Table of Contents for
Network Security Assessment, 3rd Edition
Network Security Assessment, 3rd Edition
Published by
O'Reilly Media, Inc., 2016
- nav
- Cover
- Network Security Assessment
- Network Security Assessment
- section
- Preface
- 1. Introduction to Network Security Assessment
- 2. Assessment Workflow and Tools
- 3. Vulnerabilities and Adversaries
- 4. Internet Network Discovery
- 5. Local Network Discovery
- 6. IP Network Scanning
- 7. Assessing Common Network Services
- 8. Assessing Microsoft Services
- 9. Assessing Mail Services
- 10. Assessing VPN Services
- 11. Assessing TLS Services
- 12. Web Application Architecture
- 13. Assessing Web Servers
- 14. Assessing Web Application Frameworks
- 15. Assessing Data Stores
- A. Common Ports and Message Types
- B. Sources of Vulnerability Information
- C. Unsafe TLS Cipher Suites
- Glossary of Terms
- Index
- About the Author
- Colophon
Appendix A. Common Ports and Message Types
In this appendix, I list useful TCP and UDP ports, along with ICMP message types.1 Nmap’s nmap-services file is also a good reference, listing known backdoors and unregistered services.
TCP Ports
Table A-1 lists common TCP ports and references to chapters where applicable.
| Number | Name | Description | Chapter |
|---|---|---|---|
| 21 | ftp | File Transfer Protocol (FTP) | Chapter 7 |
| 22 | ssh | Secure Shell (SSH) | Chapter 7 |
| 23 | telnet | Telnet service | Chapter 7 |
| 25 | smtp | Simple Mail Transfer Protocol (SMTP) | Chapter 9 |
| 43 | whois | WHOIS service | Chapter 4 |
| 53 | domain | Domain Name Service (DNS) | Chapter 4 |
| 79 | finger | Finger service | – |
| 80 | http | Hypertext Transfer Protocol (HTTP) | Chapter 13 |
| 88 | kerberos | Kerberos authentication service | Chapter 7 |
| 110 | pop3 | Post Office Protocol (POP3) | Chapter 9 |
| 111 | sunrpc | RPC portmapper (also known as rpcbind) | Chapter 7 |
| 113 | auth | Authentication service (also known as identd) | – |
| 119 | nntp | Network News Transfer Protocol (NNTP) | – |
| 135 | loc-srv | Microsoft RPC server service | Chapter 8 |
| 139 | netbios-ssn | Microsoft NetBIOS session service | Chapter 8 |
| 143 | imap | Internet Message Access Protocol (IMAP) | Chapter 9 |
| 179 | bgp | Border Gateway Protocol (BGP) | – |
| 389 | ldap | Lightweight Directory Access Protocol (LDAP) | Chapter 7 |
| 443 | https | TLS-wrapped HTTP web service | Chapter 13 |
| 445 | cifs | SMB Direct | Chapter 8 |
| 464 | kerberos | Kerberos password service | Chapter 7 |
| 465 | smtps | TLS-wrapped SMTP mail service | Chapter 9 |
| 513 | login | Remote login service (in.rlogind) | – |
| 514 | shell | Remote shell service (in.rshd) | – |
| 515 | printer | Line Printer Daemon (LPD) service; commonly exploitable under older Linux, Oracle Solaris, and Apple OS X distributions | – |
| 554 | rtsp | Real Time Streaming Protocol (RTSP) | – |
| 636 | ldaps | TLS-wrapped LDAP service | Chapter 7 |
| 873 | rsync | Unix rsync service | – |
| 993 | imaps | TLS-wrapped IMAP mail service | Chapter 9 |
| 995 | pop3s | TLS-wrapped POP3 mail service | Chapter 9 |
| 1080 | socks | SOCKS proxy service | – |
| 1352 | lotusnote | IBM Lotus Notes service | – |
| 1433 | ms-sql | Microsoft SQL Server | Chapter 15 |
| 1494 | citrix-ica | Citrix ICA service | – |
| 1521 | oracle-tns | Oracle Database TNS Listener | Chapter 15 |
| 1720 | videoconf | H.323 video conferencing service | – |
| 1723 | pptp | Point-to-Point Tunneling Protocol (PPTP) | Chapter 10 |
| 3128 | squid | SQUID HTTP web proxy service | Chapter 13 |
| 3268 | globalcat | Microsoft Global Catalog service (LDAP) | Chapter 7 |
| 3269 | globalcats | ||
| 3306 | mysql | MySQL database service | Chapter 15 |
| 3389 | ms-rdp | Microsoft Remote Desktop Protocol (RDP) | Chapter 8 |
| 5432 | postgres | PostgreSQL database service | Chapter 15 |
| 5353 | zeroconf | Multicast DNS (mDNS) service | Chapter 7 |
| 5800 | vnc-http | Virtual Network Computing (VNC) | Chapter 7 |
| 5900 | vnc | ||
| 6000 | x11 | X Windows service | – |
| 6112 | dtspcd | Unix CDE window manager Desktop Subprocess Control Service Daemon (DTSPCD) | – |
| 9100 | jetdirect | HP JetDirect printer management port | – |
UDP Ports
Table A-2 lists common UDP ports with references to chapters (where applicable).
| Number | Name | Description | Chapter |
|---|---|---|---|
| 53 | domain | Domain Name Service (DNS) | Chapter 4 |
| 67 | bootps | DHCP server | Chapter 5 |
| 68 | bootpc | DHCP client | Chapter 5 |
| 69 | tftp | Trivial File Transfer Protocol (TFTP) | Chapter 7 |
| 111 | sunrpc | RPC portmapper (also known as rpcbind) | Chapter 7 |
| 123 | ntp | Network Time Protocol (NTP) | Chapter 7 |
| 135 | loc-srv | Microsoft RPC server service | Chapter 8 |
| 137 | netbios-ns | Microsoft NetBIOS name service | Chapter 8 |
| 138 | netbios-dgm | Microsoft NetBIOS datagram service | Chapter 8 |
| 161 | snmp | Simple Network Management Protocol (SNMP) | Chapter 7 |
| 445 | cifs | SMB Direct | Chapter 8 |
| 500 | isakmp | IPsec key management protocol / IKE service | Chapter 10 |
| 513 | rwho | Unix rwhod service | – |
| 514 | syslog | Unix syslogd service | – |
| 520 | route | Routing Information Protocol (RIP) service | Chapter 5 |
| 1434 | ms-sql-ssrs | SQL Server Resolution Service (SSRS) | Chapter 15 |
| 1900 | ssdp | Simple Service Discovery Protocol (SSDP), used by home routers and other devicesa | – |
| 2049 | nfs | Unix Network File System (NFS) | Chapter 15 |
| 4045 | mountd | Unix NFS mountd service | Chapter 15 |
a HD Moore, “Security Flaws in Universal Plug and Play: Unplug, Don’t Play”, Rapid7 Blog, January 29, 2013. | |||
ICMP Message Types
Table A-3 lists common ICMP message types, along with with RFC details.
| Type | Code | Description | RFC |
|---|---|---|---|
| 0 | 0 | Echo reply | 792 |
| 3 | 0 | Destination network unreachable | |
| 3 | 1 | Destination host unreachable | |
| 3 | 2 | Destination protocol unreachable | |
| 3 | 3 | Destination port unreachable | |
| 3 | 4 | Fragmentation required, but don’t fragment bit was set | |
| 3 | 5 | Source route failed | |
| 3 | 6 | Destination network unknown | |
| 3 | 7 | Destination host unknown | |
| 3 | 8 | Source host isolated | |
| 3 | 9 | Communication with network administratively prohibited | |
| 3 | 10 | Communication with host administratively prohibited | |
| 3 | 11 | Destination network unreachable for type of service | |
| 3 | 12 | Destination host unreachable for type of service | |
| 3 | 13 | Communication administratively prohibited | 1812 |
| 3 | 14 | Host precedence violation | |
| 3 | 15 | Precedence cutoff in effect | |
| 4 | 0 | Source quench | 792 |
| 5 | 0 | Redirect datagram for the network or subnet | |
| 5 | 1 | Redirect datagram for the host | |
| 5 | 2 | Redirect datagram for the type of service and network | |
| 5 | 3 | Redirect datagram for the type of service and host | |
| 8 | 0 | Echo request | |
| 9 | 0 | Normal router advertisement | 1256 |
| 9 | 16 | Does not route common traffic | 2002 |
| 11 | 0 | TTL exceeded in transit | 792 |
| 11 | 1 | Fragment reassembly time exceeded | |
| 13 | 0 | Timestamp request | |
| 14 | 0 | Timestamp reply |
1 IANA maintains a comprehensive list of registered network services.