With dangerous worms and Trojans and other threats common on the Internet, computer users should know the ways they are vulnerable to attacks. One of the simplest but most vital tests you can do to determine potential vulnerabilities is to find out which “ports” your PC has open to the outside world.
Computers “speak” across networks and the Internet via communication channels called “ports”. Many ports are pre-assigned to specific network services, such as HTTP (port 80) and FTP (port 21); these are called well-known ports. There are two kinds of ports: TCP (Transmission Control Protocol) ports and UDP (User Datagram Protocol) ports. Bad things Trojans, worms, viruses run on other, lesser know ports – and some ports are know to hackers to be vulnerable for accessing.
So what’s the big deal?
If a program on your computer has asked to field requests that come in via a particular port, it is said to be “listening” on the port. A program that does this is called a daemon in Unix or a service in Windows-speak. Any program that listens on a port represents a potential liability. If the program isn’t equipped to recognize when too many requests come in at once—and reject at least some of them—it may tie up the entire machine trying to service them all. This is one form of denial-of-service (DoS) attack. And if the program has a bug that allows an intruder to overwrite memory (a buffer overflow), it may allow the system to be taken over completely. Also, Trojan horse programs frequently reveal themselves because they listen on specific ports.
In general, the fewer the ports on which your computer is listening, the less susceptible it is to certain types of attacks. So be sure to shut down as many unused services as possible—especially those involved with Windows file sharing, instant-messaging services, and so forth.
There is a great – free online scanning tool called “Shields Up” from GRC which can scan your machine in real-time to check for open port related security issues:
The best way to see your ports In Windows is to open a command window (Start>Run> Type:”cmd” and “Enter”) and type “netstat -an”. In the resulting listing, the ports you care about are the ones on which your computer is listening.
# 21 FTP
# 22 SSH
# 23 TELNET
# 25 SMTP
# 53 DNS
# 80 HTTP
# 110 POP3
# 115 SFTP
# 135 RPC
# 139 NetBIOS
# 143 IMAP
# 194 IRC
# 443 SSL
# 445 SMB
# 1433 MSSQL
# 3306 MySQL
# 3389 Remote Desktop
# 5631 – 5632 PCAnywhere
# 5900 VNC
What is a port?
A port is a virtual point where network connections start and end. Ports are software-based and managed by a computer’s operating system. Each port is associated with a specific process or service. Ports allow computers to easily differentiate between different kinds of traffic: emails go to a different port than webpages, for instance, even though both reach a computer over the same Internet connection.
What is a port number?
Ports are standardized across all network-connected devices, with each port assigned a number. Most ports are reserved for certain protocols — for example, all Hypertext Transfer Protocol (HTTP) messages go to port 80. While IP addresses enable messages to go to and from specific devices, port numbers allow targeting of specific services or applications within those devices.
What are the different port numbers?
There are 65,535 possible port numbers, although not all are in common use. Some of the most commonly used ports, along with their associated networking protocol, are:
- Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
- Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
- Port 25: Historically, Simple Mail Transfer Protocol (SMTP). SMTP is/was used for email – typically modern mail clients now use Port 587.
- Port 53: Domain Name System (DNS). DNS is an essential process for the modern Internet; it matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and applications without memorizing a long list of IP addresses.
- Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
- Port 123: Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential for encryption.
- Port 179: Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the Internet (these large networks are called autonomous systems). Autonomous systems use BGP to broadcast which IP addresses they control.
- Port 443: HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect at this port.
- Port 500: Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
- Port 587: Modern, secure SMTP that uses encryption.
- Port 3389: Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from another device.
The Internet Assigned Numbers Authority (IANA) maintains the full list of port numbers and protocols assigned to them.