Whenever a computer receives or transmits information, be it a home computer or a server, it does so through an open port that at some point connects to a router, which will then send the information over the internet. Depending on the type of data being processed, certain specific ports are used.
In proxy servers, there are several ports that are most commonly used. These protocols communicate with external devices, such as routers, by means of a protocol. Protocols are used in order to allow equipment to communicate with each other and establish how information is sent over the internet.
The most common protocol used by proxy ports is TCP – Transmission Control Protocol. TCP is an essential part of any TCP/IP network. While the IP – Internet Protocol – deals with the packets of data that is being transmitted, TCP is in charge of guaranteeing that these packets will be delivered and that they will arrive at their destination in the same order that they were sent through a specific port. Some ports use another type of protocol, which is UDP. Although UDP also establishes communication between ports, is does not guarantee it.
Other commonly used protocols are:
o HTTP – establishes the format in which web browsers and internet sites communicate with each other
o FTP – establishes formats for file transfers
o IMAP – determines communication between e-mail servers and their clients
o SSL Protocol – determines formats used for encrypted communication
The most commonly used proxy ports are:
TCP Port 80
Protocol / Name: WANRemote
Description: Standard web service port. When transferring sensitive data, port 443 is recommended as this is a vulnerable Trojan port. It should be tested to identify vulnerabilities if used, either through spyware removal programs or firewalls.
TCP Port 8000
Protocol / Name: iRDMI
Description: Not a Trojan port.
TCP Port 8080
Protocol / Name: http-alt
Description: An HTTP alternative port. It is a vulnerable Trojan port and should be tested to identify vulnerabilities if used, either through spyware removal programs or firewalls.
TCP Port 8081
Protocol / Name: blackice-logon
Description: Network Admin port for BlackIce’s intrusion detection program through its host-based firewall.
TCP Port 443
Protocol / Name: https
Description: A secure port which uses HTTP over SSL. Information sent through this port is encrypted via the SSL protocol.
TCP Port 444
Protocol / Name: snpp
Description: Uses Simple Network Paging Protocol for data transfers.
TCP Port 1080
Protocol / Name: socks
Description: A SOCKS port used for outbound TCP services, such as FTP and HTTP. As with port 80 and 8080, it is vulnerable to attacks. Attackers that connect to this port can bounce off to reach other internal hosts that are otherwise protected from direct attacks. Port scans should be made in order to listen for attempts of connection to this port.
TCP Port 2301
Protocol / Name: Cpq-wbem
Description: Compaq HTTP port.
TCP Port 3128
Protocol / Name: ReverseWWWTunnel
Description: Reverse WWW Tunnel Backdoor port.
TCP Port 3382
Protocol / Name: fujitsu-neat
Description: Fujitsu Net Enhanced Antitheft port.
More Stories
Embracing the Next Generation of Collaboration with Trellix Xpand
Elevate Your Defense: How Mandiant Ransomware Solutions Keep You Safe
Mastering Cyber Security Month: Rise to the Challenge with Confidence