Ports pinged by trojans

Discussion in 'other security issues & news' started by Peaches4U, Nov 4, 2003.

Thread Status:
Not open for further replies.
  1. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Some of you might find the following interesting.

    http://governmentsecurity.org/articles/CommonPorts.php
    Common Ports
    20 FTP data (File Transfer Protocol)
    21 FTP (File Transfer Protocol)
    22 SSH (Secure Shell)
    23 Telnet
    25 SMTP (Send Mail Transfer Protocol)
    43 whois
    53 DNS (Domain Name Service)
    68 DHCP (Dynamic Host Control Protocol)
    79 Finger
    80 HTTP (HyperText Transfer Protocol)
    110 POP3 (Post Office Protocol, version 3)
    115 SFTP (Secure File Transfer Protocol)
    119 NNTP (Network New Transfer Protocol)
    123 NTP (Network Time Protocol)
    137 NetBIOS-ns
    138 NetBIOS-dgm
    139 NetBIOS
    143 IMAP (Internet Message Access Protocol)
    161 SNMP (Simple Network Management Protocol)
    194 IRC (Internet Relay Chat)
    220 IMAP3 (Internet Message Access Protocol 3)
    389 LDAP (Lightweight Directory Access Protocol)
    443 SSL (Secure Socket Layer)
    445 SMB (NetBIOS over TCP)
    666 Doom
    993 SIMAP (Secure Internet Message Access Protocol)
    995 SPOP (Secure Post Office Protocol)

    Ports between 1024 and 29151 are known as the Registered Ports.
    Basically, programs are supposed to register their use of these ports and thereby try to be careful and avoid stomping on each other. Here are some common ports and their programs.

    1243 SubSeven (Trojan - security risk!)
    1352 Lotus Notes
    1433 Microsoft SQL Server
    1494 Citrix ICA Protocol
    1521 Oracle SQL
    1604 Citrix ICA / Microsoft Terminal Server
    2049 NFS (Network File System)
    3306 mySQL
    4000 ICQ
    5010 Yahoo! Messenger
    5190 AOL Instant Messenger
    5632 PCAnywhere
    5800 VNC
    5900 VNC
    6000 X Windowing System
    6699 Napster
    6776 SubSeven (Trojan - security risk!)
    7070 RealServer / QuickTime
    7778 Unreal
    8080 HTTP
    26000 Quake
    27010 Half-Life
    27960 Quake III
    31337 BackOrifice (Trojan - security risk!)

    For a complete list of Trojans & their ports, see
    http://www.simovits.com/nyheter9902.html
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I always use the lookup utilities with the most complete ports lists in TDS and PE. But the other lists on the board might bring you further to descriptions of the trojans.

    Mind you: if netstat shows a connection or a portscan shows one of the default ports it doesn't mean immediately you're badly infected and panic, the firewall blocked it anyway to start with, but it might be a reason to look further into it.
     
Loading...
Thread Status:
Not open for further replies.