Why would port 27374 be filtered?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Why would port 27374 be filtered?

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    3

    Why would port 27374 be filtered?

    Hi all, I've got a question about "filtered" ports. I've been helping a friend in England rid his computer of spyware, clean up and organize his files, and secure his sytem. I ran a port scan using NMap, and port 27374 showed up as being filtered. At first I was concerned he might have a trojan running on his system, but I couldn't find any program or service running on his system that was utilizing that port. I also didn't see the port open when I ran Netstat. I ran a search through Google looking for information on what programs/services utilize port 27374. I know Subseven uses/used it, but now I feel fairly confident that they're computer is virus and trojan free. Anyway after doing more research, I found several NMap log files from systems on their ISP (...cable.ntl.com) that showed port 27374 as being filtered. So, I'm thinking that their ISP is filtering this port. Does anyone have any idea why they would being doing this?

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    looks like there blocking it because subseven and other RATS like to listen on it here is a google link

    Link
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  3. #3
    Junior Member
    Join Date
    Sep 2004
    Posts
    3
    I thought that might be the reason too, but then why not filter all the ports that Trojans are typically known for operating on. For that matter, why not just close the port altogether. Besides, trojan ports can easily be reconfigured. So, I really don't see this as very effective protection. I was wondering if there is a more useful reason for doing this. Thanks for the post though.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Perhap's because that particular RAT/Trojan is actually on his machine? I'm not entirely sure, but it's just a guess. I'd scan his machine using SwatIt which is a great trojan remover. This will make sure no trojans are running that way you can clear any idea's that trojan activity is running on some ports.

    Download here --> http://www.swatit.org
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    My ISP filters by default several ports including 27374, 80, 21, 23, 441, 22, 25, 2000, and many others.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Really? 80? 23? 25? Hrmm.. Interesting, I didn't think an ISP would have such a problem or would filter those ports for someone.
    Space For Rent.. =]

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Well, if you can't host on your own, you have to pay for their unmatchable 10MB of webspace w/ 50MB of traffic per day that protects your images from hotlinking and 5MB of e-mail for $15 a month...right?

    There is a business motive to block port 80. Otherwise I'd be shelling out a lot of cash for my own website every month. It is about 600MB big, moves about 2GB of traffic a month, and has images "hotlinked" from all over the place including forums I use [img] code in...


    Personally, I don't want my ISP limiting traffic ports for a service that I pay $50 a month to use.

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    I thought that might be the reason too, but then why not filter all the ports that Trojans are typically known for operating on. For that matter, why not just close the port altogether. Besides, trojan ports can easily be reconfigured. So, I really don't see this as very effective protection. I was wondering if there is a more useful reason for doing this. Thanks for the post though.
    The reason they dont filter all the ports is because thats the default port that particular RAT listens on and it can be configured to listen on another port and as The3ntropy all-ready pointed out ISP's filter some ports like that so there users cant run services that would run up there bandwith and it reduces the risk of highjacked puters on there networks etc

    peace
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  9. #9
    Junior Member
    Join Date
    Sep 2004
    Posts
    3
    Well, thanks guys. It seems like the best bet is they don't want any RAT or other program operating on that port. I mean that is really the only reason to filter ports right? Anyway, this doesn't seem like the best approach to use in order to protect their customers, but I guess it is at least some protection. Anyway, thanks for the tips.

  10. #10
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    My ISP also offers a *special service in which they allow you to use your connection to be a 'server'. Exact same speeds but they 'modify the connection to allow you to host'. And it also costs another $40 a month extra.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •