Honeypots for Windows (Books for Professionals by Professionals)
| ||||||||||||
| |||||
As I’ve stressed in this chapter, when creating your Windows honeypot, it is important to recognize what ports do and don’t belong to a particular Windows version. Tables 3-13 and 3-14 list the common Windows UDP and TCP ports, respectively, by platform. In the tables, an X means the service, and thus its default port, is available on that platform, and a - means that it is not available.
Note | It is also important that an emulated honeypot correctly responds at the IP stack level to ICMP, UDP, and TCP fingerprinting probes. This will be covered in Chapter 4. |
Ports/Platform | 9x | Me | NT | 2000 | XP | 2003 |
---|---|---|---|---|---|---|
7—Echo | - | - | X | X | X | X |
9—Discard | - | - | X | X | X | X |
13—Time | - | - | X | X | X | X |
17—Quote of the Day | - | - | X | X | X | X |
19—CharGen | - | - | X | X | X | X |
53—DNS | - | - | X | X | - | X |
67, 68—DHCP | - | - | X | X | X | X |
88—Kerberos | - | - | - | X | X | X |
123—NTP | - | - | - | X | X | X |
135—RPC | X | X | X | X | X | X |
137—NetBIOS | X | X | X | X | X | X |
138—NetBIOS | X | X | X | X | X | X |
379, 389—LDAP | With special client software | With special client software | With special client software | X | X | X |
445—CIFS | - | - | - | X | X | X |
464—Kerberos | - | - | X | X | X | |
500—IPSec | - | - | With special client software | X | X | X |
1434—SQL | - | - | X | X | - | X |
1645—IAS | - | - | - | X | - | X |
1646—IAS | - | - | - | X | - | X |
1701—L2TP | - | - | With special client software | X | X | X |
1812—IAS | - | - | - | X | - | X |
1813—IAS | - | - | - | X | - | X |
1900—UPnP | - | X | - | - | X | - |
4500—IPSec | With special client software | - | With special client software | X | X | X |
8080—Proxy | - | - | With proxy software | With proxy software | With proxy software | With proxy software |
Ports/Platform | 9x | Me | NT | 2000 | XP | 2003 |
---|---|---|---|---|---|---|
7—Echo | - | - | X | X | X | X |
9—Discard | - | - | X | X | X | X |
13—Time | - | - | X | X | X | X |
17—Quote of the Day | - | - | X | X | X | X |
19—CharGen | - | - | X | X | X | X |
20, 21—FTP | - | - | FTP service in IIS | FTP service in IIS | FTP service in IIS | FTP service in IIS |
23—Telnet | - | - | Only with Services for Unix | X | - | X |
25-SMTP | - | - | With IIS or Exchange | With IIS or Exchange | With IIS | With IIS or Exchange |
42—WINS | - | - | X | X | - | X |
53—DNS | - | - | X | X | - | X |
70—Gopher | - | - | With IIS | With IIS | With IIS | With IIS |
80—HTTP | With Personal Web Server | With Personal Web Server | With IIS | With IIS | With IIS | With IIS |
88—Kerberos | - | - | - | X | X | X |
102—X.400 | - | - | With Exchange | With Exchange | - | With Exchange |
110—POP3 | - | - | With Exchange | With Exchange | - | With Exchange |
119—NNTP | - | - | With Exchange | With Exchange | - | With Exchange |
135—RPC | X | X | X | X | X | X |
137—NetBIOS | X | X | X | X | X | X |
139—NetBIOS | X | X | X | X | X | X |
143—IMAP | X | X | With Exchange | With Exchange | - | With Exchange |
161, 162—SNMP | - | - | X | X | X | X |
379, 389—LDAP | With special client software | With special client software | With special client software | X | X | X |
443—HTTPS | - | - | With IIS | With IIS | With IIS | With IIS |
515—IPP | - | - | - | With IIS | With IIS | With IIS |
563—SNEWS | - | - | - | X | X | X |
593—RPC over HTTP | - | - | - | X | - | X |
636—LDAP SSL | - | - | - | X | - | X |
993—IMAP SSL | - | - | - | X | - | X |
995—POP SSL | - | - | - | X | - | X |
1067, 1068—IBS | - | - | - | X | - | X |
1433—SQL Server | - | - | X | X | - | X |
3268, 3269—Global Catalog | - | - | - | X | - | X |
3389—Terminal Server, RDP | - | - | X | X | X | X |
5000—UPnP | - | X | - | - | X | - |
8080—Proxy | X | X | With proxy software | With proxy software | With proxy software | With proxy software |
Note | Port 2869 is used by UPnP starting with XP Pro Service Pack 2. |
| |||||