Commonly Exploited Ports List







reserved 0 TCP/UDP Hi source port - no good reason for this
sscan signature 0-5 TCP Hi source ports - no good reason for this
ttymux 1 TCP Hi possibly part of an sscan probe
echo 7 TCP/UDP Hi potential UDP attack
systat 11 TCP Hi system/user information (ps)
unassigned 15 TCP Hi was netstat: open connections, routing tables, etc.
chargen 19 TCP/UDP Hi potential UDP attack
ftp 21, 20 TCP Lo famous file transfer service
ssh 22 TCP Med secure shell service
ssh 22 UDP Lo old version of PC Anywhere
telnet 23 TCP Med remote login
smtp 25 TCP Hi looking for spam relay
DNS 53 TCP Hi compromising a DNS server via TCP zone transfers
dhcpc 67 UDP Lo probably a mistake
tftpd 69 UDP Med very insecure ftp alternative
finger 79 TCP Lo user account information
link 87 TCP Hi terminal link - commonly used by intruders
pop 110, 109 TCP Hi looking for a mail or news spam relay
sunrpc 111 TCP/UDP Hi NFS, NIS, any rpc-based service
nntp 119 TCP Med free/public news feed or spam relay
ntp 123 UDP Lo network time synchroniztion; ok, but impolite
netbios-ns 137 TCP/UDP Hi Windows Name Service
netbios-dgm 138 TCP/UDP Hi Windows Datagram Service
netbios-ssn 139 TCP Hi Windows Session Service
imap 143 TCP Hi famous security hole
NeWS 144 TCP Hi Sun windowing management system
snmp 161, 162 UDP Hi remote network administration
xdmcp 177 UDP Hi xdm: XDMCP, X Display Manager
rexec 512 TCP Hi intended for intranet use
biff 512 UDP Hi intended for intranet use
rlogin 513 TCP Med intended for intranet use
who 513 UDP Hi intended for intranet use
rsh 514 TCP Med intended for intranet use
syslog 514 UDP Hi intended for intranet use
printer 515 TCP Hi intended for intranet use
talk 517 UDP Med intended for intranet use
ntalk 518 UDP Med intended for intranet use
route 520 UDP Hi routed
uucp 540 TCP Med a "famous" file transfer service
mount 635 UDP Hi NFS mount service
socks 1080 TCP Hi potential spam relay point
SQL 1114 TCP Hi part of an sscan signature
openwin 2000 TCP Hi OpenWindows windowing system
NFS 2049 TCP/UDP Hi remote filesystem access
pcanywherestat 5632 UDP Lo PC Anywhere
X11 6000+n TCP Hi X Windows
NetBus 12345, 12346, 20034 TCP Hi
BackOrifice 31337 UDP Hi Back Orifice trojan horse (system access)
Hack'a'Tack 31790, 31789 UDP Hi Windows Hack'a'Tack trojan
traceroute 33434-33523 UDP Lo incoming traceroute

ping 8 ICMP Lo incoming ping
redirect 5 ICMP Hi incoming routing redirect bomb
traceroute 11 ICMP Lo outgoing response to traceroute

OS type probe 0 TCP/UDP Hi broadcasts to destination address

Hostility ratings are gross estimates. Any probe can be motivated by innocent curiousity. The ratings are guesses based on a combination of their potential danger to the system and their likelihood of being hostile if that port was the only port probed as an isolated incident.