-
Notifications
You must be signed in to change notification settings - Fork 323
/
Copy pathServicesPortsList.txt
6696 lines (6696 loc) · 443 KB
/
ServicesPortsList.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
r 0/tcp # Reserved<BR>
r 0/udp # Reserved<BR>
tcpmux 1/tcp # TCP Port Service Multiplexer One of original portmappers. SGI/IRIX is still using it, thus scans for it are probable attempts to locate IRIX targets. A "HELP" request to it returns Irix host's service listings.
tcpmux 1/udp # TCP Port Service Multiplexer One of original portmappers. SGI/IRIX is still using it, thus scans for it are probable attempts to locate IRIX targets. A "HELP" request to it returns Irix host's service listings.
compressnet 2/tcp # Management Utility<BR>
compressnet 2/udp # Management Utility<BR>
compressnet 3/tcp # Compression Process<BR>
compressnet 3/udp # Compression Process<BR>
rje 5/tcp # Remote Job Entry<BR>
rje 5/udp # Remote Job Entry<BR>
echo 7/tcp # Echo<BR><br> Used to trouble-shoot remote TCP/IP stacks (telnet to remote echo port, then type ... all keystrokes will echo back if target stack is working thru app layer. <BR> <br> DOS Threat: Attackers use it to relay flooding data. If relayed to a network broadcast, entire subnet can flood. To a syslog-loghost, logs can flood. Returns it to whatever you forged as your source socket. Any data sent can flood, but looping data output ports (eg: chargen, time, daytime) create deadly streaming floods. <BR> <br> Disable on all hosts; enable only for brief trouble-shooting. <BR>
echo 7/udp # Echo<BR><br> Used to trouble-shoot remote TCP/IP stacks (telnet to remote echo port, then type ... all keystrokes will echo back if target stack is working thru app layer. <BR> <br> DOS Threat: Attackers use it to relay flooding data. If relayed to a network broadcast, entire subnet can flood. To a syslog-loghost, logs can flood. Returns it to whatever you forged as your source socket. Any data sent can flood, but looping data output ports (eg: chargen, time, daytime) create deadly streaming floods. <BR> <br> Disable on all hosts; enable only for brief trouble-shooting. <BR>
discard 9/tcp # Discard<BR><br> Port equiv to /dev/null. Reads pkts, then discards them. Allows knowledge the host is alive and processing pkts. Used while trouble-shooting local stack's transmit ability (telnet to discard on remote host, knowing all transmitted keystrokes will just be discarded ... no worry of corrupting host processes). <BR> <br> No threat, but block on hosts and perimeter network devices as general rule. <BR>
discard 9/udp # Discard<BR><br> Port equiv to /dev/null. Reads pkts, then discards them. Allows knowledge the host is alive and processing pkts. Used while trouble-shooting local stack's transmit ability (telnet to discard on remote host, knowing all transmitted keystrokes will just be discarded ... no worry of corrupting host processes). <BR> <br> No threat, but block on hosts and perimeter network devices as general rule. <BR>
systat 11/tcp # Active Users<BR><br> Provides very useful info to attackers (host's usernames, login times, origination hosts, etc.). <BR> <br> Disable this port on all hosts. <BR>
systat 11/udp # Active Users<BR><br> Provides very useful info to attackers (host's usernames, login times, origination hosts, etc.). <BR> <br> Disable this port on all hosts. <BR>
daytime 13/tcp # Daytime<BR><br> Returns the time of day in machine language; can return OS version. Provides host time, which can be useful in timing attacks. Also creates a DOS threat when its output is looped echo port (7). <BR> <br> Disable this port on all hosts. <BR>
daytime 13/udp # Daytime<BR><br> Returns the time of day in machine language; can return OS version. Provides host time, which can be useful in timing attacks. Also creates a DOS threat when its output is looped echo port (7). <BR> <br> Disable this port on all hosts. <BR>
netstat 15/tcp # Now Unassigned (was netstat)<BR><br> Netstat was similar to systat and is still active on some operating systems. Provides remote attackers info about the host and network (socket status, route tables, arp table, multicast group members, per- protocol stat's, interfaces status, etc.). <BR> <br> Disable this port on all hosts. <BR>
netstat 15/udp # Now Unassigned (was netstat)<BR><br> Netstat was similar to systat and is still active on some operating systems. Provides remote attackers info about the host and network (socket status, route tables, arp table, multicast group members, per- protocol stat's, interfaces status, etc.). <BR> <br> Disable this port on all hosts. <BR>
qotd 17/tcp # Quote of the Day (QOTD)<BR><br> Used to receive remote QOTDs. Used for social engineering attacks, where users receive fake instructions to verify passwords , etc. <BR> <br> Disable this port on all hosts. <BR>
qotd 17/udp # Quote of the Day (QOTD)<BR><br> Used to receive remote QOTDs. Used for social engineering attacks, where users receive fake instructions to verify passwords , etc. <BR> <br> Disable this port on all hosts. <BR>
msp 18/tcp # Message Send Protocol<BR>
msp 18/udp # Message Send Protocol<BR>
chargen 19/tcp # Character Generator<BR><br> Used to trouble-shoot TCP/IP stacks. Generates random characters at a high rate. <BR> <br> DOS Threat: Attackers will loop it to the echo port, creating a very effective host and subnet DOS. <BR> <br> Disable this port on all hosts, enable only for brief trouble-shooting tests.
chargen 19/udp # Character Generator<BR><br> Used to trouble-shoot TCP/IP stacks. Generates random characters at a high rate. <BR> <br> DOS Threat: Attackers will loop it to the echo port, creating a very effective host and subnet DOS. <BR> <br> Disable this port on all hosts, enable only for brief trouble-shooting tests.
ftp-data 20/tcp # Default FTP Data Transfer Port<BR><br> Is FTP service's default data transfer port; required inbound if internal users are allowed access to external FTP sites, yet open port poses a threat (hole for network mapping, etc). Modern firewalls solve this by keeping it closed until a valid FTP session exists, then only opening it between those hosts. <BR> <br> Control via a stateful-tracking firewall, do not simply open at perimeter. <BR>
ftp-data 20/udp # Default FTP Data Transfer Port<BR><br> Is FTP service's default data transfer port; required inbound if internal users are allowed access to external FTP sites, yet open port poses a threat (hole for network mapping, etc). Modern firewalls solve this by keeping it closed until a valid FTP session exists, then only opening it between those hosts. <BR> <br> Control via a stateful-tracking firewall, do not simply open at perimeter. <BR>
ftp-control 21/tcp # FTP Control Port<BR><br> Is FTP service control port. Firewall rules focus on this port, then open port 20 only when required for a data transfer. <BR> Security Concerns with FTP: <BR> - Cleartext, re-usable passwords <BR> - Portal for user account grinding <BR> - FTP Bounce, where attacker uses ftp's "port" command to redirect the FTP transfer to a port & IP other than default port 20 on the FTP server. Attacks can include "bouncing" internal network scans, email forging/flooding, etc. <BR> <br> CERT Advisories: CA-97.16, CA-99.13 <BR> <br> Disable port on non-FTP servers. <BR> <br> Open at perimeter only with static route to internal FTP server(s). <BR>
ftp-control/ftp 21/udp # FTP Control Port<BR><br> Is FTP service control port. Firewall rules focus on this port, then open port 20 only when required for a data transfer. <BR> Security Concerns with FTP: <BR> - Cleartext, re-usable passwords <BR> - Portal for user account grinding <BR> - FTP Bounce, where attacker uses ftp's "port" command to redirect the FTP transfer to a port & IP other than default port 20 on the FTP server. Attacks can include "bouncing" internal network scans, email forging/flooding, etc. <BR> <br> CERT Advisories: CA-97.16, CA-99.13 <BR> <br> Disable port on non-FTP servers. <BR> <br> Open at perimeter only with static route to internal FTP server(s). <BR> , ftp<br><br>file transfer [control]<br>
ssh 22/tcp # SSH Remote Login Protocol<BR>
ssh/pcanywherestat 22/udp # SSH Remote Login Protocol<BR>, pcAnywhere Status<BR><br> Default udp status port for v2.0 thru v7.51, plus CE. Versions v8+ on use tcp 5631 & udp 5632. <BR>
telnet 23/tcp # Telnet<BR><br> Standard for remote host admin. <BR> Security Concerns of Telnet: <BR> - Cleartext, re-usable passwords <BR> - Portal for user account grinding <BR> <br> CERT Advisories: CA-89.03, CA-95.14 <BR> <br> Replace with SSH on critical hosts. <BR>
telnet 23/udp # Telnet<BR><br> Standard for remote host admin. <BR> Security Concerns of Telnet: <BR> - Cleartext, re-usable passwords <BR> - Portal for user account grinding <BR> <br> CERT Advisories: CA-89.03, CA-95.14 <BR> <br> Replace with SSH on critical hosts. <BR>
smtp/smtp 25/tcp # Simple Mail Transfer<BR><br> Used by mail servers to receive inbound email. <BR> Security Concerns: Email servers are complex engines, often run as root, and required open at most network perimeters. Thus are popular for attackers and new DOS or intrusion hacks always being found. <BR> <br> Disable on non-mail server hosts. <BR> <br> Open at perimeter only with static route to internal mail server. <BR> , smtp<br><br>simple mail transfer<br>
smtp 25/udp # smtp<br><br>simple mail transfer<br>
nsw-fe 27/tcp # NSW User System FE<BR>
nsw-fe 27/udp # NSW User System FE<BR>
msg-icp 29/tcp # MSG ICP<BR>
msg-icp 29/udp # MSG ICP<BR>
msg-auth 31/tcp # MSG Authentication<BR>
msg-auth 31/udp # MSG Authentication<BR>
dsp 33/tcp # Display Support Protocol<BR>
dsp 33/udp # Display Support Protocol<BR>
printer-any/priv-print 35/tcp # Any Private Printer Server<BR>, priv-print<br><br>any private printer server<br>
printer-any/priv-print 35/udp # Any Private Printer Server<BR>, priv-print<br><br>any private printer server<br>
time 37/tcp # Time<BR><br> Provides remote timing stat's of internal processing events. <BR> Security Concerns: Gives remote attacker info on host's internal processing load. Can identify critical processing times, plus output can be looped to echo port (7) and create a DOS threat to the subnet. <BR> <br> Disable this port on all hosts. <BR>
time 37/udp # Time<BR><br> Provides remote timing stat's of internal processing events. <BR> Security Concerns: Gives remote attacker info on host's internal processing load. Can identify critical processing times, plus output can be looped to echo port (7) and create a DOS threat to the subnet. <BR> <br> Disable this port on all hosts. <BR>
rap 38/tcp # Route Access Protocol<BR>
rap 38/udp # Route Access Protocol<BR>
rlp 39/tcp # Resource Location Protocol<BR>
rlp/rlp 39/udp # Resource Location Protocol<BR>, rlp<br><br>resource location, resource location protocol<br>
graphics 41/tcp # Graphics<BR>
graphics 41/udp # Graphics<BR>
nameserver 42/tcp # Host Name Server<BR><br> Obsolete nameserver (originally DARPA's trivial name server, replaced by DNS). Is currently used by Microsoft hosts for WINS server for NetBIOS name resolves. May also be still found on some older Unix systems. <BR> <br> Disable on all non-MS-WINS hosts. <BR>
nameserver/name 42/udp # Host Name Server<BR><br> Obsolete nameserver (originally DARPA's trivial name server, replaced by DNS). Is currently used by Microsoft hosts for WINS server for NetBIOS name resolves. May also be still found on some older Unix systems. <BR> <br> Disable on all non-MS-WINS hosts. <BR> , name<br><br>host name server<br>
nicname 43/tcp # Whois<BR><br> Is the whois service, used to provide domain-level info. Sites today rarely run whois servers, is mostly just used now by Internic. Somewhat similar in function to "finger" and can suffer from same data-driven attacks. <BR> <br> Disable this port on all hosts. <BR>
nicname/nicname 43/udp # Whois<BR><br> Is the whois service, used to provide domain-level info. Sites today rarely run whois servers, is mostly just used now by Internic. Somewhat similar in function to "finger" and can suffer from same data-driven attacks. <BR> <br> Disable this port on all hosts. <BR> , nicname<br><br>who is, nicname<br>
mpm-flags 44/tcp # MPM FLAGS Protocol<BR>
mpm-flags 44/udp # MPM FLAGS Protocol<BR>
mpm 45/tcp # Message Processing Module [recv]<BR>
mpm 45/udp # Message Processing Module [recv]<BR>
mpm-snd 46/tcp # MPM [default send]<BR>
mpm-snd 46/udp # MPM [default send]<BR>
ni-ftp 47/tcp # NI FTP<BR>
ni-ftp 47/udp # NI FTP<BR>
auditd 48/tcp # Digital Audit Daemon<BR>
auditd 48/udp # Digital Audit Daemon<BR>
tacacs 49/tcp # Login Host Protocol (TACACS)<BR><br> Auth protocol for older terminal server logins. <BR> Security Concerns: Passwords are transmitted in cleartext <BR> <br> Previously known as bbn-login. <BR> <br> Disable this port on all hosts. <BR>
tacacs 49/udp # Login Host Protocol (TACACS)<BR><br> Auth protocol for older terminal server logins. <BR> Security Concerns: Passwords are transmitted in cleartext <BR> <br> Previously known as bbn-login. <BR> <br> Disable this port on all hosts. <BR>
re-mail-ck 50/tcp # Remote Mail Checking Protocol<BR>
re-mail-ck 50/udp # Remote Mail Checking Protocol<BR>
la-maint 51/tcp # IMP Logical Address Maintenance<BR>
la-maint 51/udp # IMP Logical Address Maintenance<BR>
xns-time 52/tcp # XNS Time Protocol<BR>
xns-time 52/udp # XNS Time Protocol<BR>
domain 53/tcp # Domain Name Server (DNS)<BR><br> DNS servers offer different services on TCP and UDP. TCP is used for "zone transfers" of full name record databases, while UDP is used for individual lookups. <BR> Security Concerns: <BR> - Zone Transfers give away entire network maps; high value to attackers <BR> - DNS (BIND) is a popular target, since DNS servers must exist, must be reachable, and exploits usually result DOS or root <BR> <br> Keep BIND version/patches current (refer to www.isca.org). <BR> <br> Use "split-DNS
domain/domain 53/udp # Domain Name Server (DNS)<BR><br> DNS servers offer different services on TCP and UDP. TCP is used for "zone transfers" of full name record databases, while UDP is used for individual lookups. <BR> Security Concerns: <BR> - Zone Transfers give away entire network maps; high value to attackers <BR> - DNS (BIND) is a popular target, since DNS servers must exist, must be reachable, and exploits usually result DOS or root <BR> <br> Keep BIND version/patches current (refer to www.isca.org). <BR> <br> Use "split-DNS, domain<br><br>domain name server<br>
xns-ch 54/tcp # XNS Clearinghouse<BR>
xns-ch 54/udp # XNS Clearinghouse<BR>
isi-gl 55/tcp # ISI Graphics Language<BR>
isi-gl 55/udp # ISI Graphics Language<BR>
xns-auth 56/tcp # XNS Authentication<BR>
xns-auth 56/udp # XNS Authentication<BR>
terminal-any 57/tcp # Any Private Terminal Access<BR>
terminal-any/priv-term 57/udp # Any Private Terminal Access<BR>, priv-term<br><br>any private terminal access<br>
xns-mail 58/tcp # XNS Mail<BR>
xns-mail 58/udp # XNS Mail<BR>
dialout-any/priv-file 59/tcp # Any Private File Service<BR>, priv-file<br><br>any private file service<br>
dialout-any/priv-file 59/udp # Any Private File Service<BR>, priv-file<br><br>any private file service<br>
ni-mail 61/tcp # NI MAIL<BR>
ni-mail 61/udp # NI MAIL<BR>
acas 62/tcp # ACA Services<BR>
acas 62/udp # ACA Services<BR>
whois++ 63/tcp # whois++<BR>
whois++ 63/udp # whois++<BR>
covia 64/tcp # Communications Integrator (CI)<BR>
covia 64/udp # Communications Integrator (CI)<BR>
tacacs-ds 65/tcp # TACACS-Database Service<BR>
tacacs-ds 65/udp # TACACS-Database Service<BR>
sql--net/sql*net 66/tcp # Oracle SQL<br>NET<BR><br> Used for Oracle DB access. <BR> Security Concerns: Auth scheme can be either Oracle or Unix username & password combo, but both passed cleartext by default. <BR> <br> Oracle's security options: <BR> - Can encrypt the re-usable password <BR> - Can upgrade to one-time-passwords <BR> - Can enable VPN for remote access <BR> <br> Block this port at network's perimeter; use only VPN-encrypted data transfers across perimeter. <BR> , sql*net<br><br>oracle sql*net<br>
sql*net 66/udp # sql*net<br><br>oracle sql*net<br>
bootps 67/tcp # Bootstrap Protocol Server<BR><br> Listening port on bootp & DHCP servers. Clients broadcast to it for boot or network parameters. <BR> Security Concern: Can probe NIS domain name, plus a valued DOS target. <BR>
bootps/bootps 67/udp # Bootstrap Protocol Server<BR><br> Listening port on bootp & DHCP servers. Clients broadcast to it for boot or network parameters. <BR> Security Concern: Can probe NIS domain name, plus a valued DOS target. <BR> , bootps<br><br>bootp/dhcp server, bootstrap protocol server<br>
bootpc 68/tcp # Bootstrap Protocol Client<BR><br> Listening port on bootp & DHCP clients. Servers respond to it with boot or network parameters. <BR>
bootpc/bootpc 68/udp # Bootstrap Protocol Client<BR><br> Listening port on bootp & DHCP clients. Servers respond to it with boot or network parameters. <BR> , bootpc<br><br>bootp/dhcp client, bootstrap protocol client<br>
tftp 69/tcp # Trivial File Transfer<BR><br> Non-auth ftp service, used primarily by diskless clients to pull boot files. <BR> Security Concerns: Remote attackers can download server files without auth. Can extend to sensitive files (eg: passwd file) if server is poorly configured. Since file transfer is cleartext, all boot info passed to clients is vulnerable. For routers, this can include passwords. <BR> <br> Disable on host unless TFTP server. <BR>
tftp/tftp 69/udp # Trivial File Transfer<BR><br> Non-auth ftp service, used primarily by diskless clients to pull boot files. <BR> Security Concerns: Remote attackers can download server files without auth. Can extend to sensitive files (eg: passwd file) if server is poorly configured. Since file transfer is cleartext, all boot info passed to clients is vulnerable. For routers, this can include passwords. <BR> <br> Disable on host unless TFTP server. <BR> , tftp<br><br>trivial file transfer, trivial file transfer protocol<br>
gopher 70/tcp # <br> Older search engine server. Used little today, but still installed with MS's IIS.<BR><br> Disable on host unless TFTP server. <BR>
gopher 70/udp # <br> Older search engine server. Used little today, but still installed with MS's IIS.<BR><br> Disable on host unless TFTP server. <BR>
netrjs-1 71/tcp # Remote Job Service<BR>
netrjs-1 71/udp # Remote Job Service<BR>
netrjs-2 72/tcp # Remote Job Service<BR>
netrjs-2 72/udp # Remote Job Service<BR>
netrjs-3 73/tcp # Remote Job Service<BR>
netrjs-3 73/udp # Remote Job Service<BR>
netrjs-4 74/tcp # Remote Job Service<BR>
netrjs-4 74/udp # Remote Job Service<BR>
deos 76/tcp # Distributed External Object Store<BR>
deos 76/udp # Distributed External Object Store<BR>
rje-service-any 77/tcp # Any Private RJE Service<BR>
rje-service-any/priv-rje 77/udp # Any Private RJE Service<BR>, priv-rje<br><br>any private rje service, netjrs<br>
vettcp 78/tcp # vettcp<BR>
vettcp 78/udp # vettcp<BR>
finger 79/tcp # Finger<BR><br> <BR> Security Concerns: <BR> - Provides key host info to attacker <BR> - Fingered host can be DOS'd if hit with a recursive finger script till its memory and swap space fill. <BR> - Fingering clients can be DOS'd if they finger a maliciously configured host (returns data overload, causing client to beep continually, etc.). <BR> - If fingering clients allow programmable keys, a maliciously configured host can return a finger response that maps a key to "rm -rf /<br>". <BR> <br> Disable on all host unless finger service is stubbed to only provide scripted data response (eg: system admin contact info, etc.). <BR>
finger 79/udp # Finger<BR><br> <BR> Security Concerns: <BR> - Provides key host info to attacker <BR> - Fingered host can be DOS'd if hit with a recursive finger script till its memory and swap space fill. <BR> - Fingering clients can be DOS'd if they finger a maliciously configured host (returns data overload, causing client to beep continually, etc.). <BR> - If fingering clients allow programmable keys, a maliciously configured host can return a finger response that maps a key to "rm -rf /<br>". <BR> <br> Disable on all host unless finger service is stubbed to only provide scripted data response (eg: system admin contact info, etc.). <BR>
http 80/tcp # 'HTTP Standard web server port. '
http 80/udp # http<br><br>hypertext transfer protocol, world wide web http<br>
SIPS 5061/tcp # SIP over TLS/SSL
/udp #
hosts2-ns 81/tcp # HOSTS2 Name Server<BR>
hosts2-ns 81/udp # HOSTS2 Name Server<BR>
xfer 82/tcp # XFER Utility<BR>
xfer 82/udp # XFER Utility<BR>
mit-ml-dev 83/tcp # MIT ML Device<BR>
mit-ml-dev 83/udp # MIT ML Device<BR>
ctf 84/tcp # Common Trace Facility<BR>
ctf 84/udp # Common Trace Facility<BR>
mit-ml-dev 85/tcp # MIT ML Device<BR>
mit-ml-dev 85/udp # MIT ML Device<BR>
mfcobol 86/tcp # Micro Focus Cobol<BR>
mfcobol 86/udp # Micro Focus Cobol<BR>
link/link 87/tcp # Any Private Terminal Link<BR><br> Popular attack target. Consider any connection attempts to it as an attack signature. <BR> , link<br><br>any private terminal link, ttylink<br>
link 87/udp # Any Private Terminal Link<BR><br> Popular attack target. Consider any connection attempts to it as an attack signature. <BR>
kerberos 88/tcp # Kerberos<BR>
kerberos/kerberos 88/udp # Kerberos<BR>, kerberos<br><br>kerberos (v5), krb5 <br>
su-mit-tg 89/tcp # SU/MIT Telnet Gateway<BR>
su-mit-tg 89/udp # SU/MIT Telnet Gateway<BR>
dnsix/pointcast 90/tcp # DNSIX Securit Attribute Token Map<BR>, PointCast<BR>
dnsix/pointcast 90/udp # DNSIX Securit Attribute Token Map<BR>, PointCast<BR>
mit-dov 91/tcp # MIT Dover Spooler<BR>
mit-dov 91/udp # MIT Dover Spooler<BR>
npp 92/tcp # Network Printing Protocol<BR>
npp 92/udp # Network Printing Protocol<BR>
dcp 93/tcp # Device Control Protocol<BR>
dcp 93/udp # Device Control Protocol<BR>
objcall 94/tcp # Tivoli Object Dispatcher<BR>
objcall 94/udp # Tivoli Object Dispatcher<BR>
supdup 95/tcp # SUPDUP<BR><br> Somewhat similar to telnet, designed for remote job entry. Is rarely used anymore, but remains a popular intruder target. Consider any connection attempts to it as an attack signature. <BR>
supdup/supdup 95/udp # SUPDUP<BR><br> Somewhat similar to telnet, designed for remote job entry. Is rarely used anymore, but remains a popular intruder target. Consider any connection attempts to it as an attack signature. <BR> , supdup<br><br>supdup<br>
dixie 96/tcp # DIXIE Protocol Specification<BR>
dixie 96/udp # DIXIE Protocol Specification<BR>
swift-rvf 97/tcp # Swift Remote Virtural File Protocol<BR>
swift-rvf 97/udp # Swift Remote Virtural File Protocol<BR>
tacnews/linux-conf 98/tcp # TAC News<BR>, Linux Console Manager<BR>
tacnews/tacnews 98/udp # TAC News<BR>, tacnews<br><br>tac news<br>
metagram 99/tcp # Metagram Relay<BR>
metagram 99/udp # Metagram Relay<BR>
newacct 100/tcp #
/udp #
hostname 101/tcp # NIC Host Name Server<BR>
hostname/hostname 101/udp # NIC Host Name Server<BR>, hostname<br><br>nic host name server, hostnames nic host name server<br>
iso-tsap/X.500 102/tcp # ISO-TSAP Class 0<BR>, X.500 Directory Service<BR><br> Used to distribute user names, user info, and public keys. <BR> Security Concerns: Depending on vendor implementation, probes can reveal valuable user info for follow-on attacks. On poorly configured servers, attackers can replace public keys for data capture or DOS purpose. <BR>
iso-tsap/iso-tsap 102/udp # ISO-TSAP Class 0<BR>, iso-tsap<br><br>tsap iso-tsap class 0, iso-tsap class 0<br>
X.400/gppitnp 103/tcp # X.400 Mail Messaging<BR><br> Both ports are used with X.400 Email std., but not widely used. No known vul's, but would similar to data-driven attacks common to smtp, plus poss. direct attacks such as with sendmail. <BR> <br> Always static route inbound mail to a protected, hardened email server. <BR> , Genesis Point-to-Point Trans Net<BR>
gppitnp/gppitnp 103/udp # Genesis Point-to-Point Trans Net<BR>, gppitnp<br><br>genesis point-to-point trans net<br>
acr-nema 104/tcp # ACR-NEMA Digital Imag. & Comm. 300<BR>
acr-nema 104/udp # ACR-NEMA Digital Imag. & Comm. 300<BR>
csnet-ns/cso 105/tcp # Mailbox Name Nameserver<BR>, CCSO name server protocol<BR>
csnet-ns/cso/cso 105/udp # Mailbox Name Nameserver<BR>, CCSO name server protocol<BR>, cso<br><br>ccso name server protocol, mailbox name nameserver<br>
3com-tsmux/poppassd 106/tcp # 3COM-TSMUX<BR>, POP poppassd
3com-tsmux 106/udp # 3COM-TSMUX<BR>
rtelnet 107/tcp # Remote Telnet Service<BR>
rtelnet/rtelnet 107/udp # Remote Telnet Service<BR>, rtelnet<br><br>remote telnet service<br>
snagas 108/tcp # SNA Gateway Access Server<BR>
snagas 108/udp # SNA Gateway Access Server<BR>
pop2 109/tcp # Post Office Protocol - Version 2<BR><br> Older POP email protocol. Replaced by POP3 (110). <BR>
pop2/pop2 109/udp # Post Office Protocol - Version 2<BR><br> Older POP email protocol. Replaced by POP3 (110). <BR> , pop2<br><br>postoffice v.2, post office protocol - version 2<br>
pop3 110/tcp # Post Office Protocol - Version 3<BR><br> Most widely used client email protocol. Used by mail clients to collect mail off server. <BR> Security Concerns: <BR> - Re-usable cleartext password <BR> - No auditing of connections & attempts, thus subject to grinding <BR> - Some POP3 server versions have had buffer overflow problems <BR> <br> CERT Advisories: CA-97.09 <BR>
pop3/pop3 110/udp # Post Office Protocol - Version 3<BR><br> Most widely used client email protocol. Used by mail clients to collect mail off server. <BR> Security Concerns: <BR> - Re-usable cleartext password <BR> - No auditing of connections & attempts, thus subject to grinding <BR> - Some POP3 server versions have had buffer overflow problems <BR> <br> CERT Advisories: CA-97.09 <BR> , pop3<br><br>postoffice v.3, post office protocol - version 3<br>
sunrpc 111/tcp # Sun's RPC Portmapper<BR><br> Used to map non-registered rpc service ports on most Unix systems (Irix uses port 1). <BR> Security Concerns: <BR> - Provides rpc port map w/o auth <BR> - Has no filtering or logging <BR> - Attacker rpcinfo probes quickly find your Unix hosts <BR> - Solaris hosts open a second port above 32770. Attackers will scan for and use it, knowing net devices won't watch & log this like 111 traffic. <BR> <br> Enhance your portmapper to get ACL filtering and logging: <BR> - BSD: Install "portmap wrapper" <BR> - System V & Solaris: Install Venema's "rpcbind replacement" <BR> <br> Both require libwrap.a from a compiled TCP Wrapper program. <BR> <br> Shut down portmapper on any hosts not requiring rpc's. <BR> <br> Ensure blocked at all net perimeters <BR>
sunrpc/sunrpc 111/udp # Sun's RPC Portmapper<BR><br> Used to map non-registered rpc service ports on most Unix systems (Irix uses port 1). <BR> Security Concerns: <BR> - Provides rpc port map w/o auth <BR> - Has no filtering or logging <BR> - Attacker rpcinfo probes quickly find your Unix hosts <BR> - Solaris hosts open a second port above 32770. Attackers will scan for and use it, knowing net devices won't watch & log this like 111 traffic. <BR> <br> Enhance your portmapper to get ACL filtering and logging: <BR> - BSD: Install "portmap wrapper" <BR> - System V & Solaris: Install Venema's "rpcbind replacement" <BR> <br> Both require libwrap.a from a compiled TCP Wrapper program. <BR> <br> Shut down portmapper on any hosts not requiring rpc's. <BR> <br> Ensure blocked at all net perimeters <BR> , sunrpc<br><br>portmapper, rpcbind, sun remote procedure call<br>
mcidas 112/tcp # McIDAS Data Transmission Protocol<BR>
mcidas 112/udp # McIDAS Data Transmission Protocol<BR>
ident/auth 113/tcp # Ident<BR><br> Some versions vulnerable to root-level intrusion! Check! <BR> , Authentication Service<BR><br> Used by hosts to acquire info on users engaged in connections (eg: it sends socket info to remote hosts, who then passes back user info - generally data from the /etc/passwd file). Can be used to probe remote passwd file for usernames. <BR> <br> Allows you to see what account is running a particular service (eg: ident of a service can tell you if its run by root, etc.). <BR>
auth/auth 113/udp # Authentication Service<BR><br> Used by hosts to acquire info on users engaged in connections (eg: it sends socket info to remote hosts, who then passes back user info - generally data from the /etc/passwd file). Can be used to probe remote passwd file for usernames. <BR> <br> Allows you to see what account is running a particular service (eg: ident of a service can tell you if its run by root, etc.). <BR> , auth<br><br>authentication service, ident, tap, authentication service<br>
audionews 114/tcp # Audio News Multicast<BR>
audionews 114/udp # Audio News Multicast<BR>
sftp 115/tcp # Simple File Transfer Protocol<BR><br>Not<br> Secure FTP (ftps), which operates on ports 990 &989. <BR>
sftp 115/udp # Simple File Transfer Protocol<BR><br>Not<br> Secure FTP (ftps), which operates on ports 990 &989. <BR>
ansanotify 116/tcp # ANSA REX Notify<BR>
ansanotify 116/udp # ANSA REX Notify<BR>
uucp-path 117/tcp # UUCP Path Service<BR>
uucp-path 117/udp # UUCP Path Service<BR>
sqlserv 118/tcp # SQL Services<BR>
sqlserv 118/udp # SQL Services<BR>
nntp 119/tcp # Network News Transfer Protocol<BR><br> Usenet server feeds (uucp can be used for this too). <BR> <br> If used, config nntp server with ACL to control client access. <BR> <br> If config'd to allow non-admins to create new newsgroups, host is vulnerable to command meta-character attacks (eg: ";"). <BR> <br> nntp messages are simple ascii -- susceptable to capture, modification, & forgery. <BR> <br> If an nntp server is not hosted at site, ensure it is blocked at firewall. If a server exists and firewall hole is required, proxy server in the DMZ and disable the automated group creation feature. Note that nntp servers can be established in a split-server mode similar to DNS. <BR> <br> For outbound nntp to external nntp servers (eg: Internet Usenet), primary threat is download and execution of malicious code. <BR>
nntp/nntp 119/udp # Network News Transfer Protocol<BR><br> Usenet server feeds (uucp can be used for this too). <BR> <br> If used, config nntp server with ACL to control client access. <BR> <br> If config'd to allow non-admins to create new newsgroups, host is vulnerable to command meta-character attacks (eg: ";"). <BR> <br> nntp messages are simple ascii -- susceptable to capture, modification, & forgery. <BR> <br> If an nntp server is not hosted at site, ensure it is blocked at firewall. If a server exists and firewall hole is required, proxy server in the DMZ and disable the automated group creation feature. Note that nntp servers can be established in a split-server mode similar to DNS. <BR> <br> For outbound nntp to external nntp servers (eg: Internet Usenet), primary threat is download and execution of malicious code. <BR> , nntp<br><br>network news transfer protocol<br>
cfdptkt 120/tcp # CFDPTKT<BR>
cfdptkt 120/udp # CFDPTKT<BR>
erpc 121/tcp # Encore Expedited Remote Pro.Call<BR>
erpc 121/udp # Encore Expedited Remote Pro.Call<BR>
smakynet 122/tcp # SMAKYNET<BR>
smakynet 122/udp # SMAKYNET<BR>
ntp 123/tcp # Network Time Protocol<BR><br> Provides time synch between computers and network systems. Assists in database mgmt, auth schemes, and audit/logging accuracy. <BR> Security Concerns: It provides both info and an avenue of attack for intruders. Info gathered can include: system uptime, time since reset, time server pkt, I/O, & memory statistics, and ntp peer list. Further, if a host is susceptible to time altering via ntp, an attacker can: <BR> 1) Run replay attacks, using captured OTP and Kerberos tickets before they expire. <BR> 2) Stop security-related cron jobs from running or cause them to run at incorrect times. <BR> 3) Make system and audit logs unreliable, since time is alterable. <BR>
ntp 123/udp # Network Time Protocol<BR><br> Provides time synch between computers and network systems. Assists in database mgmt, auth schemes, and audit/logging accuracy. <BR> Security Concerns: It provides both info and an avenue of attack for intruders. Info gathered can include: system uptime, time since reset, time server pkt, I/O, & memory statistics, and ntp peer list. Further, if a host is susceptible to time altering via ntp, an attacker can: <BR> 1) Run replay attacks, using captured OTP and Kerberos tickets before they expire. <BR> 2) Stop security-related cron jobs from running or cause them to run at incorrect times. <BR> 3) Make system and audit logs unreliable, since time is alterable. <BR>
ansatrader 124/tcp # ANSA REX Trader<BR>
ansatrader 124/udp # ANSA REX Trader<BR>
locus-map 125/tcp # Locus PC-Interface Net Map Server<BR>
locus-map 125/udp # Locus PC-Interface Net Map Server<BR>
nxedit/unitary 126/tcp # NXEdit<BR>, Unisys Unitary Login<BR>
nxedit/unitary 126/udp # NXEdit<BR>, Unisys Unitary Login<BR>
locus-con 127/tcp # Locus PC-Interface Conn Server<BR>
locus-con 127/udp # Locus PC-Interface Conn Server<BR>
gss-xlicen 128/tcp # GSS X License Verification<BR>
gss-xlicen 128/udp # GSS X License Verification<BR>
pwdgen 129/tcp # Password Generator Protocol<BR>
pwdgen 129/udp # Password Generator Protocol<BR>
cisco-fna 130/tcp # cisco FNATIVE<BR>
cisco-fna 130/udp # cisco FNATIVE<BR>
cisco-tna 131/tcp # cisco TNATIVE<BR>
cisco-tna 131/udp # cisco TNATIVE<BR>
cisco-sys 132/tcp # cisco SYSMAINT<BR>
cisco-sys 132/udp # cisco SYSMAINT<BR>
statsrv 133/tcp # Statistics Service<BR>
statsrv 133/udp # Statistics Service<BR>
ingres-net 134/tcp # INGRES-NET Service<BR>
ingres-net 134/udp # INGRES-NET Service<BR>
loc-srv/epmap 135/tcp # Location Service<BR><br> A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). TCP 135 is used for authentication, MS's DHCP Mgr, DNS admin, WINS Mgr, Exchange admin, MS RPCs, and most MS client/server apps. <br>Security Concerns: Key target in auth & DOS attacks. Block at all perimeters; NIC-filter on public-exposed MS hosts., DCE endpoint resolution<br> Common on Unix hosts for certain x-displays, remote perfmon, etc.<BR>
loc-srv/epmap/epmap 135/udp # Location Service<BR><br> A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). TCP 135 is used for authentication, MS's DHCP Mgr, DNS admin, WINS Mgr, Exchange admin, MS RPCs, and most MS client/server apps. <br>Security Concerns: Key target in auth & DOS attacks. Block at all perimeters; NIC-filter on public-exposed MS hosts., DCE endpoint resolution<br> Common on Unix hosts for certain x-displays, remote perfmon, etc.<BR> , epmap<br><br>dce endpoint resolution, location service<br>
profile 136/tcp # PROFILE Naming System<BR>
profile 136/udp # PROFILE Naming System<BR>
netbios-ns 137/tcp # netbios-ns<br><br>netbios name service<br>
netbios-ns/netbios-ns 137/udp # NETBIOS Name Service<BR><br> A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). UDP 137 is used for browsing, logon sequence, pass-thru validations, printing support, trust support, WinNT Secure Channel, and WINS registration.<br>Security Concerns: Key target in auth & DOS attacks. Block at all perimeters; NIC-filter on public-exposed MS hosts., netbios-ns<br><br>netbios name service<br>
netbios-dgm 138/tcp # NETBIOS Datagram Service<BR><br> A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). UDP 137 is used for browsing, directory replication, logon sequence, netlogon, pass-thru validation, printing support, trusts, and WinNT Secure Channel.<BR> Security Concerns: Key target in auth & DOS attacks. Block at all perimeters; NIC-filter on public-exposed MS hosts.
netbios-dgm 138/udp # NETBIOS Datagram Service<BR><br> A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). UDP 137 is used for browsing, directory replication, logon sequence, netlogon, pass-thru validation, printing support, trusts, and WinNT Secure Channel.<BR> Security Concerns: Key target in auth & DOS attacks. Block at all perimeters; NIC-filter on public-exposed MS hosts.
netbios-ssn/netbios-ssn 139/tcp # <br> A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). TCP 139 is used for directory replication, event viewer, file sharing, logon sequence, pass-thru validation, performance monitoring, printing, registry editor, server manager, trusts, user manager, WinNT Diagnostics, and WinNT Secure Channel.<br>Security Concerns: Key target in auth & DOS attacks, plus sniffer capture of sensitive data transfers. Block at all perimeters; NIC-filter on public-exposed MS hosts., netbios-ssn<br><br>netbios session service<br>
netbios-ssn 139/udp # netbios-ssn<br><br>netbios session service<br>
emfis-data 140/tcp # EMFIS Data Service<BR>
emfis-data 140/udp # EMFIS Data Service<BR>
emfis-cntl 141/tcp # EMFIS Control Service<BR>
emfis-cntl 141/udp # EMFIS Control Service<BR>
bl-idm 142/tcp # Britton-Lee IDM<BR>
bl-idm 142/udp # Britton-Lee IDM<BR>
imap2 143/tcp # Internet Message Access Protocol v2<BR><br> Widely used client email protocol. Used by mail clients to collect mail off server. A superset of POP3, with enhancements. <BR> Security Concerns: <BR> - Re-usable cleartext password <BR> - No auditing of connections/attempts, thus subject to grinding <BR> - Some IMAP server versions have buffer overflow problems <BR> <br> CERT Advisories: CA-98.09, CA-97.09. <BR> <br> IMAP v3 uses port 220. <BR>
imap2/imap 143/udp # Internet Message Access Protocol v2<BR><br> Widely used client email protocol. Used by mail clients to collect mail off server. A superset of POP3, with enhancements. <BR> Security Concerns: <BR> - Re-usable cleartext password <BR> - No auditing of connections/attempts, thus subject to grinding <BR> - Some IMAP server versions have buffer overflow problems <BR> <br> CERT Advisories: CA-98.09, CA-97.09. <BR> <br> IMAP v3 uses port 220. <BR> , imap<br><br>internet message access protocol, internet message access proto, interim mail access protocol v2<br>
news/uma 144/tcp # NeWS<BR><br> Obsolete windowing system; has known vulnerabilities. Should be no reason to be enabled on any host or network perimeter. <BR> , Universal Management Architecture<BR>
news/uma 144/udp # NeWS<BR><br> Obsolete windowing system; has known vulnerabilities. Should be no reason to be enabled on any host or network perimeter. <BR> , Universal Management Architecture<BR>
uaac 145/tcp # UAAC Protocol<BR>
uaac 145/udp # UAAC Protocol<BR>
iso-tp0 146/tcp # ISO-IP0<BR>
iso-tp0 146/udp # ISO-IP0<BR>
iso-ip 147/tcp # ISO-IP<BR>
iso-ip 147/udp # ISO-IP<BR>
cronus/jargon 148/tcp # CRONUS-SUPPORT<BR>, Jargon<BR>
cronus/jargon 148/udp # CRONUS-SUPPORT<BR>, Jargon<BR>
aed-512 149/tcp # AED 512 Emulation Service<BR>
aed-512 149/udp # AED 512 Emulation Service<BR>
sql-net 150/tcp # SQL-NET<BR>
sql-net 150/udp # SQL-NET<BR>
hems 151/tcp # HEMS<BR>
hems 151/udp # HEMS<BR>
bftp 152/tcp # Background File Transfer Program<BR>
bftp/bftp 152/udp # Background File Transfer Program<BR>, bftp<br><br>background file transfer program<br>
sgmp 153/tcp # SGMP<BR>
sgmp 153/udp # SGMP<BR>
netsc-prod 154/tcp # NETSC<BR>
netsc-prod 154/udp # NETSC<BR>
netsc-dev 155/tcp # NETSC<BR>
netsc-dev 155/udp # NETSC<BR>
sqlsrv 156/tcp # SQL Service<BR>
sqlsrv 156/udp # SQL Service<BR>
knet-cmp 157/tcp # KNET/VM Command/Message Protocol<BR>
knet-cmp 157/udp # KNET/VM Command/Message Protocol<BR>
pcmail-srv 158/tcp # PCMail Server<BR>
pcmail-srv 158/udp # PCMail Server<BR>
nss-routing 159/tcp # NSS-Routing<BR>
nss-routing 159/udp # NSS-Routing<BR>
sgmp-traps 160/tcp # SGMP-Traps<BR>
sgmp-traps 160/udp # SGMP-Traps<BR>
/tcp #
snmp 161/udp # SNMP Agent<BR><br> Used to connect with and configure or request data from a running snmp agent on a network host. <BR> Security Concerns: Many! <BR> - Default community strings: "public" <BR> - Cleartext data exchanges (inluding auth with string) <BR> - Not hard to trick agent into revealing its string & manager IP <BR> - To access agent's data or reconfig it, only need string and source IP of snmp manager (then spoof manager) <BR> <br> Snmp v2 has better security, but is not incorporated into many products. <BR> <br> Snmp v3 is being fielded, thus will slowly take over. <BR>
/tcp #
snmptrap 162/udp # SNMPTrap<BR><br> Used for agent alerts to snmp manager. Data is cleartext and sniffable. Manager is susceptible to forged alert floods. <BR>
cmip-man 163/tcp # CMIP/TCP Manager<BR>
cmip-man/cmip-man 163/udp # CMIP/TCP Manager<BR>, cmip-man<br><br>cmip/tcp manager<br>
cmip-agent 164/tcp # CMIP/TCP Agent<BR>
cmip-agent/smip-agent 164/udp # CMIP/TCP Agent<BR>, smip-agent<br><br>cmip/tcp agent<br>
xns-courier 165/tcp # Xerox<BR>
xns-courier 165/udp # Xerox<BR>
s-net 166/tcp # Sirius Systems<BR>
s-net 166/udp # Sirius Systems<BR>
namp 167/tcp # NAMP<BR>
namp 167/udp # NAMP<BR>
rsvd 168/tcp # RSVD<BR>
rsvd 168/udp # RSVD<BR>
send 169/tcp # SEND<BR>
send 169/udp # SEND<BR>
print-srv 170/tcp # Network PostScript<BR>
print-srv 170/udp # Network PostScript<BR>
multiplex 171/tcp # Network Innovations Multiplex<BR>
multiplex 171/udp # Network Innovations Multiplex<BR>
cl/1 172/tcp # Network Innovations CL/1<BR>
cl/1 172/udp # Network Innovations CL/1<BR>
xyplex-mux 173/tcp # Xyplex<BR>
xyplex-mux 173/udp # Xyplex<BR>
mailq 174/tcp # MAILQ<BR>
mailq/mailq 174/udp # MAILQ<BR>, mailq<br><br>mailq<br>
vmnet 175/tcp # VMNET<BR>
vmnet 175/udp # VMNET<BR>
genrad-mux 176/tcp # GENRAD-MUX<BR>
genrad-mux 176/udp # GENRAD-MUX<BR>
xdmcp 177/tcp # X Display Manager Control (X11 Logon)<BR><br> Used by X-Display Manager for logins. Localhost's CDE needs xdmcp open, it accesses the xdmcp daemon via tcp connection call to itself. <BR> Security Concerns: Vulnerable to sniffing, spoofing, and session hijacking. If needed open to support localhost CDE, wrap it! <BR>
xdmcp/xdmcp 177/udp # X Display Manager Control (X11 Logon)<BR><br> Used by X-Display Manager for logins. Localhost's CDE needs xdmcp open, it accesses the xdmcp daemon via tcp connection call to itself. <BR> Security Concerns: Vulnerable to sniffing, spoofing, and session hijacking. If needed open to support localhost CDE, wrap it! <BR> , xdmcp<br><br>x display manager control protocol<br>
nextstep 178/tcp # NextStep Window Server<BR><br> Auth protocol used by the NEXTSTEP Windows Server, of which few remain in existence. It is unlikely to be required on the network and should be blocked. <BR>
nextstep/nextstep 178/udp # NextStep Window Server<BR><br> Auth protocol used by the NEXTSTEP Windows Server, of which few remain in existence. It is unlikely to be required on the network and should be blocked. <BR> , nextstep<br><br>nextstep window server, server<br>
bgp 179/tcp # Border Gateway Protocol<BR><br> One of the several route protocols in use. <BR>
bgp/bgp 179/udp # Border Gateway Protocol<BR><br> One of the several route protocols in use. <BR> , bgp<br><br>border gateway protocol<br>
ris 180/tcp # Intergraph<BR>
ris 180/udp # Intergraph<BR>
unify 181/tcp # Unify<BR>
unify 181/udp # Unify<BR>
audit 182/tcp # Unisys Audit SITP<BR>
audit 182/udp # Unisys Audit SITP<BR>
ocbinder 183/tcp # OCBinder<BR>
ocbinder 183/udp # OCBinder<BR>
ocserver 184/tcp # OCServer<BR>
ocserver 184/udp # OCServer<BR>
remote-kis 185/tcp # Remote-KIS<BR>
remote-kis 185/udp # Remote-KIS<BR>
kis 186/tcp # KIS Protocol<BR>
kis 186/udp # KIS Protocol<BR>
aci 187/tcp # Application Communication Interface<BR>
aci 187/udp # Application Communication Interface<BR>
mumps 188/tcp # Plus Five's MUMPS<BR>
mumps 188/udp # Plus Five's MUMPS<BR>
qft 189/tcp # Queued File Transport<BR>
qft 189/udp # Queued File Transport<BR>
gacp 190/tcp # Gateway Access Control Protocol<BR>
gacp 190/udp # Gateway Access Control Protocol<BR>
prospero 191/tcp # Prospero Directory Service<BR>
prospero/prospero 191/udp # Prospero Directory Service<BR>, prospero<br><br>prospero directory service<br>
osu-nms 192/tcp # OSU Network Monitoring System<BR>
osu-nms 192/udp # OSU Network Monitoring System<BR>
srmp 193/tcp # Spider Remote Monitoring Protocol<BR>
srmp 193/udp # Spider Remote Monitoring Protocol<BR>
irc 194/tcp # Internet Relay Chat Protocol<BR>
irc/irc 194/udp # Internet Relay Chat Protocol<BR>, irc<br><br>internet relay chat protocol<br>
dn6-nlm-aud 195/tcp # DNSIX Network Level Module Audit<BR>
dn6-nlm-aud 195/udp # DNSIX Network Level Module Audit<BR>
dn6-smm-red 196/tcp # DNSIX Session Mgt Module Audit Redir<BR>
dn6-smm-red 196/udp # DNSIX Session Mgt Module Audit Redir<BR>
dls 197/tcp # Directory Location Service<BR>
dls 197/udp # Directory Location Service<BR>
dls-mon 198/tcp # Directory Location Service Monitor<BR>
dls-mon 198/udp # Directory Location Service Monitor<BR>
smux 199/tcp # SMUX (SNMP Unix Multiplexer)<BR>
smux/smux 199/udp # SMUX (SNMP Unix Multiplexer)<BR>, smux<br><br>smux<br>
src 200/tcp # IBM System Resource Controller<BR>
src 200/udp # IBM System Resource Controller<BR>
at-rtmp 201/tcp # AppleTalk Routing Maintenance<BR>
at-rtmp/at-rtmp 201/udp # AppleTalk Routing Maintenance<BR>, at-rtmp<br><br>appletalk routing maintenance<br>
at-nbp 202/tcp # AppleTalk Name Binding<BR>
at-nbp 202/udp # AppleTalk Name Binding<BR>
at-3 203/tcp # AppleTalk Unused<BR>
at-3 203/udp # AppleTalk Unused<BR>
at-echo 204/tcp # AppleTalk Echo<BR>
at-echo 204/udp # AppleTalk Echo<BR>
at-5 205/tcp # AppleTalk Unused<BR>
at-5 205/udp # AppleTalk Unused<BR>
at-zis 206/tcp # AppleTalk Zone Info<BR>
at-zis 206/udp # AppleTalk Zone Info<BR>
at-7 207/tcp # AppleTalk Unused<BR>
at-7 207/udp # AppleTalk Unused<BR>
at-8 208/tcp # AppleTalk Unused<BR>
at-8 208/udp # AppleTalk Unused<BR>
qmtp 209/tcp # Quick Mail Transfer Protocol<BR>
qmtp 209/udp # Quick Mail Transfer Protocol<BR>
wais/z39.50 210/tcp # Wide Area Info Service (WAIS)<BR><br> Old, once popular as a database indexing and search tool. Being replaced by web structures and web-based search engines. <BR> Security Concerns: <BR> - Access control was only source IP based, thus vulnerable to spoofing <BR> - Would allow unchecked files to be retrieved and run, opening dangers to malicious code being downloaded to client <BR> , ANSI Z39.50<BR>
z39.50/z39.50 210/udp # ANSI Z39.50<BR>, z39.50<br><br>wais, ansi z39.50, ansi z39.50<br>
914c/g 211/tcp # Texas Instruments 914C/G-Terminal<BR>
914c/g 211/udp # Texas Instruments 914C/G-Terminal<BR>
anet 212/tcp # ATEXSSTR<BR>
anet 212/udp # ATEXSSTR<BR>
ipx 213/tcp # IPX<BR>
ipx 213/udp # IPX<BR>
vmpwscs 214/tcp # VM PWSCS<BR>
vmpwscs 214/udp # VM PWSCS<BR>
softpc 215/tcp # Insignia Solutions<BR>
softpc 215/udp # Insignia Solutions<BR>
CAIlic 216/tcp # Computer Associates Int'l License Server<BR>
CAIlic 216/udp # Computer Associates Int'l License Server<BR>
dbase 217/tcp # dBASE Unix<BR>
dbase 217/udp # dBASE Unix<BR>
mpp 218/tcp # Netix Message Posting Protocol<BR>
mpp 218/udp # Netix Message Posting Protocol<BR>
uarps 219/tcp # Unisys ARPs<BR>
uarps 219/udp # Unisys ARPs<BR>
imap3 220/tcp # Interactive Mail Access Protocol v3<BR>
imap3/imap3 220/udp # Interactive Mail Access Protocol v3<BR>, imap3<br><br>protocol v3, interactive mail access protocol v3<br>
fln-spx 221/tcp # Berkeley rlogind with SPX auth<BR>
fln-spx 221/udp # Berkeley rlogind with SPX auth<BR>
rsh-spx 222/tcp # Berkeley rshd with SPX auth<BR>
rsh-spx 222/udp # Berkeley rshd with SPX auth<BR>
cdc 223/tcp # Certificate Distribution Center<BR>
cdc 223/udp # Certificate Distribution Center<BR>
masqdialer 224/tcp # Masqdialer<BR>
masqdialer 224/udp # Masqdialer<BR>
#direct/direct 242/tcp # Now Unassigned (Was "Direct")<BR>, direct<br><br>direct<br>
#direct/direct 242/udp # Now Unassigned (Was "Direct")<BR>, direct<br><br>direct<br>
sur-meas 243/tcp # Survey Measurement<BR>
sur-meas 243/udp # Survey Measurement<BR>
#dayna/inbusiness 244/tcp # Now Unassigned (Was "Dayna")<BR>, InBusiness<BR>
#dayna/inbusiness 244/udp # Now Unassigned (Was "Dayna")<BR>, InBusiness<BR>
link 245/tcp # LINK<BR>
link 245/udp # LINK<BR>
dsp3270 246/tcp # Display Systems Protocol<BR>
dsp3270 246/udp # Display Systems Protocol<BR>
subntbcst_tftp 247/tcp # SUBNTBCST_TFTP<BR>
subntbcst_tftp 247/udp # SUBNTBCST_TFTP<BR>
bhfhs 248/tcp # bhfhs<BR>
bhfhs 248/udp # bhfhs<BR>
fw1-mgmt/rap 256/tcp # Firewall-1 Mgmt Console (CheckPoint)<BR><br> FW-1's Mgmt Console port. Functions include: <BR> - CA/DH key exchange for FWZ & SKIP VPN crypto schemes <BR> - SecuRemote connection to pull net topology & crypto keys (v40, changed to tcp 254 in v4.1). <BR> - Mgmt Console connection to managed firewalls & policies <BR> - Fail-over FW-1 heartbeat cks (pkt tx every 50ms) <BR> <br> FW-1 Ports: tcp 256, tcp/udp 259, udp 500, tcp 900 <BR> , RAP<BR>
rap 256/udp # RAP<BR>
set 257/tcp # Secure Electronic Transaction<BR>
set 257/udp # Secure Electronic Transaction<BR>
yak-chat 258/tcp # Yak Winsock Personal Chat<BR>
yak-chat 258/udp # Yak Winsock Personal Chat<BR>
fw1-auth/esro-gen 259/tcp # Firewall-1 Auth (CheckPoint)<BR><br> FW-1's user & client auth port. Remote clients telnet to this on perimeter firewall and auth to access internal resources (encryption an option). Services via this telnet include internal FTP, HTTP/HTTPS servers, plus relay to other internal hosts via add'l telnets/rlogins. <BR> <br> FW-1 Ports: tcp 256, tcp/udp 259, udp 500, tcp 900 <BR> , Efficient Short Remote Operations<BR>
fw1-rpc/esro-gen 259/udp # Firewall-1 RDP (CheckPoint)<BR><br> FW-1's Reliable Datagram Protocol, used by FW-1's to agree on VPN crypto parameters. RDP provides out-of-band sessions, plus: <BR> - Negotiation of session keys <BR> - Agreement on session crypto algorithm (DES or FWZ-1) <BR> - Decision on if MD5 data integrity will be used <BR> - Ensures dropped UDP pkts are retransmitted <BR> <br> FW-1 Ports: tcp 256, tcp/udp 259, udp 500, tcp 900 <BR> , Efficient Short Remote Operations<BR>
openport 260/tcp # Openport<BR>
openport 260/udp # Openport<BR>
nsiiops 261/tcp # IIOP Name Service over TLS/SSL<BR>
nsiiops 261/udp # IIOP Name Service over TLS/SSL<BR>
arcisdms 262/tcp # Arcisdms<BR>
arcisdms 262/udp # Arcisdms<BR>
hdap 263/tcp # HDAP<BR>
hdap 263/udp # HDAP<BR>
bgmp 264/tcp # BGMP<BR>
bgmp 264/udp # BGMP<BR>
x-bone-ctl 265/tcp # X-Bone CTL<BR>
x-bone-ctl 265/udp # X-Bone CTL<BR>
http-mgmt 280/tcp # http-mgmt<BR>
http-mgmt 280/udp # http-mgmt<BR>
personal-link 281/tcp # Personal Link<BR>
personal-link 281/udp # Personal Link<BR>
cableport-ax 282/tcp # Cable Port A/X<BR>
cableport-ax 282/udp # Cable Port A/X<BR>
rescap 283/tcp # rescap<BR>
rescap 283/udp # rescap<BR>
corerjd 284/tcp # corerjd<BR>
corerjd 284/udp # corerjd<BR>
novastorbakcup 308/tcp # Novastor Backup<BR>
novastorbakcup 308/udp # Novastor Backup<BR>
entrusttime 309/tcp # EntrustTime<BR>
entrusttime 309/udp # EntrustTime<BR>
bhmds 310/tcp # bhmds<BR>
bhmds 310/udp # bhmds<BR>
asip-webadmin 311/tcp # AppleShare IP WebAdmin<BR>
asip-webadmin 311/udp # AppleShare IP WebAdmin<BR>
vslmp 312/tcp # VSLMP<BR>
vslmp 312/udp # VSLMP<BR>
magenta-logic 313/tcp # Magenta Logic<BR>
magenta-logic 313/udp # Magenta Logic<BR>
opalis-robot 314/tcp # Opalis Robot<BR>
opalis-robot 314/udp # Opalis Robot<BR>
dpsi 315/tcp # DPSI<BR>
dpsi 315/udp # DPSI<BR>
decauth 316/tcp # decAuth<BR>
decauth 316/udp # decAuth<BR>
zannet 317/tcp # Zannet<BR>
zannet 317/udp # Zannet<BR>
pkix-timestamp 318/tcp # PKIX TimeStamp<BR>
pkix-timestamp 318/udp # PKIX TimeStamp<BR>
ptp-event 319/tcp # PTP Event<BR>
ptp-event 319/udp # PTP Event<BR>
ptp-general 320/tcp # PTP General<BR>
ptp-general 320/udp # PTP General<BR>
pip 321/tcp # PIP<BR>
pip 321/udp # PIP<BR>
rtsps 322/tcp # RTSPS<BR>
rtsps 322/udp # RTSPS<BR>
texar 333/tcp # Texar Security Port<BR>
texar 333/udp # Texar Security Port<BR>
pdap 344/tcp # Prospero Data Access Protocol<BR>
pdap 344/udp # Prospero Data Access Protocol<BR>
pawserv 345/tcp # Perf Analysis Workbench<BR>
pawserv 345/udp # Perf Analysis Workbench<BR>
zserv 346/tcp # Zebra server<BR>
zserv 346/udp # Zebra server<BR>
fatserv 347/tcp # Fatmen Server<BR>
fatserv 347/udp # Fatmen Server<BR>
csi-sgwp 348/tcp # Cabletron Management Protocol<BR>
csi-sgwp 348/udp # Cabletron Management Protocol<BR>
mftp 349/tcp # mftp<BR>
mftp 349/udp # mftp<BR>
matip-type-a 350/tcp # MATIP Type A<BR>
matip-type-a 350/udp # MATIP Type A<BR>
matip-type-b/bhoetty 351/tcp # MATIP Type B<BR>, bhoetty<BR>
matip-type-b/bhoetty/matip-type-b 351/udp # MATIP Type B<BR>, bhoetty<BR>, matip-type-b<br><br>unassigned but widespread use, matip type b or bhoetty, bhoetty, matip type b<br>
bhoedap4/dtag-ste-sb 352/tcp # bhoedap4<BR>, DTAG<BR>
bhoedap4/dtag-ste-sb/dtag-ste-sb 352/udp # bhoedap4<BR>, DTAG<BR>, dtag-ste-sb<br><br>dtag, unassigned but widespread use, dtag, or bhoedap4, bhoedap4<br>
ndsauth 353/tcp # NDSAUTH<BR>
ndsauth 353/udp # NDSAUTH<BR>
bh611 354/tcp # bh611<BR>
bh611 354/udp # bh611<BR>
date-asn/datex-asn 355/tcp # DATEX-ASN<BR>, datex-asn<br><br>datex-asn<br>
date-asn/datex-asn 355/udp # DATEX-ASN<BR>, datex-asn<br><br>datex-asn<br>
cloanto-net-1 356/tcp # Cloanto Net 1<BR>
cloanto-net-1 356/udp # Cloanto Net 1<BR>
bhevent 357/tcp # bhevent<BR>
bhevent 357/udp # bhevent<BR>
shrinkwrap 358/tcp # Shrinkwrap<BR>
shrinkwrap 358/udp # Shrinkwrap<BR>
tenebris_nts 359/tcp # Tenebris Network Trace Service<BR>
tenebris_nts 359/udp # Tenebris Network Trace Service<BR>
scoi2odialog 360/tcp # scoi2odialog<BR>
scoi2odialog 360/udp # scoi2odialog<BR>
semantix 361/tcp # Semantix<BR>
semantix 361/udp # Semantix<BR>
srssend 362/tcp # SRS Send<BR>
srssend 362/udp # SRS Send<BR>
rsvp_tunnel 363/tcp # RSVP Tunnel<BR>
rsvp_tunnel 363/udp # RSVP Tunnel<BR>
aurora-cmgr 364/tcp # Aurora CMGR<BR>
aurora-cmgr 364/udp # Aurora CMGR<BR>
dtk 365/tcp # Deception Tool Kit<BR><br> Deception Tool Kit (DTK), a honeypot kit available at http://all.net/dtk/. On this port DTK advertises itself as a honeypot. Concept is that it will be spotted in scans and attackers will realize the net has defenses and move on. To attackers "not in the know
dtk 365/udp # Deception Tool Kit<BR><br> Deception Tool Kit (DTK), a honeypot kit available at http://all.net/dtk/. On this port DTK advertises itself as a honeypot. Concept is that it will be spotted in scans and attackers will realize the net has defenses and move on. To attackers "not in the know
odmr 366/tcp # ODMR<BR>
odmr 366/udp # ODMR<BR>
mortgageware 367/tcp # MortgageWare<BR>
mortgageware 367/udp # MortgageWare<BR>
qbikgdp 368/tcp # QbikGDP<BR>
qbikgdp 368/udp # QbikGDP<BR>
rpc2portmap 369/tcp # rpc2portmap<BR>
rpc2portmap 369/udp # rpc2portmap<BR>
codaauth2 370/tcp # codaauth2<BR>
codaauth2/backweb 370/udp # codaauth2<BR>, BackWeb<BR><br> UDP service similar to PointCast's TCP service. <BR>
clearcase 371/tcp # Clearcase<BR>
clearcase 371/udp # Clearcase<BR>
ulistproc 372/tcp # Unix Listserv<BR>
ulistproc 372/udp # Unix Listserv<BR>
legent-1 373/tcp # Legent Corporation<BR>
legent-1 373/udp # Legent Corporation<BR>
legent-2 374/tcp # Legent Corporation<BR>
legent-2 374/udp # Legent Corporation<BR>
hassle 375/tcp # Hassle<BR>
hassle 375/udp # Hassle<BR>
nip 376/tcp # Amiga Envoy Network Inquiry Proto<BR>
nip 376/udp # Amiga Envoy Network Inquiry Proto<BR>
tnETOS 377/tcp # NEC Corporation<BR>
tnETOS 377/udp # NEC Corporation<BR>
dsETOS 378/tcp # NEC Corporation<BR>
dsETOS 378/udp # NEC Corporation<BR>
is99c 379/tcp # TIA/EIA/IS-99 modem client<BR>
is99c 379/udp # TIA/EIA/IS-99 modem client<BR>
is99s 380/tcp # TIA/EIA/IS-99 modem server<BR>
is99s 380/udp # TIA/EIA/IS-99 modem server<BR>
hp-collector 381/tcp # HP Performance Data Collector<BR>
hp-collector 381/udp # HP Performance Data Collector<BR>
hp-managed-node 382/tcp # HP Performance Data Managed Node<BR><br> Host port for centralized performance monitor access. <BR>
hp-managed-node 382/udp # HP Performance Data Managed Node<BR><br> Host port for centralized performance monitor access. <BR>
hp-alarm-mgr 383/tcp # HP Performance Data Alarm Manager<BR>
hp-alarm-mgr 383/udp # HP Performance Data Alarm Manager<BR>
arns 384/tcp # A Remote Network Server System<BR>
arns 384/udp # A Remote Network Server System<BR>
ibm-app 385/tcp # IBM Application<BR>
ibm-app 385/udp # IBM Application<BR>
asa 386/tcp # ASA Message Router Object Def.<BR>
asa 386/udp # ASA Message Router Object Def.<BR>
aurp 387/tcp # Appletalk Update-Based Routing Pro.<BR>
aurp 387/udp # Appletalk Update-Based Routing Pro.<BR>
unidata-ldm 388/tcp # Unidata LDM Version 4<BR>
unidata-ldm 388/udp # Unidata LDM Version 4<BR>
ldap 389/tcp # Lightweight Directory Access Protocol<BR><br> LDAP server's port, an adaptation of x.500 dir std. Through it, LDAP clients access central dir to retrieve, add, and modify info. Examples: <BR> - Database for PKI systems <BR> - Address book for mail & personnel progs <BR> - Internet Directory Service that tracks users of collaborative apps (chat, video, audio, etc.). Would track who is on-line, their IP, and data about user.<br> Used by Win2000 Active Directory<br> SSL version at TCP 636<BR> Security Concerns: Valuable source of user info used in attacks; excellent target for DOS attack. <BR>
ldap 389/udp # Lightweight Directory Access Protocol<BR><br> LDAP server's port, an adaptation of x.500 dir std. Through it, LDAP clients access central dir to retrieve, add, and modify info. Examples: <BR> - Database for PKI systems <BR> - Address book for mail & personnel progs <BR> - Internet Directory Service that tracks users of collaborative apps (chat, video, audio, etc.). Would track who is on-line, their IP, and data about user.<br> Used by Win2000 Active Directory<br> SSL version at TCP 636<BR> Security Concerns: Valuable source of user info used in attacks; excellent target for DOS attack. <BR>
uis 390/tcp # UIS<BR>
uis 390/udp # UIS<BR>
synotics-relay 391/tcp # SynOptics SNMP Relay Port<BR>
synotics-relay 391/udp # SynOptics SNMP Relay Port<BR>
synotics-broker 392/tcp # SynOptics Port Broker Port<BR>
synotics-broker 392/udp # SynOptics Port Broker Port<BR>
dis 393/tcp # Data Interpretation System<BR>
dis 393/udp # Data Interpretation System<BR>
embl-ndt 394/tcp # EMBL Nucleic Data Transfer<BR>
embl-ndt 394/udp # EMBL Nucleic Data Transfer<BR>
netcp 395/tcp # NETscout Control Protocol<BR>
netcp 395/udp # NETscout Control Protocol<BR>
netware-ip 396/tcp # Novell Netware over IP<BR>
netware-ip 396/udp # Novell Netware over IP<BR>
mptn 397/tcp # Multi Protocol Trans. Net.<BR>
mptn 397/udp # Multi Protocol Trans. Net.<BR>
kryptolan 398/tcp # Kryptolan<BR>
kryptolan 398/udp # Kryptolan<BR>
iso-tsap-c2 399/tcp # ISO Transport Class-2 Non-Ctrl over TCP<BR>
iso-tsap-c2 399/udp # ISO Transport Class-2 Non-Ctrl over TCP<BR>
work-sol 400/tcp # Workstation Solutions<BR>
work-sol 400/udp # Workstation Solutions<BR>
ups 401/tcp # Uninterruptible Power Supply<BR>
ups 401/udp # Uninterruptible Power Supply<BR>
genie 402/tcp # Genie Protocol<BR>
genie 402/udp # Genie Protocol<BR>
decap 403/tcp # decap<BR>
decap 403/udp # decap<BR>
nced 404/tcp # nced<BR>
nced 404/udp # nced<BR>
ncld 405/tcp # ncld<BR>
ncld 405/udp # ncld<BR>
imsp 406/tcp # Interactive Mail Support Protocol<BR>
imsp 406/udp # Interactive Mail Support Protocol<BR>
timbuktu 407/tcp # Timbuktu<BR>
timbuktu 407/udp # Timbuktu<BR>
prm-sm 408/tcp # Prospero Resource Manager - Sys. Mgr<BR>
prm-sm 408/udp # Prospero Resource Manager - Sys. Mgr<BR>
prm-nm 409/tcp # Prospero Resource Manager - Node Mgr<BR>
prm-nm 409/udp # Prospero Resource Manager - Node Mgr<BR>
decladebug 410/tcp # DECLadebug Remote Debug Protocol<BR>
decladebug 410/udp # DECLadebug Remote Debug Protocol<BR>
rmt 411/tcp # Remote MT Protocol<BR>
rmt 411/udp # Remote MT Protocol<BR>
synoptics-trap 412/tcp # Trap Convention Port<BR>
synoptics-trap 412/udp # Trap Convention Port<BR>
smsp 413/tcp # SMSP<BR>
smsp 413/udp # SMSP<BR>
infoseek 414/tcp # InfoSeek<BR>
infoseek 414/udp # InfoSeek<BR>
bnet 415/tcp # BNet<BR>
bnet 415/udp # BNet<BR>
silverplatter 416/tcp # SilverPlatter<BR>
silverplatter 416/udp # SilverPlatter<BR>
onmux 417/tcp # Onmux<BR>
onmux 417/udp # Onmux<BR>
hyper-g 418/tcp # Hyper-G<BR>
hyper-g 418/udp # Hyper-G<BR>
ariel1 419/tcp # Ariel<BR>
ariel1 419/udp # Ariel<BR>
smpte 420/tcp # SMPTE<BR>
smpte 420/udp # SMPTE<BR>
wrapper-backdoor/ariel2 421/tcp # Intruder Backdoor vis TCP Wrappers<BR><br> Primary web site for TCP Wrapper distro was compromised in Jan 99 and wrapper software was trojanized. Was caught almost immediately, but some downloads occurred. Installing it open a backdoor on tcp port 421. Hosts with open tcp port 421 and wrappers should be investigated. <BR> , Ariel<BR>
ariel2 421/udp # Ariel<BR>
ariel3 422/tcp # Ariel<BR>
ariel3 422/udp # Ariel<BR>
opc-job-start 423/tcp # IBM Operations Planning and Control Start<BR>
opc-job-start 423/udp # IBM Operations Planning and Control Start<BR>
opc-job-track 424/tcp # IBM Operations Planning and Control Track<BR>
opc-job-track 424/udp # IBM Operations Planning and Control Track<BR>
icad-el 425/tcp # ICAD<BR>
icad-el 425/udp # ICAD<BR>
smartsdp 426/tcp # smartsdp<BR>
smartsdp 426/udp # smartsdp<BR>
svrloc 427/tcp # Server Location<BR><br> Open on Win95 hosts (only open default port). Useful for finding Win95 hosts. No know "direct attack" vulnerabilities. <BR>
svrloc 427/udp # Server Location<BR><br> Open on Win95 hosts (only open default port). Useful for finding Win95 hosts. No know "direct attack" vulnerabilities. <BR>
ocs_cmu 428/tcp # OCS_CMU<BR>
ocs_cmu 428/udp # OCS_CMU<BR>
ocs_amu 429/tcp # OCS_AMU<BR>
ocs_amu 429/udp # OCS_AMU<BR>
utmpsd 430/tcp # UTMPSD<BR>
utmpsd 430/udp # UTMPSD<BR>
utmpcd 431/tcp # UTMPCD<BR>
utmpcd 431/udp # UTMPCD<BR>
iasd 432/tcp # IASD<BR>
iasd 432/udp # IASD<BR>
nnsp 433/tcp # NNSP<BR>
nnsp/nnsp 433/udp # NNSP<BR>, nnsp<br><br>nnsp<br>
mobileip-agent 434/tcp # MobileIP-Agent<BR>
mobileip-agent 434/udp # MobileIP-Agent<BR>
mobilip-mn 435/tcp # MobilIP-MN<BR>
mobilip-mn 435/udp # MobilIP-MN<BR>
dna-cml 436/tcp # DNA-CML<BR>
dna-cml 436/udp # DNA-CML<BR>
comscm 437/tcp # comscm<BR>
comscm 437/udp # comscm<BR>
dsfgw 438/tcp # dsfgw<BR>
dsfgw 438/udp # dsfgw<BR>
dasp 439/tcp # dasp<BR>
dasp/dasp 439/udp # dasp<BR>, dasp<br><br>dasp tommy@inlab.m.eunet.de<br>
sgcp 440/tcp # sgcp<BR>
sgcp 440/udp # sgcp<BR>
decvms-sysmgt 441/tcp # decvms-sysmgt<BR>
decvms-sysmgt 441/udp # decvms-sysmgt<BR>
cvc_hostd 442/tcp # cvc_hostd<BR>
cvc_hostd 442/udp # cvc_hostd<BR>
https 443/tcp # HTTP over TLS/SSL
https 443/udp # https<br><br>http protocol over tls/ssl<br>
snpp 444/tcp # Simple Network Paging Protocol<BR>
snpp 444/udp # Simple Network Paging Protocol<BR>
microsoft-ds 445/tcp # Microsoft Direct Host<BR>
microsoft-ds 445/udp # Microsoft Direct Host<BR>
ddm-rdb 446/tcp # DDM-RDB<BR>
ddm-rdb 446/udp # DDM-RDB<BR>
ddm-dfm 447/tcp # DDM-RFM<BR>
ddm-dfm 447/udp # DDM-RFM<BR>
ddm-ssl 448/tcp # DDM-SSL<BR><br> Also known as "ddm-byte" <BR>
ddm-ssl 448/udp # DDM-SSL<BR><br> Also known as "ddm-byte" <BR>
as-servermap 449/tcp # AS Server Mapper<BR>
as-servermap 449/udp # AS Server Mapper<BR>
tserver 450/tcp # TServer<BR>
tserver 450/udp # TServer<BR>
sfs-smp-net 451/tcp # Cray Network Semaphore server<BR>
sfs-smp-net 451/udp # Cray Network Semaphore server<BR>
sfs-config 452/tcp # Cray SFS config server<BR>
sfs-config 452/udp # Cray SFS config server<BR>
creativeserver 453/tcp # CreativeServer<BR>
creativeserver 453/udp # CreativeServer<BR>
contentserver 454/tcp # ContentServer<BR>
contentserver 454/udp # ContentServer<BR>
creativepartnr 455/tcp # CreativePartnr<BR>
creativepartnr 455/udp # CreativePartnr<BR>
macon-tcp 456/tcp # macon-tcp<BR>
macon-udp 456/udp # macon-udp<BR>
scohelp 457/tcp # scohelp<BR>
scohelp 457/udp # scohelp<BR>
appleqtc 458/tcp # apple quick time<BR>
appleqtc 458/udp # apple quick time<BR>
ampr-rcmd 459/tcp # ampr-rcmd<BR>
ampr-rcmd 459/udp # ampr-rcmd<BR>
skronk 460/tcp # skronk<BR>
skronk 460/udp # skronk<BR>
datasurfsrv 461/tcp # DataRampSrv<BR>
datasurfsrv 461/udp # DataRampSrv<BR>
datasurfsrvsec 462/tcp # DataRampSrvSec<BR>
datasurfsrvsec 462/udp # DataRampSrvSec<BR>
alpes 463/tcp # alpes<BR>
alpes 463/udp # alpes<BR>
kpasswd 464/tcp # kpasswd<BR>
kpasswd 464/udp # kpasswd<BR>
smtps 465/tcp # SMTP over TLS/SSL (was ssmtp)<BR>
smtps 465/udp # SMTP over TLS/SSL (was ssmtp)<BR>
digital-vrc 466/tcp # digital-vrc<BR>
digital-vrc 466/udp # digital-vrc<BR>
mylex-mapd 467/tcp # mylex-mapd<BR>
mylex-mapd 467/udp # mylex-mapd<BR>
photuris 468/tcp # proturis<BR>
photuris/photuris 468/udp # proturis<BR>, photuris<br><br>proturis<br>
rcp 469/tcp # Radio Control Protocol<BR>
rcp 469/udp # Radio Control Protocol<BR>
scx-proxy 470/tcp # scx-proxy<BR>
scx-proxy 470/udp # scx-proxy<BR>
mondex 471/tcp # Mondex<BR>
mondex 471/udp # Mondex<BR>
ljk-login 472/tcp # ljk-login<BR>
ljk-login 472/udp # ljk-login<BR>
hybrid-pop 473/tcp # hybrid-pop<BR>
hybrid-pop 473/udp # hybrid-pop<BR>
tn-tl-w1 474/tcp # tn-tl-w1<BR>
tn-tl-w1/tn-tl-w2 474/udp # tn-tl-w1<BR>, tn-tl-w2<br><br>tn-tl-w2<br>
tcpnethaspsrv 475/tcp # tcpnethaspsrv<BR>
tcpnethaspsrv 475/udp # tcpnethaspsrv<BR>
tn-tl-fd1 476/tcp # tn-tl-fd1<BR>
tn-tl-fd1 476/udp # tn-tl-fd1<BR>
ss7ns 477/tcp # ss7ns<BR>
ss7ns 477/udp # ss7ns<BR>
spsc 478/tcp # spsc<BR>
spsc 478/udp # spsc<BR>
iafserver 479/tcp # iafserver<BR>
iafserver 479/udp # iafserver<BR>
iafdbase 480/tcp # iafdbase<BR>
iafdbase 480/udp # iafdbase<BR>
ph 481/tcp # Ph service<BR>
ph 481/udp # Ph service<BR>
bgs-nsi 482/tcp # bgs-nsi<BR>
bgs-nsi 482/udp # bgs-nsi<BR>
ulpnet 483/tcp # ulpnet<BR>
ulpnet 483/udp # ulpnet<BR>
integra-sme 484/tcp # Integra Software Mgmt Environment<BR>
integra-sme 484/udp # Integra Software Mgmt Environment<BR>
powerburst 485/tcp # Air Soft Power Burst<BR>
powerburst 485/udp # Air Soft Power Burst<BR>
avian 486/tcp # avian<BR>
avian 486/udp # avian<BR>
saft 487/tcp # saft<BR>
saft 487/udp # saft<BR>
gss-http 488/tcp # gss-http<BR>
gss-http 488/udp # gss-http<BR>
nest-protocol 489/tcp # nest-protocol<BR>
nest-protocol 489/udp # nest-protocol<BR>
micom-pfs 490/tcp # micom-pfs<BR>
micom-pfs 490/udp # micom-pfs<BR>
go-login 491/tcp # go-login<BR>
go-login 491/udp # go-login<BR>
ticf-1 492/tcp # Transport Independent Convergence, FNA<BR>
ticf-1 492/udp # Transport Independent Convergence, FNA<BR>
ticf-2 493/tcp # Transport Independent Convergence, FNA<BR>
ticf-2 493/udp # Transport Independent Convergence, FNA<BR>
pov-ray 494/tcp # POV-Ray<BR>
pov-ray 494/udp # POV-Ray<BR>
intecourier 495/tcp # intecourier<BR>
intecourier 495/udp # intecourier<BR>
pim-rp-disc 496/tcp # PIM-RP-DISC<BR>
pim-rp-disc 496/udp # PIM-RP-DISC<BR>
dantz 497/tcp # dantz<BR>
dantz 497/udp # dantz<BR>
siam 498/tcp # siam<BR>
siam 498/udp # siam<BR>
iso-ill 499/tcp # ISO ILL Protocol<BR>
iso-ill 499/udp # ISO ILL Protocol<BR>
/tcp #
isakmp 500/udp # isakmp<BR><br> Used in FW-1 VPN for key exchange & synch when using ISAKMP or IPSEC crypto between FW-1's. <BR> <br> FW-1 Ports: tcp 256, tcp/udp 259, udp 500, tcp 900 <BR>
stmf 501/tcp # STMF<BR>
stmf 501/udp # STMF<BR>
asa-appl-proto 502/tcp # ASA Application Protocol<BR>
asa-appl-proto 502/udp # ASA Application Protocol<BR>
intrinsa 503/tcp # Intrinsa<BR>
intrinsa 503/udp # Intrinsa<BR>
citadel 504/tcp # citadel<BR>
citadel 504/udp # citadel<BR>
mailbox-lm 505/tcp # Mailbox License Manager<BR>
mailbox-lm 505/udp # Mailbox License Manager<BR>
ohimsrv 506/tcp # ohimsrv<BR>
ohimsrv 506/udp # ohimsrv<BR>
crs 507/tcp # crs<BR>
crs 507/udp # crs<BR>
xvttp 508/tcp # xvttp<BR>
xvttp 508/udp # xvttp<BR>
snare 509/tcp # snare<BR>
snare 509/udp # snare<BR>
fcp 510/tcp # FirstClass Protocol<BR>
fcp 510/udp # FirstClass Protocol<BR>
mynet/passgo 511/tcp # mynet-as<BR>, PassGo<BR>
mynet/passgo 511/udp # mynet-as<BR>, PassGo<BR>
nt-printer-client/exec 512/tcp # NT v4 Printer Client Source Ports<BR><br> NT v4 client uses random source port in 512-1023 range. Older NT v3x was limited to 721-731 port range, which restricted to ten the number of consecutive print jobs a client could initiate. <BR> , Remote Execution<BR><br> Allows remote execution of commands without logon. <BR> Security Concerns: <BR> - Susceptable to trust attacks <BR> - Usernames & passwords are cleartext and reusable <BR> - Returns "Login incorrect" on incorrect usernames; allows username guessing. <BR> - Returns "Password incorrect" on incorrect password for valid username; allows scripted dictionary grinding. <BR> <br> As with all BSD "r" commands, client uses a random source port below 1023; causes rule headaches. <BR>
biff/comsat 512/udp # Mail System Notify<BR><br> Email arrival notifier. Susceptable to notification flooding, where remote attacker causes DOS of user screen by flooding it with mail notices. <BR> 512 udp ComSat <BR> ComSat <BR> , comsat<br><br>biff the dog, used by mail system to notify users, comsat<br>
login 513/tcp # Remote Login<BR><br> Remote term service that operates via telnet process, but with automatic auth performed based on trust. If no trust, will prompt for username/password logon similar to telnet. <BR> Security Concerns: <BR> - Susceptable to trust attacks <BR> - Usernames & passwords are cleartext and reusable <BR> <br> As with all BSD "r" commands, client uses a random source port below 1023; causes rule headaches. <BR> <br> CERT Advisories: CA-97.06 <BR>
who 513/udp # Remote Logon Database Lookup<BR><br> Gathers active user info from local and net hosts. <BR> Security Concerns: <BR> - Excellent source of user info <BR> - Guides user-session attacks <BR> - Vul to being fed malicious data and crashing <BR> - Vul to buffer overflow allowing remote execution of arbitrary commands with root privilege <BR>
shell 514/tcp # Remote Shell<BR><br> Provides shell connections from remote hosts. <BR> Security Concerns: <BR> - Susceptable to trust attacks <BR> - Usernames & passwords are cleartext and reusable <BR> - Returns "Login incorrect" on incorrect usernames; allows username guessing. <BR> - Returns "Password incorrect" on incorrect password for valid username; allows scripted dictionary grinding. <BR> <br> As with all BSD "r" commands, client uses a random source port below 1023; causes rule headaches. <BR>
syslog 514/udp # Remote Syslog Writes<BR><br> Accepts syslog entries from remote hosts. Localhost syslog daemon processes and logs them, thus allowing for centralization of system logs onto a hardened loghost. <BR> Security Concerns: <BR> - Vul to malicious log flooding <BR> - Vul to injection of false, misleading entries to cover other activity <BR> <br> Newer Linux & Solaris v2.6+ will not accept syslog entries by default. Requires syslog.conf edit to enable. <BR> <br> CERT Advisories: CA-95.13 <BR>
printer 515/tcp # lp & lpr spooler<BR><br> Service port accepting remote print jobs. <BR> Security Concerns: <BR> - Susceptable to trust attacks <BR> - Usernames & passwords are cleartext and reusable <BR> - Vul to assortment of printer service attacks (version dependent) <BR> <br> As with all BSD "r" commands, client uses a random source port below 1023; causes rule headaches. <BR>
printer/printer 515/udp # lp & lpr spooler<BR><br> Service port accepting remote print jobs. <BR> Security Concerns: <BR> - Susceptable to trust attacks <BR> - Usernames & passwords are cleartext and reusable <BR> - Vul to assortment of printer service attacks (version dependent) <BR> <br> As with all BSD "r" commands, client uses a random source port below 1023; causes rule headaches. <BR> , printer<br><br>spooler, spooler (lpd)<br>
videotex 516/tcp # videotex<BR>
videotex 516/udp # videotex<BR>
/tcp #
talk 517/udp # Like tenex link, but remote<BR><br> Older talk program. Uses udp 517 to establish session and negotiate random-high tcp port for the data tx. <BR> Security Concerns: <BR> - Usernames & passwords are cleartext and reusable <BR> - Vul to buffer overflow <BR> <br> CERT Advisories: CA-97.04 <BR>
ntalk 518/tcp # ntalk<br><br>(talkd)<br>
ntalk/ntalk 518/udp # New Talk<BR><br> Similar to talk, but more advanced in memory use and ability to work between CPU types. Like talk, it uses udp port to establish session and negotiate a random-high tcp port for the data tx. <BR> Security Concerns: <BR> - Usernames & passwords are cleartext and reusable <BR> - Vul to buffer overflow <BR> , ntalk<br><br>(talkd)<br>
utime 519/tcp # unixtime<BR>
utime 519/udp # unixtime<BR>
efs 520/tcp # Extended file name server<BR>
router 520/udp # Route Info Protocol (RIP)<BR><br> Used between routing hosts to advertise route table. <BR> Security Concerns: <BR> - Vul to malicious route updates, which provides several attack possibilities: <BR> -- DOS network w/ bad updates <BR> -- Route traffic to you for exploit <BR> -- Route your attack pkts around network defenses <BR>
ripng 521/tcp # ripng<BR>
ripng/ripng 521/udp # ripng<BR>, ripng<br><br>ripng<br>
ulp 522/tcp # User Locator Service<BR><br> Used by collaborative apps to track/locate active users (eg: NetMeeting). <BR> Security Concerns: Provides valuable user info for user-level attacks. Do not allow across untrusted nets without encryption. <BR>
ulp 522/udp # User Locator Service<BR><br> Used by collaborative apps to track/locate active users (eg: NetMeeting). <BR> Security Concerns: Provides valuable user info for user-level attacks. Do not allow across untrusted nets without encryption. <BR>
ibm-db2 523/tcp # IBM-DB2<BR>
ibm-db2 523/udp # IBM-DB2<BR>
ncp 524/tcp # NCP<BR>
ncp 524/udp # NCP<BR>
timed 525/tcp # Time Server<BR>
timed 525/udp # Time Server<BR>
tempo 526/tcp # NewDate<BR>
tempo 526/udp # NewDate<BR>
stx 527/tcp # Stock IXChange<BR>
stx 527/udp # Stock IXChange<BR>
custix 528/tcp # Customer IXChange<BR>
custix 528/udp # Customer IXChange<BR>
irc-serv 529/tcp # IRC-SERV<BR>
irc-serv 529/udp # IRC-SERV<BR>
courier 530/tcp # rpc<BR>
courier/courier 530/udp # rpc<BR>, courier<br><br>rpc<br>
conference 531/tcp # Chat<BR>
conference 531/udp # Chat<BR>
netnews 532/tcp # ReadNews<BR>
netnews 532/udp # ReadNews<BR>
netwall 533/tcp # For emergency broadcasts<BR>
netwall/netwall 533/udp # For emergency broadcasts<BR>, netwall<br><br>-for emergency broadcasts, for emergency broadcasts<br>
mm-admin 534/tcp # MegaMedia Admin<BR>
mm-admin 534/udp # MegaMedia Admin<BR>
iiop 535/tcp # iiop<BR>
iiop 535/udp # iiop<BR>
opalis-rdv 536/tcp # opalis-rdv<BR>
opalis-rdv 536/udp # opalis-rdv<BR>
nmsp 537/tcp # Networked Media Streaming Protocol<BR>
nmsp 537/udp # Networked Media Streaming Protocol<BR>
gdomap 538/tcp # gdomap<BR>
gdomap 538/udp # gdomap<BR>
apertus-ldp 539/tcp # Apertus Tech Load Determination<BR>
apertus-ldp 539/udp # Apertus Tech Load Determination<BR>
uucp 540/tcp # Unix to Unix Copy<BR><br> Original Unix copy service, becoming obsolete. Is still used to some remote sites where periodic connection & download of spooled data files is the normal comm. <BR> Security Concern: Usernames & passwords are cleartext and reusable. <BR>
uucp/uucp 540/udp # Unix to Unix Copy<BR><br> Original Unix copy service, becoming obsolete. Is still used to some remote sites where periodic connection & download of spooled data files is the normal comm. <BR> Security Concern: Usernames & passwords are cleartext and reusable. <BR> , uucp<br><br>uucpd<br>
uucp-rlogin 541/tcp # uucp-rlogin<BR>
uucp-rlogin/uucp-rlogin 541/udp # uucp-rlogin<BR>, uucp-rlogin<br><br>uucp-rlogin<br>
commerce 542/tcp # commerce<BR>
commerce 542/udp # commerce<BR>
klogin 543/tcp # klogin<BR>
klogin/klogin 543/udp # klogin<BR>, klogin<br><br>kerberos (v4/v5)<br>
kshell 544/tcp # krcmd<BR>
kshell/kshell 544/udp # krcmd<BR>, kshell<br><br>krcmd, kerberos (v4/v5), krcmd kerberos (v4/v5)<br>
appleqtcsrvr 545/tcp # appleqtcsrvr<BR>
appleqtcsrvr/appleqtcsrvr 545/udp # appleqtcsrvr<BR>, appleqtcsrvr<br><br>appleqtcsrvr<br>
dhcpv6-client 546/tcp # DHCPv6 Client<BR>
dhcpv6-client 546/udp # DHCPv6 Client<BR>
dhcpv6-server 547/tcp # DHCPv6 Server<BR>
dhcpv6-server 547/udp # DHCPv6 Server<BR>
afpovertcp 548/tcp # AFP over TCP<BR>
afpovertcp/afpovertcp 548/udp # AFP over TCP<BR>, afpovertcp<br><br>appleshareip protocol, afp over tcp, afp over udp<br>
idfp 549/tcp # IDFP<BR>
idfp 549/udp # IDFP<BR>
new-rwho 550/tcp # new-who<BR>
new-rwho/new-rwho 550/udp # new-who<BR>, new-rwho<br><br>new-who, experimental<br>
cybercash 551/tcp # cybercash<BR>
cybercash 551/udp # cybercash<BR>
deviceshare 552/tcp # deviceshare<BR>
deviceshare 552/udp # deviceshare<BR>
pirp 553/tcp # pirp<BR>
pirp 553/udp # pirp<BR>
rtsp 554/tcp # Real Time Stream Control Protocol<BR>
rtsp 554/udp # Real Time Stream Control Protocol<BR>
dsf 555/tcp # dsf<BR>
dsf 555/udp # dsf<BR>
remotefs 556/tcp # rfs server<BR>
remotefs 556/udp # rfs server<BR>
openvms-sysipc 557/tcp # openvms-sysipc<BR>
openvms-sysipc 557/udp # openvms-sysipc<BR>
sdnskmp 558/tcp # SDNSKMP<BR>
sdnskmp 558/udp # SDNSKMP<BR>
teedtap 559/tcp # TEEDTAP<BR>
teedtap 559/udp # TEEDTAP<BR>
rmonitor 560/tcp # rmonitord<BR>
rmonitor/rmonitor 560/udp # rmonitord<BR>, rmonitor<br><br>experimental, rmonitord<br>
monitor 561/tcp # monitor<BR>
monitor/monitor 561/udp # monitor<BR>, monitor<br><br>experimental<br>
chshell 562/tcp # chcmd<BR>
chshell 562/udp # chcmd<BR>
nntps 563/tcp # NNTP over TLS/SSL<BR><br> Was formerly snntp, snews <BR>
nntps 563/udp # NNTP over TLS/SSL<BR><br> Was formerly snntp, snews <BR>
9pfs 564/tcp # Plan 9 file service<BR>
9pfs 564/udp # Plan 9 file service<BR>
whoami 565/tcp # whoami<BR>
whoami 565/udp # whoami<BR>
streettalk 566/tcp # streettalk<BR>
streettalk 566/udp # streettalk<BR>
banyan-rpc 567/tcp # banyan-rpc<BR>
banyan-rpc 567/udp # banyan-rpc<BR>
ms-shuttle 568/tcp # microsoft shuttle<BR>
ms-shuttle 568/udp # microsoft shuttle<BR>
ms-rome 569/tcp # microsoft rome<BR>
ms-rome 569/udp # microsoft rome<BR>
meter 570/tcp # demon<BR>
meter 570/udp # demon<BR>
meter 571/tcp # udemon<BR>
meter 571/udp # udemon<BR>
sonar 572/tcp # sonar<BR>
sonar 572/udp # sonar<BR>
banyan-vip 573/tcp # banyan-vip<BR>
banyan-vip 573/udp # banyan-vip<BR>
ftp-agent 574/tcp # FTP Software Agent System<BR>
ftp-agent 574/udp # FTP Software Agent System<BR>
vemmi 575/tcp # VEMMI<BR>
vemmi 575/udp # VEMMI<BR>
ipcd 576/tcp # ipcd<BR>
ipcd 576/udp # ipcd<BR>
vnas 577/tcp # vnas<BR>
vnas 577/udp # vnas<BR>
ipdd 578/tcp # ipdd<BR>
ipdd 578/udp # ipdd<BR>
decbsrv 579/tcp # decbsrv<BR>
decbsrv 579/udp # decbsrv<BR>
sntp-heartbeat 580/tcp # SNTP HEARTBEAT<BR>
sntp-heartbeat 580/udp # SNTP HEARTBEAT<BR>
bdp 581/tcp # Bundle Discovery Protocol<BR>
bdp 581/udp # Bundle Discovery Protocol<BR>
scc-security 582/tcp # SCC Security<BR>
scc-security 582/udp # SCC Security<BR>
philips-vc 583/tcp # Philips Video-Conferencing<BR>
philips-vc 583/udp # Philips Video-Conferencing<BR>
keyserver 584/tcp # Key Server<BR>
keyserver 584/udp # Key Server<BR>
imap4-ssl 585/tcp # IMAP4+SSL<BR>
imap4-ssl/imap4-ssl 585/udp # IMAP4+SSL<BR>, imap4-ssl<br><br>use 993 instead), imap4+ssl (use 993 instead)<br>
password-chg 586/tcp # Password Change<BR>
password-chg 586/udp # Password Change<BR>
submission 587/tcp # Submission<BR>
submission 587/udp # Submission<BR>
cal 588/tcp # CAL<BR>
cal 588/udp # CAL<BR>
eyelink 589/tcp # EyeLink<BR>
eyelink 589/udp # EyeLink<BR>
tns-cml 590/tcp # TNS CML<BR>
tns-cml 590/udp # TNS CML<BR>
http-alt 591/tcp # FileMaker, Inc. - HTTP Alternative<BR>
http-alt 591/udp # FileMaker, Inc. - HTTP Alternative<BR>
eudora-set 592/tcp # Eudora Set<BR>
eudora-set 592/udp # Eudora Set<BR>
http-rpc-epmap 593/tcp # HTTP RPC Ep Map<BR><br> Enabled on NT servers running SNA RPC. <BR>
http-rpc-epmap 593/udp # HTTP RPC Ep Map<BR><br> Enabled on NT servers running SNA RPC. <BR>
tpip 594/tcp # TPIP<BR>
tpip 594/udp # TPIP<BR>
cab-protocol 595/tcp # CAB Protocol<BR>
cab-protocol 595/udp # CAB Protocol<BR>
smsd 596/tcp # SMSD<BR>
smsd 596/udp # SMSD<BR>