In our study of network technology, often encounter the so-called port, so what does the port mean, the port in network technology default refers to the TCP/IP protocol service port, a total of 0-65535 ports, such as our most common port is 80 port, the default port to access the website is 80, If you open www.baidu.com:80 directly in your browser, you will find that the browser removes 80 by default, just because it is a default port, so there is no need to display it, there is also port 21 for FTP file transfer, we know that a host can usually provide web service, FTP service, SMTP service for mail, etc., All services can be run on the same IP address at the same time. The reason is that these services are distinguished by IP and port, so that each port has its own work and can use the same IP address at the same time.

How do I check which ports are in use on my computer?

We open CMD and type netstat -n to see which ports we are using and which IP and ports have been connected to the extranet.

Common port vulnerabilities

  • FTP 21

  • Default User name Password Anonymous: Anonymous

  • Brute force password cracking

  • VSFTP backdoor of a certain version

  • SSH 22

  • Brute force password cracking

  • Telent 23

  • Brute force password cracking

  • SMTP 25

  • The sender can be forged without authentication

  • DNS 53 UDP

  • Test domain transport vulnerability

  • SPF / DMARC Check

  • DDoS

  • DNS Query Flood

  • DNS rebound

  • SMB 137/139/445

  • Unauthorized access

  • Weak password

  • SNMP 161

  • Public weak password

  • LDAP 389

  • Anonymous access

  • injection

  • Rsync 873

  • Arbitrary file reading and writing

  • RPC 1025

  • NFS Anonymous Access

  • MSSQL 1433

  • Weak passwords

  • Java RMI 1099

  • RCE

  • Oracle 1521

  • Weak passwords

  • NFS 2049

  • Improper permission setting

  • ZooKeeper 2181

  • Unauthenticated

  • MySQL 3306

  • Weak passwords

  • RDP 3389

  • Weak passwords

  • Postgres 5432

  • Weak passwords

  • CouchDB 5984

  • Unauthorized access

  • Redis 6379

  • No password or weak password

  • Elasticsearch 9200

  • Code execution

  • Memcached 11211

  • Unauthorized access

  • MongoDB 27017

  • No password or weak password

  • Hadoop 50070

👉 free access to 100G network security hacker attack and defense information.

Which ports are commonly used by hackers?

21 port

When the server is not popular, most websites use host space, website files are transmitted through FTP, login requires an account and password, so there are many FTP batch blasting tools.

Port 135

Early hackers often use port 135 to invade personal computers. After scanning a large number of IP addresses open on port 135, they use NTSCAN scanner to guess passwords in batches and transfer FTP trojans.

Port 445

The nightmare of Internet cafe, Internet cafe this port is not, often by hackers batch invasion of all computers, Internet cafes see who is not happy to close who computer, early batch invasion of Internet cafe computer, batch invasion of computer room is used by this port. Use ipc$empty connection directly in CMD to connect to Intranet host, real implementation of CMD intrusion host, just like the movie hacker.

Ports 1433 and 3306

The default port number of sqlServer is 1433, the default port number of mysql is 3306, these two ports are the default connection port of two kinds of databases, many default do not have password, or use weak password, also often used by scanning. The domain name 1433 is taken here.

Port 3389

Port 3389 is the default port for connecting to servers. We all know that the default user name for computers is Administrator, but many people set simple passwords or empty passwords, resulting in breaches. DUBrute is a brute for hackers.

We is not hard to find, the hackers use the port hole, because most of the existence of weak password has been broken in, even port ipc $445 empty connection even without password, the hacker brawny, actually catch most of the “weak” are chicken, thus setting up a complex password, you can avoid 90% of the hacker attacks!