Looking for code red , nimda and Msblast worms port number

Hello Everybody,
i would like to get your attention because i need you guys help .. i am doing my final year project.. so i got to test different worms with my honey pot system and analyze the result.. in order to do that i need to know which ports code red, nimda and msblaster used to propagete over the network..

i will be very happy if you help me to sort out my problem .. Thank you...

 

Hi, very interesting question, i had to scratch my head for a bit..lol, an look up old logs etc.

Code Red- released 2001 performed attack on TCP port 80, it sent Emails to addresses preloaded into its code, the amount of mail slowed the internet down to a crawl, i think the main target at first was the White house.

Nimda- released 2001,scaned for backdoors left open from previous Code Red infections, so I believe that it also would have tried to access TCP port 80 at first, though at later dates it may have evolved to different stratergies, i think from memory that Nimda was the first to spread by differing ways, I.E email, Server & Web pages.

MSblasater- released 2003 exploited Microsoft DCOM remote procedure call (RPC), it attacked TCP port 135 at first then also TCP 139 - 445.
This is the original MSblaster, later varients have evolved.

I hope that this info helps.