Determining What’s Running on Open Ports - jude-lindale/Wiki GitHub Wiki
As a security professional, you need to gather the things that count when scanning your systems. You can often identify the following information:
- Protocols in use, such as Domain Name System and NetBIOS.
- Services running on the hosts, such as email, web, and database systems.
- Available remote access services, such as Remote Desktop Protocol, Telnet, and Secure Shell.
- Virtual private network services such as SSL/TLS and IPsec.
- Permissions and authentication requirements for network shares.
You can look for the following sample open ports (which your network-scanning program reports as accessible or open):
- Ping (ICMP echo) replies, showing that ICMP traffic is allowed to and from the host.
- TCP port 21, showing that FTP could be running.
- TCP port 23, showing that Telnet could be running.
- TCP ports 25 or 465 (SMTP and SMPTS), 110 or 995 (POP3 and POP3S), or 143 or 993 (IMAP and IMAPS), showing that an email server could be running.
- TCP/UDP port 53, showing that a DNS server could be running.
- TCP ports 80, 443, and 8080, showing that a web server or web proxy could be running.
- TCP/UDP ports 135, 137, 138, 139 and, especially, 445, showing that a Windows host could be running.