C O M M O N P O R T S A N D

P RO T O C OL S
ANDY HOOK
• FILE TRANSFER PROTOCOL
(FTP)
• FTP IS A TCP SERVICE AND OPERATES ON PORTS 20 AND 21. THIS APPLICATION IS USED
TO MOVE FILES FROM ONE COMPUTER TO ANOTHER. PORT 20 IS USED FOR THE DATA
STREAM AND TRANSFERS THE DATA BETWEEN THE CLIENT AND THE SERVER. PORT 21 IS
THE CONTROL STREAM AND IS USED TO PASS COMMANDS BETWEEN THE CLIENT AND
THE FTP SERVER. ATTACKS ON FTP TARGET MISCONFIGURED DIRECTORY PERMISSIONS
AND COMPROMISED OR SNIFFED CLEAR-TEXT PASSWORDS. FTP IS ONE OF THE MOST
COMMONLY HACKED SERVICES.
• Simple Mail Transfer Protocol (SMTP)
• This application is a TCP service that operates on port 25. It is
designed for the exchange of email between networked systems.
Messages sent through SMTP have two parts: an address header
and the message text. All types of computers can exchange
messages with SMTP. Spoofing and spamming are two of the
vulnerabilities associated with SMTP.
• TELNET
• TELNET IS A TCP SERVICE THAT OPERATES ON PORT 23. TELNET ENABLES A CLIENT AT ONE
SITE TO ESTABLISH A SESSION WITH A HOST AT ANOTHER SITE. THE PROGRAM PASSES THE
INFORMATION TYPED AT THE CLIENT’S KEYBOARD TO THE HOST COMPUTER SYSTEM.
ALTHOUGH TELNET CAN BE CONFIGURED TO ALLOW ANONYMOUS CONNECTIONS, IT SHOULD
BE CONFIGURED TO REQUIRE USERNAMES AND PASSWORDS. UNFORTUNATELY, EVEN THEN,
TELNET SENDS THEM IN CLEAR TEXT. WHEN A USER IS LOGGED IN, HE OR SHE CAN PERFORM
ANY ALLOWED TASK. APPLICATIONS SUCH AS SSH SHOULD BE CONSIDERED AS A
REPLACEMENT. SSH IS A SECURE REPLACEMENT FOR TELNET AND DOES NOT PASS CLEAR-
TEXT USERNAME AND PASSWORDS.
DYNAMIC HOST CONFIGURATION
PROTOCOL (DHCP)
•DHCP IS USED TO ASSIGN IP ADDRESSES TO DEVICES CONNECTED
TO A NETWORK. IT USES PORT 67 AND PORT 68. DHCPV4 CONSISTS
OF FOUR STEPS: DISCOVER, OFFER, REQUEST, AND ACKNOWLEDGE
(DORA). DHCPV6 USES FOUR DIFFERENT STEPS: SOLICIT,
ADVERTISE, REQUEST, AND REPLY (SARR). BOTH VERSIONS
COMMUNICATE VIA UDP.
SIMPLE NETWORK MONITORING PROTOCOL (SNMP)

• THIS APPLICATION IS A UDP SERVICE THAT RECEIVES REQUESTS ON UDP PORT 161. THE SNMP MANAGER
RECEIVES NOTIFICATIONS, TRAPS, AND INFORMATION REQUESTS ON UDP PORT 162. SNMP ALLOWS
AGENTS TO GATHER INFORMATION, INCLUDING NETWORK STATISTICS, AND REPORT BACK TO THEIR
MANAGEMENT STATIONS. MOST LARGE CORPORATIONS HAVE IMPLEMENTED SOME TYPE OF SNMP
MANAGEMENT. SOME OF THE SECURITY PROBLEMS THAT PLAGUE SNMP ARE CAUSED BY THE FACT THAT
COMMUNITY STRINGS CAN BE PASSED AS CLEAR TEXT AND THAT THE DEFAULT COMMUNITY STRINGS
(PUBLIC/PRIVATE) ARE WELL KNOWN. SNMP VERSION 3 IS THE MOST CURRENT, AND IT OFFERS
ENCRYPTION FOR MORE ROBUST SECURITY.
• DOMAIN NAME SYSTEM (DNS)
• This Application operates on port 53. THE DOMAIN NAME SYSTEM (DNS) IS
A HIERARCHICAL AND DECENTRALIZED NAMING SYSTEM FOR COMPUTERS, SERVICES, OR
OTHER RESOURCES CONNECTED TO THE INTERNET OR A PRIVATE NETWORK. IT
ASSOCIATES VARIOUS INFORMATION WITH DOMAIN NAMES ASSIGNED TO EACH OF THE
PARTICIPATING ENTITIES. MOST PROMINENTLY, IT TRANSLATES MORE READILY
MEMORIZED DOMAIN NAMES TO THE NUMERICAL IP ADDRESSES NEEDED FOR LOCATING
AND IDENTIFYING COMPUTER SERVICES AND DEVICES WITH THE UNDERLYING NETWORK
PROTOCOLS. BY PROVIDING A WORLDWIDE, DISTRIBUTED DIRECTORY SERVICE, THE
DOMAIN NAME SYSTEM HAS BEEN AN ESSENTIAL COMPONENT OF THE FUNCTIONALITY OF
THE INTERNET SINCE 1985.
TRIVIAL FILE TRANSFER PROTOCOL (TFTP)

TFTP OPERATES ON PORT 69. IT IS CONSIDERED A DOWN-AND-DIRTY

VERSION OF FTP BECAUSE TFTP USES UDP TO REDUCE OVERHEAD. IT NOT
ONLY DOES SO WITHOUT THE SESSION MANAGEMENT OFFERED BY TCP, IT
ALSO REQUIRES NO AUTHENTICATION, WHICH COULD POSE A BIG SECURITY
RISK. IT IS USED TO TRANSFER ROUTER CONFIGURATION FILES AND IS USED
BY CABLE COMPANIES TO CONFIGURE CABLE MODEMS
• HYPERTEXT TRANSFER PROTOCOL (HTTP)
• HTTP IS A TCP SERVICE THAT OPERATES ON PORT 80. THIS IS ONE OF THE MOST WELL-
KNOWN APPLICATIONS. HTTP HAS HELPED MAKE THE WEB THE POPULAR PROTOCOL IT
IS TODAY. THE HTTP CONNECTION MODEL IS KNOWN AS A STATELESS CONNECTION.
HTTP USES A REQUEST/RESPONSE PROTOCOL IN WHICH A CLIENT SENDS A REQUEST
AND A SERVER SENDS A RESPONSE. ATTACKS THAT EXPLOIT HTTP CAN TARGET THE
SERVER, BROWSER, OR SCRIPTS THAT RUN ON THE BROWSER. CODE RED IS AN
EXAMPLE OF CODE THAT TARGETED A WEB SERVER.