lot of these ports are still open on many of the computers on my network. Not sure if I should shut them down or what.
Posted By: jonconley Re: Open Ports? - 10/01/03 12:54 AM
Check out this old school text, but very relevant still b/c many people still running these versions of Windows. Also, it explains how to do a lot with commands available on any windows box.

NTWARDOC
Posted By: HikoShintai Re: Open Ports? - 10/03/03 01:23 AM
I will do that, thank you jon.
Posted By: fearENKI Re: Open Ports? - 11/09/03 12:38 PM
port 21 is almost always open, as is 5169 cuz AIM using it and millions of people use aim if theyre online
© UGN Security Forum