~ Ports ~
Ports that an Internet
Service Providers (ISP) commonly use.
Internet
Service(s)
|
UDP
Port
|
TCP
Port
|
HTTP
|
|
80
|
HTTPS
|
|
443
|
SMTP
|
|
25
|
POP3
|
|
110
|
FTP
|
|
20-21
|
TELNET
|
|
23
|
REALAUDIO
|
|
1090
|
ICQ
|
4000
|
|
NEWS SERVERS
|
|
119
|
DNS
|
53
|
|
IRC
|
|
6667
|
VDOLIVE
|
|
7000
|
Open Service Ports for
Windows NT, Terminal Server, & Exchange Server
Functionality
|
UDP
|
TCP
|
IP
|
Browsing
|
137, 138
|
|
|
DHCP Lease
|
67, 68
|
|
|
DHCP Manager
|
|
135
|
|
DNS Administration
|
|
139
|
|
DNS Resolution
|
53
|
|
|
Exchange
Administrator
|
|
135
|
|
Exchange
Client/Server Comm.
|
|
135
|
|
File Sharing
|
|
139
|
|
IMAP
|
|
143
|
|
LDAP
|
|
389
|
|
LDAP (SSL)
|
|
636
|
|
Logon Sequence
|
137, 138
|
139
|
|
MTA - X.400
over TCP/IP
|
|
102
|
|
NetLogon
|
138
|
|
|
NT Diagnostics
|
|
139
|
|
NT Directory
Replication
|
138
|
139
|
|
NT Event
Viewer
|
|
139
|
|
NT Performance
Monitor
|
|
139
|
|
NT Registry
Editor
|
|
139
|
|
NT Secure
Channel
|
137, 138
|
139
|
|
NT Server
Manager
|
|
139
|
|
NT Trusts
|
137, 138
|
139
|
|
NT User
Manager
|
|
139
|
|
Pass Through
Validation
|
137, 138
|
139
|
|
POP3
|
|
110
|
|
PPTP
|
|
1723
|
47
|
Printing
|
137, 138
|
139
|
|
RPC
|
135
|
135
|
|
SMTP
|
|
25
|
|
WINS Manager
|
|
135
|
|
WINS Registration
|
|
137
|
|
WINS Replication
|
|
42
|
|
Ports Used by Known Trojans
A "trojan horse" or "trojan"
is a program that pretends to be or do one thing, but in reality is damaging
your data or sniffing your system for personal data. Back Orifice is probably
the most widely known of these. Following is a list of some trojans and
the port numbers that they use. This information is useful when examining
your log file to determine if an attempt has been made on your system.
Trojan
Name(s)
|
UDP
Port
|
TCP
Port
|
Blade Runner,
Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash, FTP Trojan
|
|
21
|
Tiny Telnet
Server
|
|
23
|
Antigen,
Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator,
WinPC, WinSpy, Kuang2, ProMail Trojan
|
|
25
|
Hackers
Paradise, Agent 31, Masters Paradise
|
|
31
|
DeepThroat
|
|
41
|
DMSetup
|
|
58
|
Firehotcker
|
|
79
|
Executor
|
|
80
|
ProMail
Trojan
|
|
110
|
JammerKillah
|
|
121
|
TCP Wrappers
|
|
421
|
Hackers
Paradise
|
|
456
|
Rasmin
|
|
531
|
Ini-Killer,
Phase Zero, Stealth Spy
|
|
555
|
Satanz Backdoor,
Attack FTP
|
|
666
|
Dark Shadow
|
|
911
|
DeepThroat
|
|
999
|
Silencer,
WebEx
|
|
1001
|
Doly Trojan
|
|
1011
|
Doly Trojan
|
|
1012
|
NetSpy
|
|
1024
|
Rasmin
|
|
1045
|
Xtreme
|
|
1090
|
Psyber Stream
Server, Voice
|
|
1170
|
Ultors Trojan
|
|
1234
|
BackDoor-G,
SubSeven
|
|
1243
|
VooDoo Doll
|
|
1245
|
BO DLL
|
1349
|
|
FTP99CMP
|
|
1492
|
Shivka-Burka
|
|
1600
|
SpySender
|
|
1807
|
Shockrave
|
|
1981
|
BackDoor
|
|
1999
|
Trojan Cow
|
|
2001
|
Ripper
|
|
2023
|
Bugs
|
|
2115
|
Deep Throat,
The Invasor
|
|
2140
|
Striker
|
|
2565
|
WinCrash
|
|
2583
|
Phineas
Phucker
|
|
2801
|
WinCrash
|
|
3024
|
Masters
Paradise
|
|
3129
|
Deep Throat,
The Invasor
|
|
3150
|
Portal of
Doom
|
|
3700
|
WinCrash
|
|
4092
|
File Nail
|
|
4567
|
ICQ Trojan
|
|
4590
|
Sockets
de Troie, Bubbel, Back Door Setup
|
|
5000
|
Sockets
de Troie, Back Door Setup
|
|
5001
|
Firehotcker
|
|
5321
|
Blade Runner
|
|
5400
|
Blade Runner
|
|
5401
|
Blade Runner
|
|
5402
|
ServeMe
|
|
5555
|
BO Facil
|
|
5556
|
BO Facil
|
|
5557
|
Robo-Hack
|
|
5569
|
WinCrash
|
|
5742
|
The Thing
|
|
6400
|
DeepThroat
|
|
6670
|
DeepThroat
|
|
6771
|
BackDoor-G,
SubSeven
|
|
6776
|
Indoctrination
|
|
6939
|
GateCrasher,
Priority
|
|
6969
|
Remote Grab
|
|
7000
|
NetMonitor
|
|
7300
|
NetMonitor
|
|
7301
|
NetMonitor
|
|
7306
|
NetMonitor
|
|
7307
|
NetMonitor
|
|
7308
|
ICKiller,
BackDoor Setup
|
|
7789
|
Portal of
Doom
|
|
9872
|
Portal of
Doom
|
|
9873
|
Portal of
Doom
|
|
9874
|
Portal of
Doom
|
|
9875
|
iNi-Killer
|
|
9989
|
Portal of
Doom
|
|
10067
|
Portal of
Doom
|
|
10167
|
Acid Shivers
|
|
10520
|
Coma
|
|
10607
|
Senna Spy
|
|
11000
|
Progenic
trojan
|
|
11223
|
Hack'99
KeyLogger
|
|
12223
|
GabanBus,
NetBus, Pie Bill Gates, X-bill
|
|
12345
|
GabanBus,
NetBus, X-bill
|
|
12346
|
Whack-a-mole
|
|
12361
|
Whack-a-mole
|
|
12362
|
WhackJob
|
|
12631
|
Senna Spy
|
|
13000
|
Priority
|
|
16969
|
Millennium
|
|
20001
|
NetBus 2
Pro
|
|
20034
|
GirlFriend
|
|
21544
|
Prosiak
|
|
22222
|
Evil FTP,
Ugly FTP
|
|
23456
|
Delta
|
26274
|
|
SubSeven
(new)
|
|
27374
|
The Unexplained
|
29891
|
|
AOL Trojan
|
|
30029
|
NetSphere
|
|
30100
|
NetSphere
|
|
30101
|
NetSphere
|
|
30102
|
Sockets
de Troie
|
|
30303
|
Back Orifice
Client, Baron Night, B02, Bo Facil
|
|
31337
|
BackFire,
Back Orifice, DeepBO
|
31337
|
|
NetSpy DK
|
|
31338
|
Back Orifice,
DeepBO
|
31338
|
|
NetSpy DK
|
|
31339
|
BOWhack
|
|
31666
|
Prosiak
|
|
33333
|
BigGluck,
TN
|
|
34324
|
The Spy
|
|
40412
|
Masters
Paradise, Agent 40421
|
|
40421
|
Masters
Paradise
|
|
40422
|
Masters
Paradise
|
|
40423
|
Masters
Paradise
|
|
40426
|
Delta
|
47262
|
|
Sockets
de Troie
|
|
50505
|
Fore
|
|
50766
|
Remote Windows
Shutdown
|
|
53001
|
School Bus
|
|
54321
|
DeepThroat
|
|
60000
|
Telecommando
|
|
61466
|
Devil
|
|
65000
|
|