Firewalls: Re: NT port activity list

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NT port activity list
From:	Bill Stout <bill . stout @ hidata . com>
Date:	Tue, 03 Sep 1996 09:42:26 -0700
To:	Firewalls @ GreatCircle . COM

I started this thread out of interest in NT Firewalls and Webservers.
Let me know if this is too unrelated and I will take this elsewhere.

Amazing what you learn by reading.  Windows NT Resource Kit 3.51 
Windows NT Networking - Part III 'TCP/IP'.

I haven't completed a Satan scan against an NT system yet, but this
is what I got so far.  Also much of the system-level communication
is still a mystery; logon process, etc (RPC?).

  NT TCP/IP is divided into the following separate categories; 
· ?Core protocols? - TCP, IP, UDP, ARP, ICMP, PPP and SLIP.
· API support - Windows Sockets v1.1, RPC, NetBIOS, and Network DDE.
· Basic TCP/IP utilities - finger, ftp, lpr, rcp, rexec, rsh, telnet, 
  and tftp.
· Diagnostic tools - arp, hostname, ipconfig, lpq, nbtstat, netstat, 
  ping, route, and tracert.
· Services and Administration tools - FTP Server, WINS, DHCP, and 
  TCP/IP Printing.
· SNMP agent
· Client software for ?Simple network protocols? - chargen, daytime, 
  discard, echo, quotd.
· Path MTU discovery - discovers datagram size for all routers between 
  Windows NT computer and any system on a WAN. (RFC 1191)
· IGMP - Internet Gateway Multicast Protocol
 
 The following is a partial list of available IP network ports in NT:

Port 	Name	    Description	                          RFC
1	icmp        Internet Control Message Protocol	  792
2	igmp        Internet Group Management Protocol    1112
7	echo 	    Ping                                  862
9    	discard     Discard (sink null)                   863
13   	daytime     Daytime                               867
15   	netstat     Network Statistics	
17   	quotd       Quote of the Day 
                    (\winnt\system32\drivers\etc\quotes)  865
19   	chargen     Character Generator	                  864
20   	ftp-data    File Transfer Protocol (Data) 	  959
21   	ftp         File Transfer Protocol (Control) 	  959
23	telnet      Telnet                                854
53   	domain      Domain Name Service                   1034,1035
69   	tftp        Trivial File Transfer Protocol
                    Used by Bootp, DHCP                   783,1534,1541
79   	finger      Finger                                1194
137  	netbios_ns  NetBIOS Name Service   
                    Typically UDPAlso used by 'nbtstat'
                    Node Status Request                   1001,1002
138  	netbios_dgm NetBIOS Datagram Service              1001,1002
139  	netbios_ssn NetBIOS Session Service               1001,1002
161  	snmp        SNMP Messages                         1157
162  	snmptrap    SNMP Traps                            1157
530  	courier     RPC	
515  	printer     LPD Spooler                           1179

Other installed services:
775  	sms_db		
777  	sms_update		
1433 	tds         Tabular Data Stream DB-library SQLserver

Please edit this list if you have more data (ISS, Raptor, MS?).


Bill Stout
_______________________________________________________________________________
Senior Systems Admin   NT/UNIX/I-net/Routers/Mainframes/Janitor ;)
Hitachi Data Systems   408-970-4822   ---  Disclaimer:  I speak only for myself
___________"Infowar, Cyber-war, yes, 'they' _are_ out to get you..."___________

Indexed By Date	Previous:	Re: Spoofing Messages in the Log files From: bobk @ manzanita (Bob Konigsberg)
Indexed By Date	Next:	RE: WWW servers (Again) From: "Larson, Erik @TFN Cin" <IMCEAMS-CENTRAL_CINTI_elarson @ XLConnect . com>
Indexed By Thread	Previous:	Re: Denied packets with no protocol?? From: Rafi Sadowsky <rafi @ tavor . openu . ac . il>
Indexed By Thread	Next:	Re: NT port activity list From: peter @ baileynm . com (Peter da Silva)