Ports pinged by trojans

Discussion in 'other security issues & news' started by Peaches4U, Nov 4, 2003.

Thread Status:
Not open for further replies.
  1. Peaches4U

    Peaches4U Registered Member

    Nov 22, 2002
    At my computer
    Some of you might find the following interesting.

    Common Ports
    20 FTP data (File Transfer Protocol)
    21 FTP (File Transfer Protocol)
    22 SSH (Secure Shell)
    23 Telnet
    25 SMTP (Send Mail Transfer Protocol)
    43 whois
    53 DNS (Domain Name Service)
    68 DHCP (Dynamic Host Control Protocol)
    79 Finger
    80 HTTP (HyperText Transfer Protocol)
    110 POP3 (Post Office Protocol, version 3)
    115 SFTP (Secure File Transfer Protocol)
    119 NNTP (Network New Transfer Protocol)
    123 NTP (Network Time Protocol)
    137 NetBIOS-ns
    138 NetBIOS-dgm
    139 NetBIOS
    143 IMAP (Internet Message Access Protocol)
    161 SNMP (Simple Network Management Protocol)
    194 IRC (Internet Relay Chat)
    220 IMAP3 (Internet Message Access Protocol 3)
    389 LDAP (Lightweight Directory Access Protocol)
    443 SSL (Secure Socket Layer)
    445 SMB (NetBIOS over TCP)
    666 Doom
    993 SIMAP (Secure Internet Message Access Protocol)
    995 SPOP (Secure Post Office Protocol)

    Ports between 1024 and 29151 are known as the Registered Ports.
    Basically, programs are supposed to register their use of these ports and thereby try to be careful and avoid stomping on each other. Here are some common ports and their programs.

    1243 SubSeven (Trojan - security risk!)
    1352 Lotus Notes
    1433 Microsoft SQL Server
    1494 Citrix ICA Protocol
    1521 Oracle SQL
    1604 Citrix ICA / Microsoft Terminal Server
    2049 NFS (Network File System)
    3306 mySQL
    4000 ICQ
    5010 Yahoo! Messenger
    5190 AOL Instant Messenger
    5632 PCAnywhere
    5800 VNC
    5900 VNC
    6000 X Windowing System
    6699 Napster
    6776 SubSeven (Trojan - security risk!)
    7070 RealServer / QuickTime
    7778 Unreal
    8080 HTTP
    26000 Quake
    27010 Half-Life
    27960 Quake III
    31337 BackOrifice (Trojan - security risk!)

    For a complete list of Trojans & their ports, see
  2. meneer

    meneer Registered Member

    Nov 27, 2002
    The Netherlands
  3. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    I always use the lookup utilities with the most complete ports lists in TDS and PE. But the other lists on the board might bring you further to descriptions of the trojans.

    Mind you: if netstat shows a connection or a portscan shows one of the default ports it doesn't mean immediately you're badly infected and panic, the firewall blocked it anyway to start with, but it might be a reason to look further into it.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.