No announcement yet.

Enumeration - Services and Ports

  • Filter
  • Time
  • Show
Clear All
new posts

  • Enumeration - Services and Ports

    When enumerating a target system, you should know those ports and services that are commonly used and what type of information they can bring you as an attacker.

    Here are some ports that are commonly in use that is worth paying attention to...

    TCP 22 - SSH (Secure Shell)
    SSH is a tool for spawning a shell on a remote system in a secure manner. This is common on Linux systems and networking devices like routers and switches.

    TCP 25 - SMTP (Simple Mail Transfer)
    The SMTP protocol is used for transmission of e-mail messages across networks.

    TCP 53 - DNS (Domain Name Server)
    This port is used for DNS zone transfers between primary and secondary DNS servers. UDP port 53 is the port used when making DNS queries.

    TCP 137 - NetBIOS-ns (NetBIOS Name Service)
    This port associated with NetBIOS Name Service (NBNS) is a mechanism designed to provide name resolution services involving the NetBIOS protocol. The service allows NetBIOS to associate names and IP addresses of individual systems and services.

    TCP 139 - NetBIOS-ssn (NetBIOS Session Service)
    NetBIOS Session Service, also known as SMB over NetBIOS, lets you manage connections between NetBIOS-enabled clients and applications and is associated with this port. The service is used by NetBIOS to establish connections and tear them down when they are no longer needed. Server Message Block (SMB) is mainly used for providing shared access to files, printers etc. One version of SMB was also known as Common Internet File System (CIFS).

    TCP 3389 - RDP (Remote Desktop Protocol)
    This services is an aid for remote administration of Windows servers and workstations. It is a way of getting a fully functional graphical interface over a network from a remote host. Linux versions of RDP servers are available even though RDP is a proprietary protocol developed by Microsoft.

    UDP 69 - TFTP (Trivial File Transfer)
    TFTP is a basic protocol for transfering files. This is often used for upgrading firmware on network equipment and for downloading configuration to devices such as VoIP devices.

    UDP 123 - NTP (Network Time Protocol
    This service is in place to syncronize the clock on devices by having one device being a NTP service provider. This will aid in securing that all devices have the same date and time and will giver a lower stratum level.

    UDP 137 - NETBIOS-NS (NetBIOS Name Service)
    UDP NetBIOS name query packets are sent to this port, usually of Windows machines but also of any other system running Samba (SMB), to ask the receiving machine to disclose and return its current set of NetBIOS names.

    UDP 161 & 162 - SNMP (Simple Network Management Protocol) & SNMP Traps
    SNMP is a protocol in place to manage and monitor network devices and hosts. The protocol is designed to facilitate messaging, monitoring, auditing and more. SNMP works on two ports: 161 which is in use for querying the Management Information Base (MIB) and 162 on where SNMP traps are received.

    TCP & UDP 88 - Kerberos
    Kerberos is a popular authentication system based on the use of tickets. It is the authentication protocol used in many centralized authentication systems including Microsoft Active Directory.

    TCP & UDP 135 - RPC (Remote Procedure Call)
    This port is used during communications between client-server applications, such as allowing Microsoft Outlook to communicate with a Microsoft Exchange server, etc.

    TCP & UDP 389 - LDAP (Lightweight Directory Access Protocol)
    This protocol is used by many applications; two of the most common are Active Directory and Exchange.

    TCP & UDP 445 - Microsoft-DS (Microsoft Directory Services)
    SMB over TCP, or Direct Host, is a service designed to improve network access and bypass NetBIOS use. This service is available in Microsoft Windows 2000 and later.
    Support for TCP port 137, 138 and 139 in modern Microsoft Windows Operating Systems, is for backward compatibility.

    TCP & UDP 514 - Syslog
    This is the most common port used for remote syslog services and Log Management systems. Even though TCP port 514 is allocated to shell authentication, both TCP and UDP port 514 are common for the syslog service.

    TCP & UDP 3268 - MSFT-GC (Microsoft Global Catalog)
    The Global Catalog Service is associated with the Microsoft Active Directory and runs on port 3268 on the Microsoft Windows 2000, and later, operating system. This service is used to locate information within Active Directory.
    Certified Security Geek