Why Do My Computer Ports Get Probed?

"...Like breeze blowing through the windows on a house, ports are just hardware locations used for passing data in and out. Like the breeze blowing in and out of the window, computers send information out (and receive data in) though these windows, or ports. (Not to confuse you but computers have internal ports (for connecting disk drives, monitors, keyboards, etc) as well as external ports (for connecting modems, printers, mouse devices, and other peripheral devices). But I'm not going to geek out about internal or external ports, let's just keep it simple here. How about an example?

• I'm using port 80 (yes, I'm a web server computer) for sending this web page to your web browser. I'm do this by reading the web page off my disk then send it flying out of my port 80, over the merry Internet, all the way to your blazing fast computer. Your computer will receive it through a "receiving port" (which will not be port 80) and finally your web browser will read the HTML code and display it as the nice-looking web page you're reading right now.

But why port 80? Why do web servers use port 80? Nothing special about that number - people just got together and willy-nilly decided that port 80 would be the default port on which a web server would send out its content. Don't believe me? Ok, try this out: Go to your favorite web site, let's say http://www.t1shopper.com/ but instead of typing it in like you usually would, add a ":80" after the ".com" part, like this: http://www.t1shopper.com:80/. Magic! You'll get the same web page even if you specify the port number!

So what's the advantage of having port numbers like this? Well, with publicly-agreed on port numbering, entering a port number becomes optional! Yes, it's faster - we don't have to type our fingers silly entering the port number every time. Instead of http://www.t1shopper.com:80/ we can just type http://www.t1shopper.com/ and our computers know (because of the http prefix) that we are requesting a web page and so it uses port 80 by default, without us having to type it. Aren't computers fun!

Ok, let's really geek out! Port numbers have been divided into three ranges: the Well Known Ports (0 through 1023), the Registered Ports (1024 through 49151), and the Dynamic and/or Private Ports (these are very highest ports 49152 through 65535 and usually used for receiving data, as in our example above). And who keeps track of all these default port numbers, port lists and protocols? The Internet Assigned Numbers Authority. IANA not only coordinates this but also all the worldwide domain names and IP address assignments. They're busy. If you are a true geek, you'll enjoy the dry reading at RFC793 which gives the full technical description of ports.

Some viruses attack specific ports on your computer as part of their design such as the old SASSER virus which used TCP port 445. To test if you might be vulnerable to the SASSER virus, use the above port scan tool to scan port 445. If the portscan says it can get through port 445 on whatever firewall you hopefully have, and your computer's port 445 is also open/active, then you may be susceptible to the SASSER virus...."

http://www.t1shopper.com/tools/port-scan/

Here's a little blurb on UDP (user datagram protocol)...

http://condor.depaul.edu/jkristof/papers/udpscanning.pdf

The reason you may see oddball port numbers, is that new port numbers (sockets) can be returned to the client's initial request on the well-known port. The new connections have port numbers which are, for all intents and purposes, random. (Except they are chosen to not conflict with pre-assigned or well-known ports)