This document summarizes common network ports exploited by hackers, including FTP (ports 20-21), DHCP (ports 67-68), Telnet (port 23), SMTP (port 25), DNS (port 53), TFTP (port 69), HTTP (port 80), and SNMP (ports 161-162). It describes each protocol's purpose and common security vulnerabilities, such as unencrypted passwords, spoofing, cache poisoning, and default credentials. Exploiting these ports and vulnerabilities allows hackers to transfer files, obtain IP addresses, establish remote sessions, send spam, corrupt domain name records, and monitor network devices without authentication.
3. Application
Security and
Operation
Issues
File Transfer Protocol (FTP)
• TCP service and operates on Ports 20 and 21
• Utilised to transfer files from one pc to another
• Port 20 utilised for data stream and transferring data
from client to server
• Port 21 is the control stream and utilised to pass
commands amongst client and FTP Server
• Security Vulnerabilities: Most hacked services, common
attacks are towards on misconfigured directory
permissions, Compromised or sniffed clear text
passwords,
4. Dynamic Host Configuration Protocol (DHCP)
• Utilised to assign IP addresses to the relevant network
• Implements Ports 67 and 68
• DHCPv4 consists of four steps: discover, offer, request,
and acknowledge (DORA)
• HCPv6 uses four different steps: solicit, advertise,
request, and reply (SARR)
• All versions communicate UDP
5. Telnet
• Operates on port 23 and is classified as a TCP service
• Permits client from one site to establish session with host
from another location
• Enables all information captured from client keyboard to
be sent over to the target host computer
• Largely configured towards Username and Passwords
however can be configured to also anonymous
connections
• Sends all text in username and passwords in clear text
6. Simple Mail Transfer Protocol (SMTP)
• Operates on port 25 and is classified as a TCP service
• Performs the exchanging of e-mail messages amongst
network systems
• Messages typically comprise of Header and body text
• Spoofing and Spamming typically associated with SMTP
7. Domain Name System (DNS)
• Performs address translation and operates on Port 23
• Functionally converts IP addresses into fully qualified
domain names (FWDN) or FWDN into IP addresses
• Comprises of zone files which is a pool of structured
resource records
• Common record types include the Start of Authority
(SOA) record, A record (IPv4), AAAA record (IPv6), CNAME
record, NS record, PTR record, and the MX record.
• DNS Servers vulnerable to DNS Cache Poisoning which
entails hackers sending out deceptive entries to a DNS
Server in order to corrupt the stored information
• DNS Servers vulnerable to DoS attacks and unauthorized
zone transfers
8. Trivial File Transfer Protocol (TFTP)
• Operates on 69
• Requires no authentication
• Implemented to transfer router configuration files
HyperText Transfer Protocol (HTTP)
• TCP Service and operates on port 80
• HTTP connection model depicted as stateless connection
• Utilises a request/response protocol entailing client
sending request and server sending response.
• Securities vulnerabilities include server attacks, browser
attacks, script attacks
9. Simple Network Management Protocol (SNMP)
• UDP service operates on ports 161 and 162
• Viewed cost effective to perform monitoring of networks
• Provisions agents to collate network information and
report back to management stations
• Security vulnerabilities include Strings passed as clear
text and default community strings (public/private) are
well known