June 20th, 2002 06:26 PM
Hi all, i was messing about with netstat, i typed in "netstat -an" to see if any ports where listening. 6 tcp ports were listening- 135
is it possible that some of these can be trojan horses waiting for their master or is it just normal? I cant tell, i have tried looking for some where that will tell you what trojans run on certain ports but to no avail. i would be grateful if some one could post a url that contains
what trojans run on which ports.
thanks in advance for people help
June 20th, 2002 06:37 PM
Some information !
I advice you to do a Trojan scan..
135 (tcp) = epmap (DCE endpoint resolution)
135 (tcp) = loc-srv (NCS local location broker)
135 (udp) = epmap (DCE endpoint resolution)
135 (udp) = loc-srv (Location Service)
445 (tcp) = microsoft-ds
445 (udp) = microsoft-ds
1025 (tcp) = blackjack (network blackjack)
1025 (tcp) = listen listener (RFS remote_file_sharing)
1025 (udp) = blackjack (network blackjack)
1029 (tcp) = InCommand (trojan, InCommand)
1029 (tcp) = ICQNuke98 (trojan, ICQ Nuke 98)
1139 = ???
11943 = ???
Some Trojan Hunters:
The Cleaner - http://www.moosoft.com
Tauscan - http://www.agnitum.com
Some port list's:
And do install a firewall if you not have that already .
June 20th, 2002 06:40 PM
In Windows 2000, Microsoft has created a new transport for SMB over TCP and UDP on port 445. This replaces the older implementation that was over ports 137, 138, 139
I'm pretty sure you can do the rest of them yourselve :/
This is the first dynamically assigned port. Therefore, virtually any program that requests a port can be assigned one at this address.
June 20th, 2002 09:07 PM
thanks for the help people!