Hi All,

Over the last few months I have been to a few interview and some of the same question come up and they usually all about what services are running on what ports.

So my first question is how many ports do you think a Junior penetration tester should know off the top of his head ? top 10,20,30,50 ports

Second question is what would you say are the top 10,20,30,50 ports are depending on first answer

I guess these would be in there somewhere

80 hhtp
22 ssh
21 ftp
25 smtp
139 netbios
3306 mysql
156 sql server
23 telnet
443 https
53 dns

I would say you should probably know the top 10. If they asked you about SMTP for example and you couldn't cough up the port, it would probably look bad. However, if they asked you was ports the Shavlik agent listens on.....well you'd get extra points

Over time that stuff just gets ingrained into your brain.

I was just trying find out as I had a few interviews and some asked me port 80 what services runs on that what is fine but then I had few ask me stuff like what runs on port 79 and what runs on port 1 what I think are not exactly well know ports to a junior. or are they ?

There are too many to remember I think there should be a magical port that does everything! lol

this is just ridiculous, what if i decide to run a webserver on port 22 (or 1984, for the really 1337 people) just because i feel like it??? there are tons of other ways to poke in someone's brain to get an idea of their skill level...

@j0rDy - might I suggest that port numbers ARE important, esp when testing others' configurations, and knowing what type of responses to expect when communicating with them.  That said, the list of ports (important ones, anyway) isn't nearly as much data to learn, relative to other things you'll learn in security / pentesting, so I'd throw the 'ridiculous' aside, and just buckle in and learn them (if you don't already know them.)

Besides, if a company expects you to know them, whether or not YOU, I, or others think they are important really doesn't matter, so no use in NOT learning at least the COMMON ones...

@j0rDy - Do you think I would ignore conversations about the importance or lack thereof of knowing port numbers like these?  I would really like the interviewer to challenge questions like that and they might get bonus points for being able to do so.

One does not need to memorize those lists of ports if they are a student of the game.  Those ports should be well known to someone who has learned enough about security to warrant an interview, even at the jr. level, IMHO.

It also lets me see how they handle the situation.  Do they feed me a line, sound confident but are wrong, or did they take the time to look them up before the interview showing some level of preparedness.  It is kind of like asking for the 7 OSI layers in a network interview.  Do most non-networking geeks think they use that information on a daily basis? Probably not.  Does a networking geek know that they do in fact use that knowledge on a daily basis, definitely, and they can explain why there are important...without unnecessary memorization.  Do I care if they can identify the names of the layers?  Not really, if they can effectively explain what occurs at each layer.

I think the strategy an interviewer uses to obtain the best impressions of a candidate must still be a mystery to many interviewees.

I read the 1, 79, 111 as 179111. I was going to say I'm going to have to remember that for future use. To see if they know the top end port number.

I would seriously focus on the more "common" ones. 20, 21, 22, 23, 25, 53, 80, 88, 123, 135, 443, 445, 514, and 3389. Tell them that you haven't seen the others, but know how to find out what they are.

More importantly, at least I think so, let them know that you can find open ports on a network beyond just using nmap to scan. (If you really can).

Security is really where you find it. I spend most of my day doing VPN tunnels and Firewall changes. I would consider those security (not pen-testing, but I'm more a defensive person anyway). As soon as we get the hardware, I'll be doing website vulnerability scanning.

But as for direction, what do you want to do? I like trying to make systems hardened, so attackers have a harder time getting in. I like trying to protect the data. I like watching for things in packet dumps. But that's just me.

Problem solved: http://www.iana.org/assignments/port-numbers

Also, check out the nmap-services file. They list the "popularity" of each service.