Computers : Ports

Probed Ports Listings.

Probed Ports Listing I

Service

Port

TCP/UDP

Explanation

Reserved

0

TCP/UDP

N/A

Sscan Signature

0 - 5

TCP

N/A

Ttymux

1

TCP

an effort to ID SGI Irix systems

echo

7

TCP/UDP

UDP Attack

systat

11

TCP

system/user information

chargen

19

TCP/UDP

potential UDP attack

ftp

20

TCP

FTP data port. Can be used in an ftp bounce attack

ftp

21

TCP

File Transfer Protocol

Ssh

22

TCP

Secure Shell

Ssh

22

TCP

PCAnywhere

PCAnywhere v. 8.x

22

UDP

N/A

Telnet

22

TCP

Remote login. Poor Authentication

DNS

53

TCP

Domain Name Service. Used in zone transfers. Used for >512 byte name queries as well

DNS

53

TCP

Domain Name Service. Used for name queries

Finger

79

TCP

Can obtain computer information

Linuxconf

98

TCP

System administration tool for linux, heavily probed, attack unknown.

POP2

109

TCP

Internet Mail

POP3

110

TCP

Internet Mail

SunRpc

111 / 32771

TCP

Remote Procedure Call. Very Dangerous. Don't run unless necessary.

NNTP

119

TCP

Internet News

Netbios - Name Service

137

TCP/UDP

Microsoft machines use this often

Netbios - Datagram Service

138

TCP/UDP

Microsoft machines use this often

Netbios - Session

139

TCP/UDP

Microsoft machines use this often.

IMAP

143

TCP

Internet Message Access Protocol. Don't need it = Don't run it.

SNMP

161

TCP

Used for network mapping

Exec

512

TCP

Remote process execution authentication performed using passwords and login names.

Login

513

TCP

Remote login. Don't need it = Don't run it

Who

513

UDP

Shows load averages, and who's logged in. Don't need it = Don't run it.

Cmd

514

TCP

Similar to Exec

Printer

515

TCP

Spooler

NCP

524

TCP

N/A

Mount

635

TCP

Mount. NFS mount service

Doly Version 1.1 & 1.2

1011

TCP

Trojan

Doly Version 1.5

1015

TCP

Trojan

Doly Version 1.6 & 1.7

1016

TCP

Trojan

Doly Version 1.35

1035

TCP

Trojan

Socks

1080

TCP

Recently has been gettign a lot of probes

NFS

2000

TCP

Network File System

Squid Proxy

3128

TCP

http://www.rusftpsearch.net/ Was searching and trying to exploit this service

ICQ

4000

UDP

Chat programs. Can be dangerous. Don't need it = Don't run it.

PCAnywhere v. 8.x & 9.x

5631

TCP

N/A

PCAnywhere v. 8.x & 9.x

5632

TCP

N/A

X-Windows

6000 +

TCP

Common exploit. Don't need it = Don't run it

Gnutella

6346

N/A

File server

IRC

6665 - 6669

TCP/UDP

Internet Relay Chat. Very dangerous. Don't need it = Don't run it

Wingate sniffers

8080

TCP

N/A

Netbus

12345-6, 20034

TCP

Remote control program. Considered by many to be a trojan.

Stacheldraht ddos

16660

TCP

ddos tool. Client -> Handler

SubSeven 2.1

27374

TCP

Trojan

Trinoo ddos

27444

UDP

ddos tool. Master -> Daemons

Trinoo ddos

27665

TCP

ddos tool. Intruder -> Master

Trinoo ddos

31335

UDP

ddos tool. Daemon -> Master

Back Orifice

31337

UDP

One of the most common Trojans

Hack 'a' Tack

31789-90

UDP

One of the most common Trojans

Unknown

32773

TCP

N/A

Traceroute

33434-33523

UDP

Common Network utility

Back Orifice 2K

54320 / 54321

UDP

One of the most common Trojans

Stacheldraht ddos

65000

TCP

ddos tool. Handler -> <- Agents

PCAnywhere v. 8.x

65301

TCP

N/A

Probed Ports Listing II

Here is another list of ports with the known trojans or application that runs on this port.

Port

Trojan or application that runs on this port

21

Blade Runner, Doly Trojan, Fore, Invisible, FTP, WebEx, WinCrash

23

Tiny Telnet Server

25

Antigen, Email Password Sender, Haebu, Coceda, Shtrilitz, Stealth, Terminator, WinPC, WinSpy

25

SMTP

31

Hackers Paradise

80

Executor, WWW

110

POP3

137

Name Service (Netbios over IP) Windows

138

Datagram Service (Netbios over IP) Windows

139

Session Service (Netbios over IP) Windows

456

Hackers Paradise

555

Ini-Killer, Phase Zero, Stealth Spy

666

Satanz Backdoor

777

AIM Spy

1000

Der Spaeher3, Insane Network

1001

Silencer, WebEx, Der Spaeher3, Insane Network

1011

Doly Trojan

1029

InCommand

1050

MiniCommand 1.2

1170

Psyber Stream Server, Voice

1207

SoftWar

1234

Ultors Trojan

1243

Sub 7.2

1245

VooDoo Doll

1492

FTP99CMP

1600

Shivka-Burka

1807

SpySender

1981

Shockrave

1999

BackDoor

2000

Der Spaeher3, Insane Network

2001

Trojan Cow, Der Spaeher3, Insane Network

2023

Ripper

2115

Bugs

2140

Deep Throat, The Invasor

2716

The Prayer

2801

Phineas Phucker

3024

WinCrash

3128

Squid Proxy

3129

Masters Paradise

3150

Deep Throat, The Invasor

3700

Portal of Doom

4092

WinCrash

4590

ICQTrojan

5000

Sockets de Troie

5001

Sockets de Troie

5031

NetMetropolitan2

5032

NetMetropolitan2

5321

Firehotcker

5400

Blade Runner

5401

Blade Runner

5402

Blade Runner

5569

Robo-Hack

5636

PC Crasher

5637

PC Crasher

5742

WinCrash

6000

The Thing

6666

TCPShell.c

6669

Host Control

6670

DeepThroat

6771

DeepThroat

6883

DeltaSource

6969

GateCrasher, Priority

7000

Remote Grab

7300

NetMonitor

7301

NetMonitor

7306

NetMonitor

7307

NetMonitor

7308

NetMonitor

7789

ICKiller

8080

Proxy

9872

Portal of Doom

9873

Portal of Doom

9874

Portal of Doom

9875

Portal of Doom

9989

iNi-Killer

9999

The Prayer

10067

Portal of Doom

10167

Portal of Doom

11000

Senna Spy

11050

Host Control

11223

Progenic trojan

12223

Hack´99 KeyLogger

12345

GabanBus, NetBus

12346

GabanBus, NetBus

12361

Whack-a-mole

12362

Whack-a-mole

12701

Eclipse2000

16484

Mosucker

16969

Priority

20001

Millennium

20034

NetBus 2 Pro

20203

Chupacabra

20331

Bla

21544

GirlFriend

21554

Schwindler

22222

Prosiak

23456

Evil FTP, Ugly FTP

26274

Delta

31337

Back Orifice

31338

Back Orifice, DeepBO

31339

NetSpy DK

31666

BOWhack

33333

Prosiak

34324

BigGluck, TinyTelnetServer, TN

37651

YetAnotherTrojan

40412

The Spy

40421

Masters Paradise

40422

Masters Paradise

40423

Masters Paradise

40426

Masters Paradise

47262

Delta

50505

Sockets de Troie

50766

Fore

53001

Remote Windows Shutdown

57341

NetRaider

61466

Telecommando

65000

Devil