Results 1 to 4 of 4

Thread: Common Ports and their Services/Trojans

  1. January 26th, 2002, 05:24 PM #1
    ac1dsp3ctrum
    ac1dsp3ctrum is offline
    Banned
    Join Date
    Oct 2001
    Posts
    1,459

    Post Common Ports and their Services/Trojans

    Well... I was looing around my computer today and I found this file on it... I hope its useful for someone here on AO

    FTP 21/tcp Back Construction, Blade Runner, Doly Trojan, Fore, FTP trojan, Invisible FTP, Larva, WebEx, WinCrash
    TELNET 23/tcp Tiny Telnet Server (= TTS)
    SMTP 25/tcp Ajan, Antigen, Email Password Sender, Haebu Coceda (= Naebi), Happy 99, Kuang2, ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy
    tcp19 19/tcp Chargen
    tcp31 31/tcp Agent 31, Hackers Paradise, Masters Paradise
    tcp41 41/tcp Deep Throat Info
    tcp53 53/tcp DNS
    tcp58 58/tcp DM Setup
    tcp59 59/tcp DMSetup
    tcp79 79/tcp Firehotcker
    tcp80 80/tcp Executor, RingZero
    tcp98 98/tcp TAC News, linuxconf
    tcp99 99/tcp Hidden Port
    tcp110 110/tcp ProMail trojan
    tcp113 113/tcp [auth] Kazimas
    tcp119 119/tcp Happy 99
    tcp121 121/tcp Jammer Killah
    tcp129 129/tcp Password Generator Protocol
    udp135 135/udp Netbios Remote procedure call
    udp137 137/udp Netbios name (DoS attacks)
    tcp138 138/tcp Netbios datagram (DoS attacks)
    udp138 138/udp Netbios datagram
    tcp139 139/tcp Netbios session (DoS attacks)
    udp139 139/udp Netbios session (DoS attacks)
    tcp421 421/tcp TCP Wrappers
    tcp456 456/tcp Hacker's Paradise
    tcp531 531/tcp Rasmin
    tcp555 555/tcp Ini-Killer, NeTAdmin, Phase Zero, Stealth Spy
    tcp666 666/tcp Attack FTP, Back Construction, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyre
    tcp911 911/tcp Dark Shadow
    tcp999 999/tcp DeepThroat, WinSatan
    tcp1001 1001/tcp Silencer, WebEx
    tcp1010 1010/tcp Doly Trojan
    tcp1011 1011/tcp Doly Trojan
    tcp1012 1012/tcp Doly Trojan
    tcp1015 1015/tcp Doly Trojan
    tcp1024 1024/tcp NetSpy
    tcp1027 1027/tcp ICQ
    tcp1029 1029/tcp ICQ
    tcp1032 1032/tcp ICQ
    tcp1042 1042/tcp Bla
    tcp1045 1045/tcp Rasmin
    tcp1080 1080/tcp Socks/Wingate (Used to detect Wingate sniffers)
    tcp1090 1090/tcp Xtreme
    tcp1170 1170/tcp Psyber Stream Server, Streaming Audio trojan, Voice
    tcp1234 1234/tcp Ultors Trojan
    tcp1243 1243/tcp BackDoor-G, SubSeven, SubSeven Apocalypse
    tcp1245 1245/tcp VooDoo Doll
    tcp1269 1269/tcp Maverick's Matrix
    udp1349 1349/udp BackOrifice DLL Comm
    tcp1492 1492/tcp FTP99CMP
    tcp1509 1509/tcp Psyber Streaming Server
    tcp1600 1600/tcp Shivka-Burka
    tcp1807 1807/tcp SpySender
    tcp1981 1981/tcp Shockrave
    tcp1999 1999/tcp BackDoor, TransScout
    tcp2000 2000/tcp Remote Explorer, TransScout
    tcp2001 2001/tcp TransScout, Trojan Cow
    tcp2002 2002/tcp TransScout
    tcp2003 2003/tcp TransScout
    tcp2004 2004/tcp TransScout
    tcp2005 2005/tcp TransScout
    tcp2023 2023/tcp Ripper
    tcp2086 2086/tcp Netscape/Corba exploit
    tcp2115 2115/tcp Bugs
    tcp2140 2140/tcp Deep Throat, The Invasor
    udp2140 2140/udp Deep Throat
    tcp2155 2155/tcp Illusion Mailer
    tcp2283 2283/tcp HLV Rat5
    tcp2565 2565/tcp Striker
    tcp2583 2583/tcp WinCrash
    tcp2600 2600/tcp Digital RootBeer
    tcp2801 2801/tcp Phineas Phucker
    udp2989 2989/udp RAT
    tcp3024 3024/tcp WinCrash
    tcp3028 3028/tcp Ring Zero
    tcp3128 3128/tcp RingZero
    tcp3129 3129/tcp Master's Paradise
    tcp3150 3150/tcp Deep Throat, The Invasor
    udp3150 3150/udp Deep Throat
    tcp3459 3459/tcp Eclipse 2000
    tcp3700 3700/tcp Portal of Doom
    tcp3791 3791/tcp Eclypse
    udp3801 3801/udp Eclypse
    tcp4092 4092/tcp WinCrash
    tcp4321 4321/tcp BoBo
    tcp4567 4567/tcp File Nail
    tcp4590 4590/tcp ICQ Trojan
    tcp5000 5000/tcp Bubbel, Back Door Setup, Sockets de Troie
    tcp5001 5001/tcp Back Door Setup, Sockets de Troie
    tcp5011 5011/tcp One of the Last Trojans (OOTLT)
    tcp5031 5031/tcp NetMetro
    tcp5321 5321/tcp Firehotcker
    tcp5400 5400/tcp Blade Runner, Back Construction
    tcp5401 5401/tcp Blade Runner, Back Construction
    tcp5402 5402/tcp Blade Runner, Back Construction
    tcp5512 5512/tcp Illusion Mailer, Xtcp
    tcp5550 5550/tcp Xtcp
    tcp5555 5555/tcp ServeMe
    tcp5556 5556/tcp BO Facil
    tcp5557 5557/tcp BO Facil
    tcp5569 5569/tcp Robo-Hack
    tcp5742 5742/tcp WinCrash
    tcp6400 6400/tcp The Thing
    tcp6669 6669/tcp Vampyre
    tcp6670 6670/tcp Deep Throat
    tcp6671 6671/tcp Deep Throat
    tcp6711 6711/tcp Sub Seven
    tcp6712 6712/tcp Sub Seven
    tcp6713 6713/tcp Sub Seven
    tcp6771 6771/tcp Deep Throat
    tcp6776 6776/tcp BackDoor-G, SubSeven
    tcp6912 6912/tcp **** Heep (not port 69123!)
    tcp6939 6939/tcp Indoctrination
    tcp6969 6969/tcp GateCrasher, Priority, IRC 3
    tcp6970 6970/tcp Gate Crasher
    tcp7000 7000/tcp Remote Grab, Kazimas
    tcp7300 7300/tcp Net Monitor
    tcp7301 7301/tcp Net Monitor
    tcp7306 7306/tcp Net Monitor
    tcp7307 7307/tcp Net Monitor
    tcp7308 7308/tcp Net Monitor
    tcp7789 7789/tcp Back Door Setup, ICKiller
    tcp8080 8080/tcp Ring Zero
    tcp9400 9400/tcp InCommand
    tcp9872 9872/tcp Portal of Doom
    tcp9873 9873/tcp Portal of Doom
    tcp9874 9874/tcp Portal of Doom
    tcp9875 9875/tcp Portal of Doom
    tcp9876 9876/tcp Cyber Attacker
    tcp9878 9878/tcp Trans Scout
    tcp9989 9989/tcp iNi-Killer
    tcp10067 10067/tcp Portal of Doom
    udp1006710067/udp Portal of Doom
    tcp10101 10101/tcp BrainSpy
    tcp10167 10167/tcp Portal of Doom
    udp1016710167/udp Portal of Doom
    tcp10520 10520/tcp Acid Shivers
    tcp10607 10607/tcp Coma
    tcp11000 11000/tcp Senna Spy
    tcp11223 11223/tcp Progenic Trojan
    tcp12076 12076/tcp GJamer
    tcp12223 12223/tcp Hack-99 KeyLogger
    tcp12345 12345/tcp GabanBus, NetBus, Pie Bill Gates, X-bill, Ultor's Trojan
    tcp12346 12346/tcp GabanBus, NetBus, X-bill
    tcp12361 12361/tcp Whack-a-mole
    tcp12362 12362/tcp Whack-a-mole
    tcp12456 12456/tcp NetBus
    tcp12631 12631/tcp Whack Job
    tcp13000 13000/tcp Senna Spy
    tcp16969 16969/tcp Priority
    tcp17300 17300/tcp Kuang2 The Virus
    tcp20000 20000/tcp Millennium
    tcp20001 20001/tcp Millennium
    tcp20034 20034/tcp NetBus 2 Pro
    tcp20203 20203/tcp Logged
    tcp21544 21544/tcp GirlFriend
    tcp21554 21554/tcp GirlFriend
    tcp22222 22222/tcp Prosiak
    tcp23456 23456/tcp Evil FTP, Ugly FTP, Whack Job
    tcp23476 23476/tcp Donald Dick
    tcp23477 23477/tcp Donald Dick
    tcp26274 26274/tcp Delta Source
    udp26274 26274/udp Delta Source
    udp27374 27374/udp Sub-7 2.1
    udp27444 27444/udp Trinoo Daemon (denial of service)
    tcp27573 27573/tcp Sub-7 2.1
    udp27573 27573/udp Sub-7 2.1
    tcp27665 27665/tcp Trinoo Master (denial of service)
    tcp29891 29891/tcp The Unexplained
    udp29891 29891/udp The Unexplained
    tcp30029 30029/tcp AOL Trojan
    tcp30100 30100/tcp NetSphere
    tcp30101 30101/tcp NetSphere
    tcp30102 30102/tcp NetSphere
    tcp30303 30303/tcp Sockets de Troie
    tcp30999 30999/tcp Kuang2
    udp3133531335/udp Trinoo Master (denial of service)
    tcp31336 31336/tcp Bo Whack
    tcp31337 31337/tcp Baron Night, BO client, BO2, Bo Facil, Netpatch
    udp3133731337/udp BackFire, Back Orifice, DeepBO
    tcp31338 31338/tcp NetSpy DK
    udp31338 31338/udp Back Orifice, DeepBO
    tcp31339 31339/tcp NetSpy DK
    tcp31666 31666/tcp BOWhack
    tcp31785 31785/tcp Hack-a-Tack
    tcp31787 31787/tcp Hack-a-Tack
    tcp31788 31788/tcp Hack-a-Tack
    udp31789 31789/udp Hack-a-Tack
    udp31791 31791/udp Hack-a-Tack
    tcp31792 31792/tcp Hack-a-Tack
    tcp33333 33333/tcp Prosiak
    udp33390 33390/udp Unknown trojan
    tcp33911 33911/tcp Spirit 2001 a
    tcp34324 34324/tcp BigGluck, TN
    udp34555 34555/udp unnamed DDOS tool Master->Client (Trinoo offshoot)
    udp35555 35555/udp unnamed DDOS tool Client->Master (Trinoo offshoot)
    tcp40412 40412/tcp The Spy
    tcp40421 40421/tcp Agent 40421, Masters Paradise
    tcp40422 40422/tcp Master's Paradise
    tcp40423 40423/tcp Master's Paradise
    tcp40425 40425/tcp Master's Paradise
    tcp40426 40426/tcp Masters Paradise
    tcp47252 47252/tcp Delta Source
    udp47262 47262/udp Delta Source
    tcp50505 50505/tcp Detects & blocks Sokets de Trois v2.
    tcp50766 50766/tcp Fore, Schwindler
    tcp53001 53001/tcp Remote Windows Shutdown
    tcp54320 54320/tcp Back Orifice 2000
    udp54320 54320/udp Back Orifice
    tcp54321 54321/tcp School Bus, Back Orifice
    udp54321 54321/udp Back Orifice 2000
    tcp60000 60000/tcp Deep Throat
    tcp61466 61466/tcp Telecommando
    tcp65000 65000/tcp Devil
  2. January 28th, 2002, 11:28 AM #2
    Pooh-Bear
    Pooh-Bear is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    276

    Smile

    That´s some scary reading, I know there´s alot of evil programs out there but I still get the hickups when I see lists like this one.
    Dear Santa, I liked the mp3 player I got but next christmas I want a SA-7 surface to air missile
  3. January 28th, 2002, 01:02 PM #3
    s0nIc
    s0nIc is offline
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    well i also have something which you guys might wanna have a look at..
    ive seen lost of people here askin "What is port *such and such* and what is it for?"

    well peeps.. this works on windows but i dunno if it works on other O/S..

    search for a file called "services" it doesnt have any extensions.. but yeah.. search for it and open it with notepad... and it varies from one OS to another..

    mine looks like this..

    NOTE: I attached a txt version of my services file.. have a look at it coz the txt alignment in this post is farked a bit..

    # Copyright (c) 1993-1995 Microsoft Corp.
    #
    # This file contains port numbers for well-known services as defined by
    # RFC 1060 (Assigned Numbers).
    #
    # Format:
    #
    # <service name> <port number>/<protocol> [aliases...] [#<comment>]
    #

    echo 7/tcp
    echo 7/udp
    discard 9/tcp sink null
    discard 9/udp sink null
    systat 11/tcp
    systat 11/tcp users
    daytime 13/tcp
    daytime 13/udp
    netstat 15/tcp
    qotd 17/tcp quote
    qotd 17/udp quote
    chargen 19/tcp ttytst source
    chargen 19/udp ttytst source
    ftp-data 20/tcp
    ftp 21/tcp
    telnet 23/tcp
    smtp 25/tcp mail
    time 37/tcp timserver
    time 37/udp timserver
    rlp 39/udp resource # resource location
    name 42/tcp nameserver
    name 42/udp nameserver
    whois 43/tcp nicname # usually to sri-nic
    domain 53/tcp nameserver # name-domain server
    domain 53/udp nameserver
    nameserver 53/tcp domain # name-domain server
    nameserver 53/udp domain
    mtp 57/tcp # deprecated
    bootp 67/udp # boot program server
    tftp 69/udp
    rje 77/tcp netrjs
    finger 79/tcp
    link 87/tcp ttylink
    supdup 95/tcp
    hostnames 101/tcp hostname # usually from sri-nic
    iso-tsap 102/tcp
    dictionary 103/tcp webster
    x400 103/tcp # ISO Mail
    x400-snd 104/tcp
    csnet-ns 105/tcp
    pop 109/tcp postoffice
    pop2 109/tcp # Post Office
    pop3 110/tcp postoffice
    portmap 111/tcp
    portmap 111/udp
    sunrpc 111/tcp
    sunrpc 111/udp
    auth 113/tcp authentication
    sftp 115/tcp
    path 117/tcp
    uucp-path 117/tcp
    nntp 119/tcp usenet # Network News Transfer
    ntp 123/udp ntpd ntp # network time protocol (exp)
    nbname 137/udp
    nbdatagram 138/udp
    nbsession 139/tcp
    NeWS 144/tcp news
    sgmp 153/udp sgmp
    tcprepo 158/tcp repository # PCMAIL
    snmp 161/udp snmp
    snmp-trap 162/udp snmp
    print-srv 170/tcp # network PostScript
    vmnet 175/tcp
    load 315/udp
    vmnet0 400/tcp
    sytek 500/udp
    biff 512/udp comsat
    exec 512/tcp
    login 513/tcp
    who 513/udp whod
    shell 514/tcp cmd # no passwords used
    syslog 514/udp
    printer 515/tcp spooler # line printer spooler
    talk 517/udp
    ntalk 518/udp
    efs 520/tcp # for LucasFilm
    route 520/udp router routed
    timed 525/udp timeserver
    tempo 526/tcp newdate
    courier 530/tcp rpc
    conference 531/tcp chat
    rvd-control 531/udp MIT disk
    netnews 532/tcp readnews
    netwall 533/udp # -for emergency broadcasts
    uucp 540/tcp uucpd # uucp daemon
    klogin 543/tcp # Kerberos authenticated rlogin
    kshell 544/tcp cmd # and remote shell
    new-rwho 550/udp new-who # experimental
    remotefs 556/tcp rfs_server rfs# Brunhoff remote filesystem
    rmonitor 560/udp rmonitord # experimental
    monitor 561/udp # experimental
    garcon 600/tcp
    maitrd 601/tcp
    busboy 602/tcp
    acctmaster 700/udp
    acctslave 701/udp
    acct 702/udp
    acctlogin 703/udp
    acctprinter 704/udp
    elcsd 704/udp # errlog
    acctinfo 705/udp
    acctslave2 706/udp
    acctdisk 707/udp
    kerberos 750/tcp kdc # Kerberos authentication--tcp
    kerberos 750/udp kdc # Kerberos authentication--udp
    kerberos_master 751/tcp # Kerberos authentication
    kerberos_master 751/udp # Kerberos authentication
    passwd_server 752/udp # Kerberos passwd server
    userreg_server 753/udp # Kerberos userreg server
    krb_prop 754/tcp # Kerberos slave propagation
    erlogin 888/tcp # Login and environment passing
    kpop 1109/tcp # Pop with Kerberos
    phone 1167/udp
    ingreslock 1524/tcp
    maze 1666/udp
    nfs 2049/udp # sun nfs
    knetd 2053/tcp # Kerberos de-multiplexor
    eklogin 2105/tcp # Kerberos encrypted rlogin
    rmt 5555/tcp rmtd
    mtb 5556/tcp mtbd # mtb backup
    man 9535/tcp # remote man server
    w 9536/tcp
    mantst 9537/tcp # remote man server, testing
    bnews 10000/tcp
    rscs0 10000/udp
    queue 10001/tcp
    rscs1 10001/udp
    poker 10002/tcp
    rscs2 10002/udp
    gateway 10003/tcp
    rscs3 10003/udp
    remp 10004/tcp
    rscs4 10004/udp
    rscs5 10005/udp
    rscs6 10006/udp
    rscs7 10007/udp
    rscs8 10008/udp
    rscs9 10009/udp
    rscsa 10010/udp
    rscsb 10011/udp
    qmaster 10012/tcp
    qmaster 10012/udp
  4. January 28th, 2002, 01:46 PM #4
    the_g_nee
    the_g_nee is offline
    Senior Member
    Join Date
    Jan 2002
    Posts
    206
    I wonder how many new trojans will be built by this time next week?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules