~ Ports ~
Ports that an Internet
Service Providers (ISP) commonly use.
|
Internet
Service(s)
|
UDP
Port
|
TCP
Port
|
|
HTTP
|
|
80
|
|
HTTPS
|
|
443
|
|
SMTP
|
|
25
|
|
POP3
|
|
110
|
|
FTP
|
|
20-21
|
|
TELNET
|
|
23
|
|
REALAUDIO
|
|
1090
|
|
ICQ
|
4000
|
|
|
NEWS SERVERS
|
|
119
|
|
DNS
|
53
|
|
|
IRC
|
|
6667
|
|
VDOLIVE
|
|
7000
|
Open Service Ports for
Windows NT, Terminal Server, & Exchange Server
|
Functionality
|
UDP
|
TCP
|
IP
|
|
Browsing
|
137, 138
|
|
|
|
DHCP Lease
|
67, 68
|
|
|
|
DHCP Manager
|
|
135
|
|
|
DNS Administration
|
|
139
|
|
|
DNS Resolution
|
53
|
|
|
|
Exchange
Administrator
|
|
135
|
|
|
Exchange
Client/Server Comm.
|
|
135
|
|
|
File Sharing
|
|
139
|
|
|
IMAP
|
|
143
|
|
|
LDAP
|
|
389
|
|
|
LDAP (SSL)
|
|
636
|
|
|
Logon Sequence
|
137, 138
|
139
|
|
|
MTA - X.400
over TCP/IP
|
|
102
|
|
|
NetLogon
|
138
|
|
|
|
NT Diagnostics
|
|
139
|
|
|
NT Directory
Replication
|
138
|
139
|
|
|
NT Event
Viewer
|
|
139
|
|
|
NT Performance
Monitor
|
|
139
|
|
|
NT Registry
Editor
|
|
139
|
|
|
NT Secure
Channel
|
137, 138
|
139
|
|
|
NT Server
Manager
|
|
139
|
|
|
NT Trusts
|
137, 138
|
139
|
|
|
NT User
Manager
|
|
139
|
|
|
Pass Through
Validation
|
137, 138
|
139
|
|
|
POP3
|
|
110
|
|
|
PPTP
|
|
1723
|
47
|
|
Printing
|
137, 138
|
139
|
|
|
RPC
|
135
|
135
|
|
|
SMTP
|
|
25
|
|
|
WINS Manager
|
|
135
|
|
|
WINS Registration
|
|
137
|
|
|
WINS Replication
|
|
42
|
|
Ports Used by Known Trojans
A "trojan horse" or "trojan"
is a program that pretends to be or do one thing, but in reality is damaging
your data or sniffing your system for personal data. Back Orifice is probably
the most widely known of these. Following is a list of some trojans and
the port numbers that they use. This information is useful when examining
your log file to determine if an attempt has been made on your system.
|
Trojan
Name(s)
|
UDP
Port
|
TCP
Port
|
|
Blade Runner,
Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash, FTP Trojan
|
|
21
|
|
Tiny Telnet
Server
|
|
23
|
|
Antigen,
Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator,
WinPC, WinSpy, Kuang2, ProMail Trojan
|
|
25
|
|
Hackers
Paradise, Agent 31, Masters Paradise
|
|
31
|
|
DeepThroat
|
|
41
|
|
DMSetup
|
|
58
|
|
Firehotcker
|
|
79
|
|
Executor
|
|
80
|
|
ProMail
Trojan
|
|
110
|
|
JammerKillah
|
|
121
|
|
TCP Wrappers
|
|
421
|
|
Hackers
Paradise
|
|
456
|
|
Rasmin
|
|
531
|
|
Ini-Killer,
Phase Zero, Stealth Spy
|
|
555
|
|
Satanz Backdoor,
Attack FTP
|
|
666
|
|
Dark Shadow
|
|
911
|
|
DeepThroat
|
|
999
|
|
Silencer,
WebEx
|
|
1001
|
|
Doly Trojan
|
|
1011
|
|
Doly Trojan
|
|
1012
|
|
NetSpy
|
|
1024
|
|
Rasmin
|
|
1045
|
|
Xtreme
|
|
1090
|
|
Psyber Stream
Server, Voice
|
|
1170
|
|
Ultors Trojan
|
|
1234
|
|
BackDoor-G,
SubSeven
|
|
1243
|
|
VooDoo Doll
|
|
1245
|
|
BO DLL
|
1349
|
|
|
FTP99CMP
|
|
1492
|
|
Shivka-Burka
|
|
1600
|
|
SpySender
|
|
1807
|
|
Shockrave
|
|
1981
|
|
BackDoor
|
|
1999
|
|
Trojan Cow
|
|
2001
|
|
Ripper
|
|
2023
|
|
Bugs
|
|
2115
|
|
Deep Throat,
The Invasor
|
|
2140
|
|
Striker
|
|
2565
|
|
WinCrash
|
|
2583
|
|
Phineas
Phucker
|
|
2801
|
|
WinCrash
|
|
3024
|
|
Masters
Paradise
|
|
3129
|
|
Deep Throat,
The Invasor
|
|
3150
|
|
Portal of
Doom
|
|
3700
|
|
WinCrash
|
|
4092
|
|
File Nail
|
|
4567
|
|
ICQ Trojan
|
|
4590
|
|
Sockets
de Troie, Bubbel, Back Door Setup
|
|
5000
|
|
Sockets
de Troie, Back Door Setup
|
|
5001
|
|
Firehotcker
|
|
|