-
January 26th, 2002, 05:24 PM
#1
Common Ports and their Services/Trojans
Well... I was looing around my computer today and I found this file on it... I hope its useful for someone here on AO
FTP 21/tcp Back Construction, Blade Runner, Doly Trojan, Fore, FTP trojan, Invisible FTP, Larva, WebEx, WinCrash
TELNET 23/tcp Tiny Telnet Server (= TTS)
SMTP 25/tcp Ajan, Antigen, Email Password Sender, Haebu Coceda (= Naebi), Happy 99, Kuang2, ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy
tcp19 19/tcp Chargen
tcp31 31/tcp Agent 31, Hackers Paradise, Masters Paradise
tcp41 41/tcp Deep Throat Info
tcp53 53/tcp DNS
tcp58 58/tcp DM Setup
tcp59 59/tcp DMSetup
tcp79 79/tcp Firehotcker
tcp80 80/tcp Executor, RingZero
tcp98 98/tcp TAC News, linuxconf
tcp99 99/tcp Hidden Port
tcp110 110/tcp ProMail trojan
tcp113 113/tcp [auth] Kazimas
tcp119 119/tcp Happy 99
tcp121 121/tcp Jammer Killah
tcp129 129/tcp Password Generator Protocol
udp135 135/udp Netbios Remote procedure call
udp137 137/udp Netbios name (DoS attacks)
tcp138 138/tcp Netbios datagram (DoS attacks)
udp138 138/udp Netbios datagram
tcp139 139/tcp Netbios session (DoS attacks)
udp139 139/udp Netbios session (DoS attacks)
tcp421 421/tcp TCP Wrappers
tcp456 456/tcp Hacker's Paradise
tcp531 531/tcp Rasmin
tcp555 555/tcp Ini-Killer, NeTAdmin, Phase Zero, Stealth Spy
tcp666 666/tcp Attack FTP, Back Construction, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyre
tcp911 911/tcp Dark Shadow
tcp999 999/tcp DeepThroat, WinSatan
tcp1001 1001/tcp Silencer, WebEx
tcp1010 1010/tcp Doly Trojan
tcp1011 1011/tcp Doly Trojan
tcp1012 1012/tcp Doly Trojan
tcp1015 1015/tcp Doly Trojan
tcp1024 1024/tcp NetSpy
tcp1027 1027/tcp ICQ
tcp1029 1029/tcp ICQ
tcp1032 1032/tcp ICQ
tcp1042 1042/tcp Bla
tcp1045 1045/tcp Rasmin
tcp1080 1080/tcp Socks/Wingate (Used to detect Wingate sniffers)
tcp1090 1090/tcp Xtreme
tcp1170 1170/tcp Psyber Stream Server, Streaming Audio trojan, Voice
tcp1234 1234/tcp Ultors Trojan
tcp1243 1243/tcp BackDoor-G, SubSeven, SubSeven Apocalypse
tcp1245 1245/tcp VooDoo Doll
tcp1269 1269/tcp Maverick's Matrix
udp1349 1349/udp BackOrifice DLL Comm
tcp1492 1492/tcp FTP99CMP
tcp1509 1509/tcp Psyber Streaming Server
tcp1600 1600/tcp Shivka-Burka
tcp1807 1807/tcp SpySender
tcp1981 1981/tcp Shockrave
tcp1999 1999/tcp BackDoor, TransScout
tcp2000 2000/tcp Remote Explorer, TransScout
tcp2001 2001/tcp TransScout, Trojan Cow
tcp2002 2002/tcp TransScout
tcp2003 2003/tcp TransScout
tcp2004 2004/tcp TransScout
tcp2005 2005/tcp TransScout
tcp2023 2023/tcp Ripper
tcp2086 2086/tcp Netscape/Corba exploit
tcp2115 2115/tcp Bugs
tcp2140 2140/tcp Deep Throat, The Invasor
udp2140 2140/udp Deep Throat
tcp2155 2155/tcp Illusion Mailer
tcp2283 2283/tcp HLV Rat5
tcp2565 2565/tcp Striker
tcp2583 2583/tcp WinCrash
tcp2600 2600/tcp Digital RootBeer
tcp2801 2801/tcp Phineas Phucker
udp2989 2989/udp RAT
tcp3024 3024/tcp WinCrash
tcp3028 3028/tcp Ring Zero
tcp3128 3128/tcp RingZero
tcp3129 3129/tcp Master's Paradise
tcp3150 3150/tcp Deep Throat, The Invasor
udp3150 3150/udp Deep Throat
tcp3459 3459/tcp Eclipse 2000
tcp3700 3700/tcp Portal of Doom
tcp3791 3791/tcp Eclypse
udp3801 3801/udp Eclypse
tcp4092 4092/tcp WinCrash
tcp4321 4321/tcp BoBo
tcp4567 4567/tcp File Nail
tcp4590 4590/tcp ICQ Trojan
tcp5000 5000/tcp Bubbel, Back Door Setup, Sockets de Troie
tcp5001 5001/tcp Back Door Setup, Sockets de Troie
tcp5011 5011/tcp One of the Last Trojans (OOTLT)
tcp5031 5031/tcp NetMetro
tcp5321 5321/tcp Firehotcker
tcp5400 5400/tcp Blade Runner, Back Construction
tcp5401 5401/tcp Blade Runner, Back Construction
tcp5402 5402/tcp Blade Runner, Back Construction
tcp5512 5512/tcp Illusion Mailer, Xtcp
tcp5550 5550/tcp Xtcp
tcp5555 5555/tcp ServeMe
tcp5556 5556/tcp BO Facil
tcp5557 5557/tcp BO Facil
tcp5569 5569/tcp Robo-Hack
tcp5742 5742/tcp WinCrash
tcp6400 6400/tcp The Thing
tcp6669 6669/tcp Vampyre
tcp6670 6670/tcp Deep Throat
tcp6671 6671/tcp Deep Throat
tcp6711 6711/tcp Sub Seven
tcp6712 6712/tcp Sub Seven
tcp6713 6713/tcp Sub Seven
tcp6771 6771/tcp Deep Throat
tcp6776 6776/tcp BackDoor-G, SubSeven
tcp6912 6912/tcp **** Heep (not port 69123!)
tcp6939 6939/tcp Indoctrination
tcp6969 6969/tcp GateCrasher, Priority, IRC 3
tcp6970 6970/tcp Gate Crasher
tcp7000 7000/tcp Remote Grab, Kazimas
tcp7300 7300/tcp Net Monitor
tcp7301 7301/tcp Net Monitor
tcp7306 7306/tcp Net Monitor
tcp7307 7307/tcp Net Monitor
tcp7308 7308/tcp Net Monitor
tcp7789 7789/tcp Back Door Setup, ICKiller
tcp8080 8080/tcp Ring Zero
tcp9400 9400/tcp InCommand
tcp9872 9872/tcp Portal of Doom
tcp9873 9873/tcp Portal of Doom
tcp9874 9874/tcp Portal of Doom
tcp9875 9875/tcp Portal of Doom
tcp9876 9876/tcp Cyber Attacker
tcp9878 9878/tcp Trans Scout
tcp9989 9989/tcp iNi-Killer
tcp10067 10067/tcp Portal of Doom
udp1006710067/udp Portal of Doom
tcp10101 10101/tcp BrainSpy
tcp10167 10167/tcp Portal of Doom
udp1016710167/udp Portal of Doom
tcp10520 10520/tcp Acid Shivers
tcp10607 10607/tcp Coma
tcp11000 11000/tcp Senna Spy
tcp11223 11223/tcp Progenic Trojan
tcp12076 12076/tcp GJamer
tcp12223 12223/tcp Hack-99 KeyLogger
tcp12345 12345/tcp GabanBus, NetBus, Pie Bill Gates, X-bill, Ultor's Trojan
tcp12346 12346/tcp GabanBus, NetBus, X-bill
tcp12361 12361/tcp Whack-a-mole
tcp12362 12362/tcp Whack-a-mole
tcp12456 12456/tcp NetBus
tcp12631 12631/tcp Whack Job
tcp13000 13000/tcp Senna Spy
tcp16969 16969/tcp Priority
tcp17300 17300/tcp Kuang2 The Virus
tcp20000 20000/tcp Millennium
tcp20001 20001/tcp Millennium
tcp20034 20034/tcp NetBus 2 Pro
tcp20203 20203/tcp Logged
tcp21544 21544/tcp GirlFriend
tcp21554 21554/tcp GirlFriend
tcp22222 22222/tcp Prosiak
tcp23456 23456/tcp Evil FTP, Ugly FTP, Whack Job
tcp23476 23476/tcp Donald Dick
tcp23477 23477/tcp Donald Dick
tcp26274 26274/tcp Delta Source
udp26274 26274/udp Delta Source
udp27374 27374/udp Sub-7 2.1
udp27444 27444/udp Trinoo Daemon (denial of service)
tcp27573 27573/tcp Sub-7 2.1
udp27573 27573/udp Sub-7 2.1
tcp27665 27665/tcp Trinoo Master (denial of service)
tcp29891 29891/tcp The Unexplained
udp29891 29891/udp The Unexplained
tcp30029 30029/tcp AOL Trojan
tcp30100 30100/tcp NetSphere
tcp30101 30101/tcp NetSphere
tcp30102 30102/tcp NetSphere
tcp30303 30303/tcp Sockets de Troie
tcp30999 30999/tcp Kuang2
udp3133531335/udp Trinoo Master (denial of service)
tcp31336 31336/tcp Bo Whack
tcp31337 31337/tcp Baron Night, BO client, BO2, Bo Facil, Netpatch
udp3133731337/udp BackFire, Back Orifice, DeepBO
tcp31338 31338/tcp NetSpy DK
udp31338 31338/udp Back Orifice, DeepBO
tcp31339 31339/tcp NetSpy DK
tcp31666 31666/tcp BOWhack
tcp31785 31785/tcp Hack-a-Tack
tcp31787 31787/tcp Hack-a-Tack
tcp31788 31788/tcp Hack-a-Tack
udp31789 31789/udp Hack-a-Tack
udp31791 31791/udp Hack-a-Tack
tcp31792 31792/tcp Hack-a-Tack
tcp33333 33333/tcp Prosiak
udp33390 33390/udp Unknown trojan
tcp33911 33911/tcp Spirit 2001 a
tcp34324 34324/tcp BigGluck, TN
udp34555 34555/udp unnamed DDOS tool Master->Client (Trinoo offshoot)
udp35555 35555/udp unnamed DDOS tool Client->Master (Trinoo offshoot)
tcp40412 40412/tcp The Spy
tcp40421 40421/tcp Agent 40421, Masters Paradise
tcp40422 40422/tcp Master's Paradise
tcp40423 40423/tcp Master's Paradise
tcp40425 40425/tcp Master's Paradise
tcp40426 40426/tcp Masters Paradise
tcp47252 47252/tcp Delta Source
udp47262 47262/udp Delta Source
tcp50505 50505/tcp Detects & blocks Sokets de Trois v2.
tcp50766 50766/tcp Fore, Schwindler
tcp53001 53001/tcp Remote Windows Shutdown
tcp54320 54320/tcp Back Orifice 2000
udp54320 54320/udp Back Orifice
tcp54321 54321/tcp School Bus, Back Orifice
udp54321 54321/udp Back Orifice 2000
tcp60000 60000/tcp Deep Throat
tcp61466 61466/tcp Telecommando
tcp65000 65000/tcp Devil
-
January 28th, 2002, 11:28 AM
#2
That´s some scary reading, I know there´s alot of evil programs out there but I still get the hickups when I see lists like this one.
Dear Santa, I liked the mp3 player I got but next christmas I want a SA-7 surface to air missile
-
January 28th, 2002, 01:02 PM
#3
well i also have something which you guys might wanna have a look at..
ive seen lost of people here askin "What is port *such and such* and what is it for?"
well peeps.. this works on windows but i dunno if it works on other O/S..
search for a file called "services" it doesnt have any extensions.. but yeah.. search for it and open it with notepad... and it varies from one OS to another..
mine looks like this..
NOTE: I attached a txt version of my services file.. have a look at it coz the txt alignment in this post is farked a bit..
# Copyright (c) 1993-1995 Microsoft Corp.
#
# This file contains port numbers for well-known services as defined by
# RFC 1060 (Assigned Numbers).
#
# Format:
#
# <service name> <port number>/<protocol> [aliases...] [#<comment>]
#
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
qotd 17/udp quote
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
name 42/tcp nameserver
name 42/udp nameserver
whois 43/tcp nicname # usually to sri-nic
domain 53/tcp nameserver # name-domain server
domain 53/udp nameserver
nameserver 53/tcp domain # name-domain server
nameserver 53/udp domain
mtp 57/tcp # deprecated
bootp 67/udp # boot program server
tftp 69/udp
rje 77/tcp netrjs
finger 79/tcp
link 87/tcp ttylink
supdup 95/tcp
hostnames 101/tcp hostname # usually from sri-nic
iso-tsap 102/tcp
dictionary 103/tcp webster
x400 103/tcp # ISO Mail
x400-snd 104/tcp
csnet-ns 105/tcp
pop 109/tcp postoffice
pop2 109/tcp # Post Office
pop3 110/tcp postoffice
portmap 111/tcp
portmap 111/udp
sunrpc 111/tcp
sunrpc 111/udp
auth 113/tcp authentication
sftp 115/tcp
path 117/tcp
uucp-path 117/tcp
nntp 119/tcp usenet # Network News Transfer
ntp 123/udp ntpd ntp # network time protocol (exp)
nbname 137/udp
nbdatagram 138/udp
nbsession 139/tcp
NeWS 144/tcp news
sgmp 153/udp sgmp
tcprepo 158/tcp repository # PCMAIL
snmp 161/udp snmp
snmp-trap 162/udp snmp
print-srv 170/tcp # network PostScript
vmnet 175/tcp
load 315/udp
vmnet0 400/tcp
sytek 500/udp
biff 512/udp comsat
exec 512/tcp
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp # for LucasFilm
route 520/udp router routed
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
rvd-control 531/udp MIT disk
netnews 532/tcp readnews
netwall 533/udp # -for emergency broadcasts
uucp 540/tcp uucpd # uucp daemon
klogin 543/tcp # Kerberos authenticated rlogin
kshell 544/tcp cmd # and remote shell
new-rwho 550/udp new-who # experimental
remotefs 556/tcp rfs_server rfs# Brunhoff remote filesystem
rmonitor 560/udp rmonitord # experimental
monitor 561/udp # experimental
garcon 600/tcp
maitrd 601/tcp
busboy 602/tcp
acctmaster 700/udp
acctslave 701/udp
acct 702/udp
acctlogin 703/udp
acctprinter 704/udp
elcsd 704/udp # errlog
acctinfo 705/udp
acctslave2 706/udp
acctdisk 707/udp
kerberos 750/tcp kdc # Kerberos authentication--tcp
kerberos 750/udp kdc # Kerberos authentication--udp
kerberos_master 751/tcp # Kerberos authentication
kerberos_master 751/udp # Kerberos authentication
passwd_server 752/udp # Kerberos passwd server
userreg_server 753/udp # Kerberos userreg server
krb_prop 754/tcp # Kerberos slave propagation
erlogin 888/tcp # Login and environment passing
kpop 1109/tcp # Pop with Kerberos
phone 1167/udp
ingreslock 1524/tcp
maze 1666/udp
nfs 2049/udp # sun nfs
knetd 2053/tcp # Kerberos de-multiplexor
eklogin 2105/tcp # Kerberos encrypted rlogin
rmt 5555/tcp rmtd
mtb 5556/tcp mtbd # mtb backup
man 9535/tcp # remote man server
w 9536/tcp
mantst 9537/tcp # remote man server, testing
bnews 10000/tcp
rscs0 10000/udp
queue 10001/tcp
rscs1 10001/udp
poker 10002/tcp
rscs2 10002/udp
gateway 10003/tcp
rscs3 10003/udp
remp 10004/tcp
rscs4 10004/udp
rscs5 10005/udp
rscs6 10006/udp
rscs7 10007/udp
rscs8 10008/udp
rscs9 10009/udp
rscsa 10010/udp
rscsb 10011/udp
qmaster 10012/tcp
qmaster 10012/udp
-
January 28th, 2002, 01:46 PM
#4
I wonder how many new trojans will be built by this time next week?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|