IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ports]

In computer networking a port is a software construct serving as a communications endpoint in a computer's host OS.

In computer networking a port is a software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host as well as the type of protocol used for communication.

List of well-known ports

403 questions
77
votes
9 answers

Is it theoretically possible to deploy backdoors on ports higher than 65535?

Assuming you were able to modify the OS/firmware/device for server/client to send and listen on ports higher than 65535, could it be possible to plant a backdoor and have it listen on, say, port 70000? I guess the real question is this: If you…
Jason
  • 3,086
  • 4
  • 20
  • 24
48
votes
5 answers

Should I close port 80 forever and ever since the 2018 Google-indicated web-security initiatives?

I often establish Ubuntu-LAMP environments on which I host a few Drupal web applications that I myself own (I don't provide any hosting services and never done so in the past). Whenever I establish such an environment, the most fundamental security…
user123574
38
votes
2 answers

What are the security implications of enabling UPnP in my home router?

I found port forwarding entries in home router that I haven't manually configured. Is that because of UPnP? Are applications simply able to tell the router to forward ports on their own? Are there any security implications with enabling UPnP?
Kvass
  • 507
  • 1
  • 4
  • 5
37
votes
4 answers

Is there any meaning in only allowing port 80 and 443 today?

It's become standard fare for security minded organisations to block everything other than 80 and 443. As a result, more and more applications (other than web browsers) are learning to use these ports for their needs too. Naturally malicious…
Milind R
  • 479
  • 1
  • 4
  • 5
34
votes
1 answer

I have found ports on my Samsung smart tv running a display service. What can I do with it?

I have a Samsung Smart TV running Tizen OS, and out of curiosity I scanned it with Nmap. I found multiple open ports. One of those ports is running a "display" service. Does this mean it can cast its own screen, or that i can cast my screen to it?
Saker Alabas
  • 451
  • 1
  • 4
  • 4
31
votes
4 answers

Dangers of opening up a wide range of ports? (mosh)

Why do we generally configure firewalls to filter out all traffic that we don't specifically allow? Is this just an extra layer of security for defense-in-depth that buys us nothing if we are not running malware on our system? Are there any dangers…
dr jimbob
  • 38,768
  • 8
  • 92
  • 161
30
votes
5 answers

How do you deal with massive port scans?

This morning I was looking through firewall logs and saw there were about 500 packets marked as port scan. The scanning range was from 1000-1200 5000-5200. The IP address is 85.25.217.47 which seems to be somewhere in Germany. And these guys…
PaddyKim
  • 459
  • 2
  • 5
  • 8
28
votes
2 answers

Security risk of opening port 111 (rpcbind)?

As far as I understood rpcbind is used for listing active services, and telling the requesting client where to send the RPC request. If a host listens on port 111, one can use rpcinfo to get program numbers and ports and services running; For…
Goli E
  • 895
  • 1
  • 11
  • 20
28
votes
9 answers

Is it safer to use a port other than 21 for FTP?

Usually (as far as I know), FTP uses port 21. Since this port is used for FTP so often, is it safer to use another port? My guess is that if someone with malicious intentions tries to break FTP accounts, they will try port 21.
Kevin
  • 473
  • 1
  • 4
  • 5
27
votes
1 answer

Why is it better to use ports 20 and 53 as source ports when portscanning?

I read that if a server is inside a DMZ behind a stateless firewall, it is a good idea to use ports 20 and 53 as source ports when conducting port scanning. Why is this a good idea? I guess the firewall will most likely not filter FTP and DNS data?
AdHominem
  • 3,006
  • 1
  • 16
  • 26
25
votes
3 answers

How wise is it to use a tool for portspoofing at your server to confuse attackers?

I came across this tool recently https://github.com/drk1wi/portspoof How efficient will it be to use it to confuse hackers doing port scanning? If it's actually going to be pretty efficient, why hasn't it caught up so far? That is, 189 stars for 5…
jerry
  • 365
  • 3
  • 4
22
votes
6 answers

Why do hackers scan for open ports?

So, whenever you hear of the mean little hackers who hack websites you hear of "port scanning". I understand what it is (looking for all open ports / services on a remote machine), however that begs the question: Why would an attacker want to know…
Joseph
  • 523
  • 1
  • 4
  • 14
18
votes
7 answers

Nmap reporting almost every port as open

I have noticed during some assesments when doing a TCP port scan, Nmap will report almost every port as open for a machine. Using for example nmap -sS -PN -T4 target -p0-65535, over 20,000 ports will be returned as open. On further investigation,…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
16
votes
2 answers

How do hackers take advantage of open ports as a vector for an attack?

It is widespread knowledge, and therefore a common practice, to close open ports on any machines connected to the internet. If for example, a typical program uses port xyz as it's communication channel, and there is a vulnerability in that program,…
Franko
  • 1,530
  • 5
  • 18
  • 30
14
votes
2 answers

What's the diff between blocking a port with a firewall and not starting a service on that port in the first place?

I was considering setting up a software firewall (pf) on my web server and did some research on them. Were I to do it, it'd involve basically blocking connections to all ports except 80, 443, and the non-standard port I'm using for SSH…
Garrett Albright
  • 475
  • 4
  • 11
1
2 3
26 27