MTTECHNOLOGY
Member
- Joined
- Sep 6, 2010
- Posts
- 147
- Likes
- 1
The default port database contains Array entries for TCP and UDP port identifications. Many thanks to Paul Darby for providing the original list this database has grown from.
example:
In Port Lookup input this 1080
Port--1080
Protocol--tcp/udp
Service---socks
Info------SOCKS
SOCKS port, used to support outbound tcp services (FTP, HTTP, etc.). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and "bounce" out to another internal host. Done to either reach a protected internal host or mask true source of attack.
Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks.
Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to .mil domain hosts.
http://www.cirt.net/ports
example:
In Port Lookup input this 1080
Port--1080
Protocol--tcp/udp
Service---socks
Info------SOCKS
SOCKS port, used to support outbound tcp services (FTP, HTTP, etc.). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and "bounce" out to another internal host. Done to either reach a protected internal host or mask true source of attack.
Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks.
Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to .mil domain hosts.
http://www.cirt.net/ports