Server applications, including those running on your desktop machine, bind to ports. That, in effect, "opens" the port on a particular machine. Once an application has bound to a port, it can communicate with the outside world via outgoing connections (like Firefox, for instance) or incoming connections (like Apache). The latter type is often the troublesome one, because a hacker can initiate an incoming connection whenever he likes.
Lets say you run Apache, on port 80 (80 is the standard for web servers). Now, if Apache has a bug (and Apache has LOTS of bugs), then those bugs might make apache itself a vulnerability. One common attack is a buffer overrun, in which a malicious hacker convinces apache to accept some code, then fools apache into executing it. The point is, it is the application that has the vulnerability, not the port itself.
So why run on a well known port, like 80? The only thing holding the web together is the assumption that web servers bind to port 80! (or 8080 for https). 80 is a 'well-known' port for HTTP. '22' is for secure sockets. '25' is SMTP, if I remember correctly. There are others. If you're interested, check out
http://www.iana.org/assignments/port-numbers
So here is the difference between attacking port 80 and port 65535:
80 is a very commonly used port, and you're very likely to find either Apache or Windows Server there -- both of which are widely used and have widely-known exploits.
65535 is in the 'unassigned' range -- usually it is only used for outgoing connections, and it is pretty unlikely you'll find something easy to exploit.
Facebook
Twitter