Hacker News new | past | comments | ask | show | jobs | submit login
65k Open TCP Ports (zorinaq.com)
164 points by mrb on Oct 20, 2011 | hide | past | favorite | 27 comments



He missed port 0, although it requires special fuckery on both ends to make use of, so no big loss anyway.


He does mention port 65535 and calls it a "restricted port". Anyone have an idea why? Is it used/reserved for anything special? I have googled and that turns up only some trojans using the port...


The comment on the reason port 601 is blocked in chrome is quite funny. http://src.chromium.org/svn/trunk/src/net/base/net_util.cc


Someone was too lazy to google it:

syslog-conn 601/tcp Reliable Syslog Service syslog-conn 601/udp Reliable Syslog Service

Really? QOTD is blocked? What big threat is there from quote of the day? Did some nerd just sit down and arbitrarily pick antiquated unix services and mark them as "unsafe?"


for the lazy

  static const int kRestrictedPorts[] = {
  1,    // tcpmux
  ..
  587,  // stmp?
  601,  // ??
  636,  // ldap+ssl
  .. };


If I were BOFH i would allow all connections to the open.zorinaq.com


I never realized Chrome blocked some specific ports. Makes sense I guess - but I'll have to remember not to run a webserver on those ports.


At first you might think "why should Chrome protect people who forget to firewall their intranet?" but the real problem browsers are defending against is some page doing a million <img src='http://10.0.0.1:139>; against an internal service that doesn't handle it well. (Or worse, a POST.)

(PS: HN shows extra characters than what I typed in that HTML. Might be an XSS vulnerability in there.)


This actually also has to do with cross protocol attacks. http://i8jesus.com/?p=75


There was an attack last year on freenode which worked like this... javascript did an automatic POST to irc.freenode.net:6667 with form data that included IRC commands to spam channels etc.

Unfortunately at the time their ircd didn't care about the 'POST / HTTP headers', and lovingly accepted the spam.


Firefox is blocking port 25 with a warning message.


"This address is restricted

This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection. "

This 'port banning' is described in http://www-archive.mozilla.org/projects/netlib/PortBanning.h..., and the page at http://agiletesting.blogspot.com/2008/09/getting-around-fire... describes how you can use about:config to disable the blocking:

"1) go to about:config in the Firefox address bar

2) right click, choose new->string

3) enter the name network.security.ports.banned.override and the value '1-65535' (without the quotes) "

I tried it, and it worked: http://open.zorinaq.com:25/


I wrote a quick script to do port testing with the server.

This script should work with any system that has curl with some little modifications, but I've only tested it in fedora 15. You can find it from codepad and the script will run over all ports if the port range has not been specified.

The first terminal argument will be the range start and second argument will be the range end. For example: php port_test.php 1 24 will run the test on ports 1-24

http://codepad.org/8O1WDywv


You can use bash expansion to do this:

    curl http://open.zorinaq.com:{100..200}/
Unfortunately the server doesn't send back the port number in the HTML. Use this to see which port numbers you can connect to:

    curl -v http://open.zorinaq.com:{100..600}/ 2>&1 | grep 'Connected to'


Oh yes! I forgot totally about bash expansion. :)


and a perl one-liner, just for the sake of it:

   perl -MLWP::Simple=\$ua -le 'print"port $_ - ".$ua->get("http://open.zorinaq.com:$_")->status_line for 1..65535'


For some time I've ran a box with PF forwarding all TCP ports to an SSH server. That plus a simple nmap connect scan has proved handy for countless annoying networks that try to block "common" ports, poorly configured captive portal networks, etc. It's amazing how many "restricted" networks allow TCP 1, 53, 1723, 8080, and a few others out to the open net.


Would be nice to show the port you've accessed in the body (useful for scripting etc).


Nice site. You can do the same thing by running tcpdump on a remote host and nmapping every port. You can do this your self or work with a friend.

Cool site nonetheless. Makes it easy for non-techies to do.


Been looking for something like this for a very, very, long time. Certainly makes egress filter testing a hell of a lot easier. Thank you!


Dude, slap some Google ads on this, is great idea


Port 79 doesn't work. What port is that?


http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_number...

Port 79: Finger


Maybe you can thank rtm for this port being banned


  grep '\b79' /etc/services
  finger		79/tcp


You may prefer: grep -w 79 /etc/services


    getent services 79
(Advantage is that getent will follow your nsswitch.conf configuration to find your actual service database).




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: