Port Explained
by
====Avi====
````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
What
is a port?
Short answer: A communication channel for computers in networks.
A little more detail:
In order for computers connected to the Internet (also in the local net) to be able to communicate with each other, the transmission standard "TCP/IP"was designed. TCP/IP is a software protocol for formatting and transferring data within a network - such as the Internet. One of the main advantages of TCP/IP is that it is not dependent on the computer's operating system. Transmissions between different operating systems are therefore possible.
Each computer on the Internet has an IP-address (IP = Internet Protocol), which is similar in principle to a telephone number. However, unlike telephone numbers, IP addresses are restricted in their numerical range. An IP address has the format "###.###.###.###". Four number blocks, each of which are segmented with dots, and each block can only contain a value from 0 to 255. The IP address of the a web server, for example is "66.98.132.62". Enter this into your web browser to see this in action.
By knowing the IP address in use, a program is therefore able to send data to another computer. But an essential factor has been left out. How the receiving computer can know which program to use for the data it receives. For this reason there is a system of port numbers, also known as ports. With each transmission of data, the data package must contain the receiver's IP, and also the port number of the program which is responsible.
Imagine ports as a direct dialing number in a phone system. You can reach, for example, a company under a specific telephone number (0123-45678). If you want to call a specific person in that company, you call the main number plus the direct-call number (0123-45678-90). If the direct-call number is not existent, you simply won't get a connection. The same thing occurs if you try to connect with a computer on a port where no service is present.
When you open the website of the Anti-Trojan Network with your browser, it is always transmitted via port 80 (213.153.38.220:80). A complete data transfer always contains the IP address plus the port number required. This applies to both outgoing data (requests to the webserver) and also the incoming data - data transmitted from the website itself).
Port numbers can be any number from 0 to 65535. This range is split into three main categories:
0 to 1023 are "well known ports", meaning they are reserved for special services like FTP (21), SMTP (25), HTTP (80), POP3 (110), etc.
1024 to 49151 are "registered ports", meaning they are registered for services.
49152 to 65536 are "dynamic and/or private ports", meaning that everyone can use these as required.
Port numbers are managed by the IANA (Internet Assigned Numbers Authority). The problem in fact is that there are no control mechanisms available which can prevent a trojan from using port 80. If a trojan does use this port, a novice user could imagine the program is a webserver, and may even simply ignore the port.
Trojans are nothing more than programs using a port to transmit data to an attacker. They hold a port open, e.g. Port 31337. The attacker connects to the trojan and sends requests to do a certain task, for example to make a screenshot. The trojan makes the screenshot and sends the image via the port to the attacker. On newer trojans, the port number is quite freely configurable, which makes identifying the trojan by the port number difficult.
But how can a port be closed?
Quick answer - close the program holding the port open. But there are also more advanced methods for preventing communication over specific ports. Read more about this in the next article:
How can I close a port?
Important: An open port is not necessarily dangerous!
You are only at risk if the program using the port contains harmful code. So there is no reason to close all ports in your system. In fact without your ports being open, the Internet simply wouldn't work!
An open port is not an autonomous object, and should not be considered as something which can be destroyed by closing it. If a port is open on your computer, it means that there is an active program using this port number to communicate with other computers on the web. A port isn't opened by the operating system, it's opened by a specific program wanting to use it.
To close a port, it's usually only necessary to shut down the program holding the port open. On some ports it's enough to tell the program or service that the port should not be opened. A good example is the Microsoft Internet Information Services in Windows 2000 and Windows XP. If installed, they open three ports automatically: 21, 25 and 80. Port 21 is the FTP server, port 25 the SMTP server (email server) and port 80 the webserver for http.
The FTP server enables other Internet users to download shared files from your system. They can also upload files to you, if you choose to permit this. The SMTP server is used to send emails directly to the recipient's mailbox without the use of an external mailserver. The webserver allows you to run a website on your PC. But this is only reachable on your IP address. If you wish to make this accessible to the public, you need a domain name that redirects to a static IP address.
If however you don't need all these servers, simply shut them down and the ports will be closed automatically. Open the service manager at the control panel - administrative tasks. Services are programs which are automatically run at the system startup without any visible window. They work in the background.
Search the list for "WWW publishing service" and click on Stop Service icon at the top. The port 80 is no longer in use, meaning that it is closed. You can do the same with the "FTP publishing service" and the "Simple mail transport protocol (SMTP)".
However it is not always as easy to find out why a port is open. One example is port 5000 which is opened by Windows ME and XP by default. For this, there is no service which you can turn off. To close this port, it is necessary to actually uninstall a certain system component. Port 5000 is used for plug and play with network devices. If you close this port the network plug and play is no longer available.
Firewalls
Even if a port can't be closed by shutting down a program or service, there are still other options for blocking communication to the port. Firewalls can prevent connections on specific ports. They work on the principle that data packages which use a specific port on a network are filtered. However, firewalls only provide passive security. Meaning you may have a trojan installed on your computer, but it can't connect to the attacker because the firewall is blocking the connection.
There are different firewall concepts. On the one side there are Desktop-Firewalls like Zonealarm or Tiny Personal Firewall, which are installed locally on the PC they protect. These firewalls are located upon the network driver layer of the operating system, and prevent connections to or from specific blocked ports. But there's also an obstacle here. Programs or trojans which don't use the network driver of the operating system can't be prevented from making a connection to outside the computer. If an attacker can install a trojan with it's own network driver on your PC, a desktop firewall would not help.
A more secure technique is to install a firewall on a second computer. Usually a whole network of computers can only send data to the Internet over a firewall server. The computers in the network don't have a direct connection to the Internet. All data is transmitted by the firewall, and can therefore be blocked as and when required. Most of such firewalls are also able to analyze the data packages. So for example if a harmless email is transferred, the firewall can check that there are no viruses attached to the email, and filter the attachment before sending the mail to the target PC. In general however, good firewalls tend to be fairly expensive and usually require special hardware.
The Ports are listed below with the service that are run on them. The type of the port (TCP/UDP) is also mentioned. The well known trojans associated with the insecure ports are marked RED....At the end there is a comprehensive discussion on the open ports.
Port 1:
Port Service Multiplexer
(TCP)
Port 2:
Management
Utility (TCP/UDP)
Death (TCP)
Port
3:
Compression Process (TCP/UDP)
Port
5:
Remote Job Entry (TCP/UDP)
Port
7:
Echo (TCP/UDP)
Port
11:
Systat Active Users (TCP/UDP)
Port
13:
Daytime (TCP/UDP)
Port
17:
Quote of the Day (TCP/UDP)
Port
18:
Message Send Protocol
(TCP/UDP)
Port 19:
Character
Generator (TCP/UDP)
Port 20:
File
Transfer Protocol (FTP) [Default Data] (TCP/UDP)
Port
21:
File Transfer Protocol (FTP)
[Control] (TCP/UDP)
Back
Construction, Blade Runner, Doly Trojan, Fore, 7tp trojan, Invisible
FTP, Larva, MBT, Motiv, Net Administrator, Senna Spy FTP Server,
Traitor, WebEx, WinCrash (TCP)
Port 22:
SSH
Remote Login Protocol (TCP/UDP)
Port 23:
Telnet
(TCP/UDP)
Prosiak (telnet), Tiny
Telnet Server, Truva Atl, Telnet, Wingate (TCP)
Port
25:
Aji, Antigen, Email Password Sender,
Email Worms, Gip, Happy99/Ska, Haebu Coceda, Loveletter, Kuang2,
Magic Horse, Moscow Email Trojan, Neabi, ProMail trojan, NewApt,
Shtrilitz, Stealth, Taripas, Terminator (TCP)
Simple
Mail Transfer Protocol (SMTP) (TCP/UDP)
Port 27:
NSW
User System FE (TCP/UDP)
Port 29:
MSG
ICP (TCP/UDP)
Port 31:
MSG
Authentication (TCP/UDP)
Agent 31,
Hackers Paradise, Masters Paradise, Masters Paradise.80 (TCP)
Port
33:
Display Support Protocol
(TCP/UDP)
Port 37:
Time
(TCP/UDP)
Port 38:
Route
Access Protocol (TCP/UDP)
Port 39:
Resource
Location Protocol (TCP/UDP)
Port 41:
Graphics
(TCP/UDP)
DeepThroat (TCP)
Port
42:
Host Name Server (TCP/UDP)
Port
43:
Whois (TCP/UDP)
Port
44:
MPM FLAGS Protocol (TCP/UDP)
Port
45:
Message Processing Module [recv]
(TCP/UDP)
Port 46:
MPM
[default send] (TCP/UDP)
Port 47:
NI
FTP (TCP/UDP)
Port 48:
Digital
Audit Daemon (TCP/UDP)
DRAT
(TCP)
Port 49:
Login
Host Protocol (TACACS) (TCP/UDP)
Port 50:
Remote
Mail Checking Protocol (TCP/UDP)
DRAT
(TCP)
Port 51:
IMP
Logical Address Maintenance (TCP/UDP)
Port 52:
XNS
Time Protocol (TCP/UDP)
Port 53:
DNS
(Domain Name Server) (TCP/UDP)
Bonk
(DoS) (TCP)
Port 54:
XNS
Clearinghouse (TCP/UDP)
Port 55:
ISI
Graphics Language (TCP/UDP)
Port 56:
XNS
Authentication (TCP/UDP)
Port 58:
XNS
Mail (TCP/UDP)
DMSetup (TCP)
Port
59:
DMSetup (TCP)
Port
61:
NI Mail (TCP/UDP)
Port
62:
ACA Services (TCP/UDP)
Port
63:
whois++ (TCP/UDP)
Port
64:
Communications Integrator (CI)
(TCP/UDP)
Port 65:
TACACS-Database
Service (TCP/UDP)
Port 66:
Oracle
SQL*NET (TCP/UDP)
Port 67:
Bootstrap
Protocol Server (TCP/UDP)
Port 68:
Bootstrap
Protocol Client (TCP/UDP)
Port 69:
Trivial
File Transfer (TCP/UDP)
Port 70:
Gopher
(TCP/UDP)
Port 71:
Remote
Job Service (TCP/UDP)
Port 72:
Remote
Job Service (TCP/UDP)
Port 73:
Remote
Job Service (TCP/UDP)
Port 74:
Remote
Job Service (TCP/UDP)
Port 76:
Distributed
External Object Store (TCP/UDP)
Port 78:
vetTCP
(TCP/UDP)
Port 79:
Finger
(TCP/UDP)
Firehotcker (TCP)
Port
80:
Webserver (IIS, Apache, etc.)
(TCP/UDP)
Back End, Executor, Hooker,
RingZero (TCP)
Port 81:
HOSTS2 Name Server
(TCP/UDP)
Port 82:
XFER
Utility (TCP/UDP)
Port 83:
MIT
ML Device (TCP/UDP)
Port 84:
Common
Trace Facility (TCP/UDP)
Port 85:
MIT
ML Device (TCP/UDP)
Port 86:
Micro
Focus Cobol (TCP/UDP)
Port 88:
Kerberos
(TCP/UDP)
Port 89:
SU |
MIT Telnet Gateway (TCP/UDP)
Port 90:
DNSIX
Securit Attribute Token Map (TCP/UDP)
Port 91:
MIT
Dover Spooler (TCP/UDP)
Port 92:
Network
Printing Protocol (TCP/UDP)
Port 93:
Device
Control Protocol (TCP/UDP)
Port 94:
Tivoli
Object Dispatcher (TCP/UDP)
Port 95:
SUPDUP
(TCP/UDP)
Port 96:
DIXIE
Protocol Specification (TCP/UDP)
Port 97:
Swift
Remote Virtual File Protocol (TCP/UDP)
Port 98:
TAC
News (TCP/UDP)
Port 99:
Metagram
Relay (TCP/UDP)
Hidden Port
(TCP)
Port 101:
NIC
Host Name Server (TCP/UDP)
Port 102:
ISO-TSAP
Class 0 (TCP/UDP)
Port 103:
Genesis
Point-to-Point Trans Net (TCP/UDP)
Port
104:
ACR-NEMA Digital Imag. & Comm.
300 (TCP/UDP)
Port 105:
CCSO
name server protocol, Mailbox Name Nameserver (TCP/UDP)
Port
106:
3COM-TSMUX (TCP/UDP)
Port
107:
Remote Telnet Service
(TCP/UDP)
Port 108:
SNA
Gateway Access Server (TCP/UDP)
Port 109:
Post
Office Protocol – Version 2 (POP2) (TCP/UDP)
Port
110:
Post Office Protocol –
Version 3 (POP3) (TCP/UDP)
ProMail
trojan (TCP)
Port 111:
SUN
Remote Procedure Call (TCP/UDP)
Port 112:
McIDAS
Data Transmission Protocol (TCP/UDP)
Port
113:
Authentication Service, Ident
(TCP/UDP)
Invisible Identd Deamon,
Kazimas (TCP)
Port 114:
Audio
News Multicast (TCP/UDP)
Port 115:
Simple
File Transfer Protocol (TCP/UDP)
Port 116:
ANSA
REX Notify (TCP/UDP)
Port 117:
UUCP
Path Service (TCP/UDP)
Port 118:
SQL
Services (TCP/UDP)
Infector 1.4.2
(UDP)
Port 119:
Happy99/Ska
(TCP)
Network News Transfer Protocol
(NNTP) (TCP/UDP)
Port 120:
CFDPTKT
(TCP/UDP)
Port 121:
Encore
Expedited Remote Pro.Call (TCP/UDP)
JammerKillah,
BO jammerkilla (TCP)
Port 122:
SMAKYNET
(TCP/UDP)
Port 123:
Network
Time Protocol (NTP) (TCP/UDP)
Net
Controller (TCP)
Port 124:
ANSA
REX Trader (TCP/UDP)
Port 125:
Locus
PC-Interface Net Map Ser (TCP/UDP)
Port 126:
Unisys
Unitary Login (TCP/UDP)
Port 127:
Locus
PC-Interface Conn Server (TCP/UDP)
Port 128:
GSS
X License Verification (TCP/UDP)
Port 129:
Password
Generator Protocol (TCP/UDP)
Port 130:
cisco
FNATIVE (TCP/UDP)
Port 131:
cisco
TNATIVE (TCP/UDP)
Port 132:
cisco
SYSMAINT (TCP/UDP)
Port 133:
Statistics
Service (TCP/UDP)
Farnaz (TCP)
Port
134:
INGRES-NET Service (TCP/UDP)
Port
135:
DCE endpoint resolution
(TCP/UDP)
Port 136:
PROFILER
Naming Server (TCP/UDP)
Port 137:
NETBIOS
Name Service (MS Windows) (TCP/UDP)
Port
138:
NETBIOS Datagram Service (MS
Windows) (TCP/UDP)
Port 139:
NETBIOS
Session Service (MS Windows) (TCP/UDP)
Port
140:
EMFIS Data Service (TCP/UDP)
Port
141:
EMFIS Control Service
(TCP/UDP)
Port 142:
Britton-Lee
IDM (TCP/UDP)
Port 143:
Internet
Message Access Protocol (TCP/UDP)
Port 144:
NewS
(TCP/UDP)
Port 145:
UAAC
Protocol (TCP/UDP)
Port 146:
ISO-IP0
(TCP/UDP)
Infector 1.x (TCP)
Port
147:
ISO-IP (TCP/UDP)
Port
148:
Jargon (TCP/UDP)
Port
149:
AED 512 Emulation Service
(TCP/UDP)
Port 150:
SQL-NET
(TCP/UDP)
Port 151:
HEMS
(TCP/UDP)
Port 152:
Background
File Transfer Program (TCP/UDP)
Port 153:
SGMP
(TCP/UDP)
Port 154:
NETSC
(TCP/UDP)
Port 155:
NETSC
(TCP/UDP)
Port 156:
SQL
Service (TCP/UDP)
Port 157:
KNET
| VM Command | Message Protocol (TCP/UDP)
Port
158:
PCMail Server (TCP/UDP)
Port
159:
NSS-Routing (TCP/UDP)
Port
160:
SGMP-TRAPS (TCP/UDP)
Port
161:
SNMP (TCP/UDP)
Port
162:
SNMPTRAP (TCP/UDP)
Port
163:
CMIP | TCP Manager (TCP/UDP)
Port
164:
CMIP | TCP Agent (TCP/UDP)
Port
165:
Xerox (TCP/UDP)
Port
166:
Sirius Systems (TCP/UDP)
Port
167:
NAMP (TCP/UDP)
Port
168:
RSVD (TCP/UDP)
Port
169:
SEND (TCP/UDP)
Port
170:
Network PostScript
(TCP/UDP)
A-Trojan (TCP)
Port
171:
Network Innovations Multiplex
(TCP/UDP)
Port 172:
Network
Innovations CL | 1 (TCP/UDP)
Port 173:
Xyplex
(TCP/UDP)
Port 174:
MAILQ
(TCP/UDP)
Port 175:
VMNET
(TCP/UDP)
Port 176:
GENRAD-MUX
(TCP/UDP)
Port 177:
X
Display Manager Control Protocol (TCP/UDP)
Port
178:
NextStep Window Server
(TCP/UDP)
Port 179:
Border
Gateway Protocol (TCP/UDP)
Port 180:
Intergraph
(TCP/UDP)
Port 181:
Unify
(TCP/UDP)
Port 182:
Unisys
Audit SITP (TCP/UDP)
Port 183:
OCBinder
(TCP/UDP)
Port 184:
OCServer
(TCP/UDP)
Port 185:
Remote-KIS
(TCP/UDP)
Port 186:
KIS
Protocol (TCP/UDP)
Port 187:
Application
Communication Interface (TCP/UDP)
Port 188:
Plus
Five’s MUMPS (TCP/UDP)
Port 189:
Queued
File Transport (TCP/UDP)
Port 190:
Gateway
Access Control Protocol (TCP/UDP)
Port 191:
Prospero
Directory Service (TCP/UDP)
Port 192:
OSU
Network Monitoring System (TCP/UDP)
Port 193:
Spider
Remote Monitoring Protocol (TCP/UDP)
Port
194:
Internet Relay Chat Protocol
(TCP/UDP)
Port 195:
DNSIX
Network Level Module Audit (TCP/UDP)
Port 196:
DNSIX
Session Mgt Module Audit Redir (TCP/UDP)
Port
197:
Directory Location Service
(TCP/UDP)
Port 198:
Directory
Location Service Monitor (TCP/UDP)
Port 199:
SMUX
(TCP/UDP)
Port 200:
IBM
System Resource Controller (TCP/UDP)
Port
201:
AppleTalk Routing Maintenance
(TCP/UDP)
Port 202:
AppleTalk
Name Binding (TCP/UDP)
Port 203:
AppleTalk
Unused (TCP/UDP)
Port 204:
AppleTalk
Echo (TCP/UDP)
Port 205:
AppleTalk
Unused (TCP/UDP)
Port 206:
AppleTalk
Zone Information (TCP/UDP)
Port 207:
AppleTalk
Unused (TCP/UDP)
Port 208:
AppleTalk
Unused (TCP/UDP)
Port 209:
The
Quick Mail Transfer Protocol (TCP/UDP)
Port
210:
ANSI Z39.50 (TCP/UDP)
Port
211:
Texas Instruments 914C | G Terminal
(TCP/UDP)
Port 212:
ATEXSSTR
(TCP/UDP)
Port 213:
IPX
(TCP/UDP)
Port 214:
VM
PWSCS (TCP/UDP)
Port 215:
Insignia
Solutions (TCP/UDP)
Port 216:
Computer
Associates Int’l License Server (TCP/UDP)
Port
217:
dBase Unix (TCP/UDP)
Port
218:
Netix Message Posting Protocol
(TCP/UDP)
Port 219:
Unisys
ARPs (TCP/UDP)
Port 220:
Interactive
Mail Access Protocol v3 (TCP/UDP)
Port 221:
Berkeley
rlogind with SPX auth (TCP/UDP)
Port 222:
Berkeley
rsdh with SPX auth (TCP/UDP)
Port 223:
Certificate
Distribution Center (TCP/UDP)
Port 242:
Direct
(TCP/UDP)
Port 243:
Survey
Measurement (TCP/UDP)
Port 244:
Dayna
(TCP/UDP)
Port 245:
LINK
(TCP/UDP)
Port 246:
Display
Systems Protocol (TCP/UDP)
Port 247:
SUBNTBCST_TFTP
(TCP/UDP)
Port 248:
bhfhs
(TCP/UDP)
Port 256:
RAP
(TCP/UDP)
Port 257:
Secure
Electronic Transaction (TCP/UDP)
Port 258:
Yak
Winsock Personal Chat (TCP/UDP)
Port 259:
Efficient
Short Remote Operations (TCP/UDP)
Port 260:
Openport
(TCP/UDP)
Port 261:
IIOP
Name Service over TLS | SSL (TCP/UDP)
Port
262:
Arcisdms (TCP/UDP)
Port
263:
HDAP (TCP/UDP)
Port
280:
http-mgmt (TCP/UDP)
Port
281:
Personal Link (TCP/UDP)
Port
282:
Cable Port A | X (TCP/UDP)
Port
309:
EntrustTime (TCP/UDP)
Port
310:
bhmds (TCP/UDP)
Port
315:
The Invasor (TCP)
Port
344:
Prospero Data Access Protocol
(TCP/UDP)
Port 345:
Perf
Analysis Workbench (TCP/UDP)
Port 346:
Zebra
server (TCP/UDP)
Port 347:
Fatmen
Server (TCP/UDP)
Port 348:
Cabletron
Management Protocol (TCP/UDP)
Port 349:
mftp
(TCP/UDP)
Port 350:
MATIP
Type A (TCP/UDP)
Port 351:
MATIP
Type B, bhoetty (TCP/UDP)
Port 352:
DTAG
(TCP/UDP)
bhoedap4 (TCP/UDP)
Port
354:
bh611 (TCP/UDP)
Port
357:
bhevent (TCP/UDP)
Port
368:
Wingate 3.0 (UDP)
Port
371:
Clearcase (TCP/UDP)
Port
372:
ListProcessor (TCP/UDP)
Port
373:
Legent Corporation (TCP/UDP)
Port
374:
Legent Corporation (TCP/UDP)
Port
375:
Hassle, Direct Connect
(TCP/UDP)
Port 376:
Amiga
Envoy Network Inquiry Protocol (TCP/UDP)
Port
377:
NEC Corporation (TCP/UDP)
Port
378:
NEC Corporation (TCP/UDP)
Port
379:
TIA | EIA | IS-99 modem client
(TCP/UDP)
Port 380:
TIA
| EIA | IS-99 modem server (TCP/UDP)
Port 381:
hp
performance data collector (TCP/UDP)
Port 382:
hp
performance data managed node (TCP/UDP)
Port 383:
hp
performance data alarm manager (TCP/UDP)
Port 384:
A
Remote Network Server System (TCP/UDP)
Port 385:
IBM
Application (TCP/UDP)
Port 386:
ASA
Message Router Object Def. (TCP/UDP)
Port
387:
AppleTalk Update-Based Routing Pro.
(TCP/UDP)
Port 388:
Unidata
LDM Version 4 (TCP/UDP)
Port 389:
Lightweight
Directory Access Protocol (TCP/UDP)
Port 390:
UIS
(TCP/UDP)
Port 391:
SynOptics
SNMP Relay Port (TCP/UDP)
Port 392:
SynOptics
Port Broker Port (TCP/UDP)
Port 393:
Data
Interpretation System (TCP/UDP)
Port 394:
EMBL
Nucleic Data Transfer (TCP/UDP)
Port 395:
NETscout
Control Protocol (TCP/UDP)
Port 396:
Novell
Netware over IP (TCP/UDP)
Port 397:
Multi
Protocol Trans. Net. (TCP/UDP)
Port 398:
Kryptolan
(TCP/UDP)
Port 399:
ISO
Transport Class 2 Non-Control over TCP (TCP/UDP)
Port
400:
Workstation Solutions
(TCP/UDP)
Port 401:
Uninterruptible
Power Supply (TCP/UDP)
Port 402:
Genie
Protocol (TCP/UDP)
Port 403:
decap
(TCP/UDP)
Port 404:
nced
(TCP/UDP)
Port 405:
ncld
(TCP/UDP)
Port 406:
Interactive
Mail Support Protocol (TCP/UDP)
Port 407:
Timbuktu
(TCP/UDP)
Port 408:
Prospero
Resource Manager Sys. Man. (TCP/UDP)
Port
409:
Prospero Resource Manager Node Man.
(TCP/UDP)
Port 410:
DECLadbug
Remote Debug Protocol (TCP/UDP)
Port 411:
Remote
MT Protocol (TCP/UDP)
Port 412:
Trap
Convention Port (TCP/UDP)
Port 413:
SMSP
(TCP/UDP)
Port 414:
InfoSeek
(TCP/UDP)
Port 415:
BNet
(TCP/UDP)
Port 416:
Silverplatter
(TCP/UDP)
Port 417:
Onmux
(TCP/UDP)
Port 418:
Hypter-G
(TCP/UDP)
Port 419:
Ariel
(TCP/UDP)
Port 420:
SMPTE
(TCP/UDP)
Port 421:
Ariel
(TCP/UDP)
(TCP Wrappers) (TCP)
Port
422:
Ariel (TCP/UDP)
Port
423:
IBM Operatings Planning and Control
Start (TCP/UDP)
Port 424:
IBM
Operatings Planning and Control Track (TCP/UDP)
Port
425:
ICAD (TCP/UDP)
Port
426:
smartsdp (TCP/UDP)
Port
427:
Server Location (TCP/UDP)
Port
428:
OCS_CMU (TCP/UDP)
Port
429:
OCS_AMU (TCP/UDP)
Port
430:
UTMPSD (TCP/UDP)
Port
431:
UTMPCD (TCP/UDP)
Port
432:
IASD (TCP/UDP)
Port
433:
NNSP (TCP/UDP)
Port
434:
MobileIP-Agent (TCP/UDP)
Port
435:
MobileIP-MN (TCP/UDP)
Port
436:
DNA-CML (TCP/UDP)
Port
437:
comscm (TCP/UDP)
Port
438:
dsfgw (TCP/UDP)
Port
439:
dasp (TCP)
Port
440:
sgcp (TCP/UDP)
Port
441:
decvms-sysmgt (TCP/UDP)
Port
442:
cvc_hostd (TCP/UDP)
Port
443:
HTTPS Webserver (SSL) Secure HTTP
Protocol (TCP/UDP)
Port 444:
Simple
Network Paging Protocol (TCP/UDP)
Port
445:
Microsoft-DS (TCP/UDP)
Port
446:
DDM-RDB (TCP/UDP)
Port
447:
DDM-RFM (TCP/UDP)
Port
448:
DDM-BYTE (TCP/UDP)
Port
449:
AS Server Mapper (TCP/UDP)
Port
450:
TServer (TCP/UDP)
Port
451:
Cray Network Semaphore server
(TCP/UDP)
Port 452:
Cray
SFS config server (TCP/UDP)
Port 453:
CreativeServer
(TCP/UDP)
Port 454:
ContentServer
(TCP/UDP)
Port 455:
CreativePartnr
(TCP/UDP)
Port 456:
macon-UDP
(TCP/UDP)
Hackers Paradise
(TCP)
Port 457:
scohelp
(TCP/UDP)
Port 458:
apple
quick time (TCP/UDP)
Port 459:
ampr-rcmd
(TCP/UDP)
Port 460:
skronk
(TCP/UDP)
Port 461:
DataRampSrv
(TCP/UDP)
Port 462:
DataRampSrvSec
(TCP/UDP)
Port 463:
alpes
(TCP/UDP)
Port 464:
kpasswd
(TCP/UDP)
Port 465:
smtp
protocol over TLS | SSL (was ssmtp) (TCP/UDP)
Port
466:
digital-vrc (TCP/UDP)
Port
467:
mylex-mapd (TCP/UDP)
Port
468:
proturis (TCP/UDP)
Port
469:
Radio Control Protocol
(TCP/UDP)
Port 470:
scx-proxy
(TCP/UDP)
Port 471:
Mondex
(TCP/UDP)
Port 472:
ljk-login
(TCP/UDP)
Port 473:
hybrid-pop
(TCP/UDP)
Port 474:
tn-tl-w2
(TCP/UDP)
Port 475:
TCPnethaspsrv
(TCP)
Port 476:
tn-tl-fd1
(TCP/UDP)
Port 477:
ss7ns
(TCP/UDP)
Port 478:
spsc
(TCP/UDP)
Port 479:
iafserver
(TCP/UDP)
Port 480:
iafdbase
(TCP/UDP)
Port 481:
Ph
service (TCP/UDP)
Port 482:
bgs-nsi
(TCP/UDP)
Port 483:
ulpnet
(TCP/UDP)
Port 484:
Integra
Software Management Environment (TCP/UDP)
Port
485:
Air Soft Power Burst
(TCP/UDP)
Port 486:
avian
(TCP/UDP)
Port 487:
saft
(TCP/UDP)
Port 488:
gss-http
(TCP/UDP)
Port 489:
nest-protocol
(TCP/UDP)
Port 490:
micom-pfs
(TCP/UDP)
Port 491:
go-login
(TCP/UDP)
Port 492:
Transport
Independent Convergence for FNA (TCP/UDP)
Port
493:
Transport Independent Convergence
for FNA (TCP/UDP)
Port 494:
POV-Ray
(TCP/UDP)
Port 495:
intecourier
(TCP/UDP)
Port 496:
PIM-RP-DISC
(TCP/UDP)
Port 497:
dantz
(TCP/UDP)
Port 498:
siam
(TCP/UDP)
Port 499:
ISO
ILL Protocol (TCP/UDP)
Port 500:
isakmp
(TCP/UDP)
Port 501:
STMF
(TCP/UDP)
Port 502:
asa-appl-proto
(TCP/UDP)
Port 503:
Intrinsa
(TCP/UDP)
Port 504:
citadel
(TCP/UDP)
Port 505:
mailbox-lm
(TCP/UDP)
Port 506:
ohimsrv
(TCP/UDP)
Port 507:
crs
(TCP/UDP)
Port 508:
xvttp
(TCP/UDP)
Port 509:
snare
(TCP/UDP)
Port 510:
FirstClass
Protocol (TCP/UDP)
Port 511:
mynet-as
(TCP/UDP)
Port 512:
remote
procexx execution, Comsat, Biff (TCP/UDP)
Port
513:
login (remote login a la telnet)
(TCP)
who (who is logged in)
(UDP)
Port 514:
shell
(cmd like exed) (TCP)
syslog
(UDP)
Port 515:
printer
spooler (TCP/UDP)
Port 516:
videotex
(TCP/UDP)
Port 517:
talk
(rendezvous port from wich a TCP connection ist etablished)
(TCP/UDP)
Port 518:
ntalk
(TCP/UDP)
Port 519:
unixtime
(TCP/UDP)
Port 520:
extended
file name server, router (TCP/UDP)
Port 521:
ripng
(TCP/UDP)
Port 522:
ULP
(TCP/UDP)
Port 523:
IBM-DB2
(TCP)
Port 524:
NCP
(TCP/UDP)
Port 525:
timeserver
(TCP/UDP)
Port 526:
Newdate
(TCP/UDP)
Port 527:
Stock
IXChange (TCP/UDP)
Port 528:
Customer
IXChange (TCP/UDP)
Port 529:
IRC-SERV
(TCP/UDP)
Port 530:
rpc
(TCP/UDP)
Port 531:
chat
(TCP/UDP)
Rasmin (TCP)
Port
532:
readnews (TCP/UDP)
Port
533:
for emergency broadcasts
(TCP/UDP)
Port 534:
MegaMedia
Admin (TCP/UDP)
Port 535:
iiop
(TCP/UDP)
Port 536:
opalis-rdv
(TCP/UDP)
Port 537:
Networked
Media Streaming Protocol (TCP/UDP)
Port 538:
gdomap
(TCP/UDP)
Port 539:
Apertus
Technologies Load Determination (TCP/UDP)
Port
540:
uucpd (TCP/UDP)
Port
541:
uucp-rlogin (TCP/UDP)
Port
542:
commerce (TCP/UDP)
Port
543:
klogin (TCP/UDP)
Port
544:
krcmd (TCP/UDP)
Port
545:
applegtcsrvr (TCP/UDP)
Port
546:
DHCPv6 Client (TCP/UDP)
Port
547:
DHCPv6 Server (TCP/UDP)
Port
548:
AFP over TCP (TCP/UDP)
Port
549:
IDFP (TCP/UDP)
Port
550:
new-who (TCP/UDP)
Port
551:
cybercash (TCP/UDP)
Port
552:
deviceshare (TCP/UDP)
Port
553:
Pirp (TCP/UDP)
Port
554:
Real Time Stream Control Protocol
(TCP/UDP)
Port 555:
dsf
(TCP/UDP)
Ini-Killer,
NeTAdministrator, Phase Zero, Stealth Spy (TCP/UDP)
Port
556:
rfs server (TCP/UDP)
Port
557:
openvms-sysipc (TCP/UDP)
Port
558:
SDNSKMP (TCP/UDP)
Port
559:
TEEDTAP (TCP/UDP)
Port
560:
rmonitord (TCP/UDP)
Port
561:
monitor (TCP/UDP)
Port
562:
chcmd (TCP/UDP)
Port
563:
nntp protocol over TLS | SSL (was
snntp) (TCP/UDP)
Port 564:
plan
9 file service (TCP/UDP)
Port 565:
whoami
(TCP/UDP)
Port 566:
streettalk
(TCP/UDP)
Port 567:
banyan-rpc
(TCP/UDP)
Port 568:
microsoft
shuttle (TCP/UDP)
Port 569:
microsoft
rome (TCP/UDP)
Port 570:
demon
(TCP/UDP)
Port 571:
udemon
(TCP/UDP)
Port 572:
sonar
(TCP/UDP)
Port 573:
banyan-vip
(TCP/UDP)
Port 574:
FTP
Software Agent System (TCP/UDP)
Port 575:
VEMMI
(TCP/UDP)
Port 576:
ipcd
(TCP/UDP)
Port 577:
vnas
(TCP/UDP)
Port 578:
ipdd
(TCP/UDP)
Port 579:
decbsrv
(TCP/UDP)
Port 580:
SNTP
HEARTBEAT (TCP/UDP)
Port 581:
Bundle
Discovery Protocol (TCP/UDP)
Port 582:
SCC
Security (TCP/UDP)
Port 583:
Phillips
Video-Conferencing (TCP/UDP)
Port 584:
Key
Server (TCP/UDP)
Port 585:
IMAP4+SSL
(not recommended, use 993 instead) (TCP/UDP)
Port
586:
Password Change (TCP/UDP)
Port
587:
Submission (TCP/UDP)
Port
588:
CAL (TCP/UDP)
Port
589:
EyeLink (TCP/UDP)
Port
590:
TNS CML (TCP/UDP)
Port
591:
FMPRO4 – http (TCP/UDP)
Port
592:
Eudora Set (TCP/UDP)
Port
600:
Sun IPC server (TCP/UDP)
Port
606:
Cray Unified Resource Manager
(TCP/UDP)
Secret Service (TCP)
Port
607:
nqs (TCP/UDP)
Port
608:
Sender-Initiated | Unsolicited File
Transfer (TCP/UDP)
Port 609:
npmp-trap
(TCP/UDP)
Port 610:
npmp-local
(TCP/UDP)
Port 611:
npmp-gui
(TCP/UDP)
Port 612:
HMMP
Indication (TCP/UDP)
Port 613:
HMMP
Operation (TCP/UDP)
Port 614:
SSLshell
(TCP/UDP)
Port 615:
Internet
Configuration Manager (TCP/UDP)
Port 616:
SCO
System Administration Server (TCP/UDP)
Port 617:
SCO
Desktop Administration Server (TCP/UDP)
Port
618:
DEI-ICDA (TCP/UDP)
Port
619:
Digital EVM (TCP/UDP)
Port
620:
SCO WebServer Manager
(TCP/UDP)
Port 621:
ESCP
(TCP/UDP)
Port 633:
Service
Status update (Sterling Software) (TCP/UDP)
Port
634:
ginad (TCP/UDP)
Port
635:
RLZ DBase (TCP/UDP)
Port
636:
ldap protocol over TLS | SSL (was
sldap) (TCP/UDP)
Port 637:
lanserver
(TCP/UDP)
Port 666:
doom
Id Software (TCP/UDP)
Attack FTP,
Satanz Backdoor (TCP)
Port 667:
SniperNet
(TCP)
campaign contribution
disclosures – SDR Technologies (TCP/UDP)
Port
668:
MeComm (TCP/UDP)
Port
669:
MeRegister (TCP/UDP)
DP
Trojan (TCP)
Port 670:
VACDSM-SWS
(TCP/UDP)
Port 671:
VACDSM-APP
(TCP/UDP)
Port 672:
VPPS-QUA
(TCP/UDP)
Port 673:
CIMPLEX
(TCP/UDP)
Port 674:
ACAP
(TCP/UDP)
Port 675:
DCTP
(TCP/UDP)
Port 692:
GayOL
(TCP)
Port 704:
errlog
copy | server daemon (TCP/UDP)
Port 705:
AgentX
(TCP/UDP)
Port 709:
Entrust
Key Management Service Handler (TCP/UDP)
Port
710:
Entrust Administration Service
Handler (TCP/UDP)
Port 729:
IBM
NetView DM | 6000 Server | Client (TCP/UDP)
Port
730:
IBM NetView DM | 6000 send | TCP
(TCP/UDP)
Port 731:
IBM
NetView DM | 6000 receive | TCP (TCP/UDP)
Port
741:
netGW (TCP/UDP)
Port
742:
Network based Rev. Cont. Sys.
(TCP/UDP)
Port 744:
Flexible
License Manager (TCP/UDP)
Port 747:
Fujitsu
Device Control (TCP/UDP)
Port 748:
Russell
Info Sci Calendar Manager (TCP/UDP)
Port
749:
kerberos administration
(TCP/UDP)
Port 750:
kerberos
version IV (UDP)
Port 777:
Aim
Spy (TCP)
Port 799:
Remotely
Possible Server (TCP)
Port 808:
WinHole
(TCP)
Port 815:
Everyone’s
Darling (TCP/UDP)
Port 886:
ICL
coNETion locate server (TCP/UDP)
Port 887:
ICL
coNETion server info (TCP/UDP)
Port
888:
AccessBuilder (TCP/UDP)
Port
900:
OMG Initial Refs (TCP/UDP)
Port
911:
xact-backup (TCP)
Dark
Shadow (TCP)
Port 989:
ftp
protocol, data, over TLS | SSL (TCP/UDP)
Port
990:
ftp protocol, control, over TLS |
SSL (TCP/UDP)
Port 991:
Netnews
Administration System (TCP/UDP)
Port 992:
telnet
protocol over TLS | SSL (TCP/UDP)
Port 993:
imap4
protocol over TLS | SSL (TCP/UDP)
Port 994:
irc
protocol over TLS | SSL (TCP/UDP)
Port 995:
pop3
protocol over TLS | SSL (was spop3) (TCP/UDP)
Port
999:
DeepThroat (TCP)
Port
1000:
Der Spaeher 3 (TCP)
Port
1001:
Der Spaeher 3, Le Guardian,
Silencer, WebEx (TCP)
Port 1003:
BackDoor
2.0x (TCP)
Port 1010:
Doly
Trojan 1.3 + 1.35, CafeIni 0.9 (1010:1100) (TCP)
Port
1011:
Doly Trojan 1.1/1.2 (TCP)
Port
1012:
Doly Trojan 1.5 (TCP)
Port
1015:
Doly Trojan 1.6 (TCP)
Port
1016:
Doly Trojan (TCP)
Port
1020:
Vampire (TCP)
Port
1024:
NetSpy, Latinus (TCP)
mIRC
DCC / IRC DCC (1024-5000), Dwyco Video, ICUII Client, H.323 compliant
video player, NetMeeting 2.0, 3.0, Intel Video Phone (TCP)
Port
1025:
NetSpy, Maverick’s Matrix,
RemoteStorm (TCP/UDP)
Windows RPC,
Scheduled Tasks (TCP/UDP)
Port 1027:
ICQ
(TCP)
Port 1029:
ICQ
(TCP)
InCommand (TCP/UDP)
Port
1030:
Need for Speed 3- Hot Pursuit
(TCP)
Port 1031:
Computer
Associated FTP Server (TCP)
Port 1032:
ICQ
(TCP)
Port 1033:
NetSpy
(TCP)
Port 1034:
PhoneFree
(TCP/UDP)
Port 1035:
PhoneFree
(TCP/UDP)
Port 1042:
Bla
1.1 (TCP)
Port 1045:
Rasmin
(TCP)
Port 1047:
GateCrasher.b,
GateCrasher.c (TCP)
Port 1050:
MiniCommand
(TCP)
Port 1080:
WinHole,
Wingate (TCP)
Socks, Wingate
(TCP/UDP)
Port 1081:
WinHole
(TCP)
Port 1082:
WinHole
(TCP)
Port 1083:
WinHole
(TCP)
Port 1090:
Xtreme
(TCP)
Port 1095:
Rat
(TCP)
Port 1097:
Rat
(TCP)
Port 1098:
Rat
(TCP)
Port 1099:
BFevolution,
Rat (TCP)
Port 1100:
CafeIni
0.9 (1010:1100) (TCP)
Port 1117:
Audiogalaxy
Satellite (1117-5190) (TCP)
Port 1137:
MTX
(TCP)
Port 1140:
Westwood
Online - C&C Tiberian Sun & Dune 2000 (TCP/UDP)
Port
1155:
Network File Access
(TCP/UDP)
Port 1170:
Psyber
Stream Server, Streaming Audio Trojan, Voice (TCP)
Port
1200:
NoBackO (UDP)
Port
1201:
NoBackO (UDP)
Port
1207:
SoftWAR (TCP)
Port
1208:
Infector 1.3 + 1.4.1
(TCP/UDP)
Port 1212:
Kaos
(TCP)
lupa (TCP/UDP)
Port
1214:
KaZaA (TCP)
Port
1225:
Scarab (TCP)
Port
1234:
Ultors Trojan, SubSeven 2.0
(TCP)
Port 1243:
BackDoor-G,
SubSeven, Sub7(*), SubSeven Apocalypse, Tiles (TCP)
Port
1245:
VooDoo Doll (TCP)
Port
1255:
Scarab (TCP)
Port
1256:
Project nEXT (TCP)
Port
1269:
Maverick’s Matrix
(TCP)
Port 1313:
NETrojan
(TCP)
Port 1338:
Millenium
Worm (TCP)
Port 1349:
BO
DLL (UDP)
Port 1352:
Lotus
Notes Server (TCP)
Port 1417:
Timbuktu
(TCP/UDP)
Port 1418:
Timbuktu
(TCP/UDP)
Port 1419:
Timbuktu
(TCP/UDP)
Port 1420:
Timbuktu
(TCP/UDP)
Port 1433:
Microsoft-SQL-Server
(TCP/UDP)
Port 1434:
Microsoft-SQL-Monitor
(TCP/UDP)
Port 1437:
Kohan
Immortal Sovereigns (TCP/UDP)
Port 1441:
RemoteStorm
(TCP)
Port 1451:
IBM
Information Management (TCP/UDP)
Port
1492:
FTP99CMP, Back.Orifice.FTP
(TCP)
Port 1494:
CITRIX
Metaframe / ICA client (TCP)
Port 1503:
H.323
compliant video player, NetMeeting 2.0, 3.0, Intel Video Phone
(TCP)
Port 1504:
H.323
compliant video player, NetMeeting 2.0, 3.0, Intel Video Phone
(TCP)
Port 1509:
Psyber
Streaming Server (TCP)
Port 1512:
Wins
(Microsoft’s Windows Internet Name Service) (TCP/UDP)
Port
1524:
Trin00 (DDoS) (TCP)
Port
1547:
Laplink (TCP/UDP)
Port
1559:
web2host (TCP/UDP)
Port
1584:
Dialpad (TCP)
Port
1585:
Dialpad (TCP)
Port
1600:
Shivka-Burka (TCP)
Port
1611:
Black and White (TCP)
Port
1612:
Black and White (TCP)
Port
1680:
CarbonCopy32 host on your LAN
(TCP)
Port 1700:
Rux.Tick
(TCP)
Port 1731:
H.323
compliant video player, NetMeeting 2.0, 3.0, Intel Video Phone
(TCP)
Port 1732:
H.323
compliant video player, NetMeeting 2.0, 3.0, Intel Video Phone
(TCP)
Port 1735:
PrivateChat
(TCP/UDP)
Port 1745:
remote-winsock
(TCP/UDP)
Port 1777:
Scarab
(TCP)
Port 1784:
Snid
X2 (TCP)
Port 1789:
hello
(TCP/UDP)
Port 1801:
Microsoft
Message Que (TCP/UDP)
Port 1807:
SpySender
(TCP)
Port 1863:
MSN
Messenger (TCP/UDP)
Port 1966:
Fake
FTP (TCP)
Port 1969:
OpC
BO (TCP)
Port 1981:
Shockrave
(TCP)
Port 1986:
cisco
license management (TCP/UDP)
Port 1987:
cisco
RSRB Priority 1 Port (TCP/UDP)
Port 1988:
cisco
RSRB Priority 2 Port (TCP/UDP)
Port 1989:
cisco
RSRB Priority 3 Port (TCP/UDP)
Port 1990:
cisco
STUN Priority 1 Port (TCP/UDP)
Port 1991:
cisco
STUN Priority 2 Port (TCP/UDP)
Port 1992:
cisco
STUN Priority 3 Port, IPsendmsg (TCP/UDP)
Port
1993:
cisco SNMP TCP port
(TCP/UDP)
Port 1994:
cisco
serial tunnel port (TCP/UDP)
Port 1995:
cisco
perf port (TCP/UDP)
Port 1996:
cisco
Remote SRB port (TCP/UDP)
Port 1997:
cisco
Gateway Discovery Protocol (TCP/UDP)
Port
1998:
cisco X.25 service (XOT)
(TCP/UDP)
Port 1999:
cisco
identification port (TCP/UDP)
BackDoor,
BackDoor 1.00-1.03, BackDoor 2.x, TransScout 1.x (TCP)
Port
2000:
Der Spaeher 3, TransScout, Insane
Network (TCP)
Remotely AnyWhere
(TCP)
Port 2001:
Der
Spaeher 3, TransScout, Trojan Cow (TCP)
Port
2002:
TransScout (TCP)
Port
2003:
TransScout (TCP)
Port
2004:
TransScout (TCP)
Port
2005:
TransScout (TCP)
Port
2023:
HackCity Ripper Pro (TCP)
Port
2047:
Camerades (TCP/UDP)
Port
2048:
Camerades (TCP/UDP)
Port
2049:
Network File System – Sun
Microsystems (TCP/UDP)
Port 2080:
Wingate
3.0 (TCP)
WinHole (TCP)
Port
2090:
Pal Talk (file transfer)
(TCP/UDP)
Go2Call (TCP/UDP)
Port
2091:
Go2Call (TCP)
Pal
Talk (video listening) (TCP/UDP)
Port 2095:
Pal
Talk (file transfer) (TCP)
Port 2115:
Bugs
(TCP)
Port 2140:
Deep
Throat (all versions), The Invasor (UDP)
Port
2208:
Rux.PSW (TCP)
Port
2233:
Shiva VPN (UDP)
Port
2283:
HLV Rat 5, Rat (TCP)
Port
2300:
Xplorer (TCP)
Battlecom
(2300-2400) (TCP)
Port 2346:
Rogue
Spear, Rainbow Six (Client and Server) (TCP/UDP)
Port
2565:
Striker (TCP)
Port
2583:
WinCrash 2 (TCP)
Port
2600:
Digital RootBeer (TCP)
Port
2644:
PhoneFree (TCP)
Port
2718:
The Prayer 2 (TCP)
Port
2773:
BackDoor-G, SubSeven, Sub7(*)
(TCP)
Port 2784:
world
wide web – development (TCP/UDP)
Port
2801:
Phineas Phucker (TCP)
Port
2989:
Rat 1.2 (TCP/UDP)
Port
3000:
Remote Shutdown (TCP)
Deerfield
MDaemon Email Server, Active Worlds (TCP)
Port
3001:
Deerfield MDaemon Email Server
(TCP)
Port 3024:
WinCrash
(TCP)
Port 3100:
Delta
Force (Client and Server) (TCP/UDP)
Port
3128:
RingZero (TCP)
Port
3129:
Masters Paradise,
MastersParadise.92 (TCP)
Port 3150:
Deep
Throat, Deep Throat 10, The Invasor (UDP)
Port
3230:
Polycom ViaVideo H.323 (3230-3235)
(TCP/UDP)
Port 3264:
cc:mail
| lotus (TCP/UDP)
Port 3268:
Microsoft
Global Catalog (TCP/UDP)
Port 3269:
Microsoft
Global Catalog with LDAP | SSL (TCP/UDP)
Port
3270:
Verismart (TCP/UDP)
Port
3389:
Windows NT/2000 Terminal Server
(TCP/UDP)
Port 3453:
Bungie.net,
Myth, Myth II Server (TCP)
Port 3456:
Teror
Trojan (TCP)
Port 3459:
Eclipse
2000, Sanctuary (TCP)
Port 3586:
Snid
X2 (TCP)
Port 3700:
Portal
of Doom (PoD), al of Doom (TCP)
Port 3782:
Roger
Wilco (TCP/UDP)
Port 3791:
Total
Eclipse (FTP) (TCP)
Port 3801:
Total
Eclipse (UDP)
Port 3855:
Kohan
Immortal Sovereigns (TCP/UDP)
Port 3999:
Remote
Anything (TCP)
Port 4000:
Remote
Anything, Blizzard Battlenet, Westwood Online - C&C Tiberian Sun
& Dune 2000 (TCP/UDP)
Skydance
(TCP)
Port 4092:
WinCrash
(TCP)
Port 4242:
Virtual
hacking Machine (TCP)
Port 4245:
Rux.Backdoor
(TCP)
Port 4321:
BoBo,
Schoolbus 1.0 (TCP)
Port 4444:
Prosiak,
Swift remote (TCP)
Port 4567:
File
Nail (TCP)
Port 4590:
ICQTrojan
(TCP)
Port 4711:
Olfactor
(UDP)
Port 4899:
RAdmin
(Fama Tech) (TCP)
Port 4950:
ICQTrojan,
Icq Trojan (TCP)
Port 5000:
Bubbel,
Back Door Setup, Blazer 5, Socket 23, Sockets de Troie (TCP)
Windows
ME, XP and 2003 Network Plug & Play (TCP)
Port
5001:
Yahoo Messenger Chat (TCP)
Back
Door Setup, Sockets de Troie (TCP)
Port 5003:
Claris
FileMaker Pro (TCP/UDP)
Port 5011:
OOTLT
(TCP)
Port 5031:
NetMetropolitan
1.0, NetMetropolitan 1.04 (TCP)
Port
5032:
NetMetropolitan 1.04 (TCP)
Port
5190:
AIM Talk (TCP)
Port
5310:
Outlaws (TCP/UDP)
Port
5321:
Firehotcker (TCP)
Port
5333:
Backage Trojan Box 3 (TCP)
Port
5343:
WCrat (TCP)
Port
5400:
Blade Runner, Back Construction
1.2 (TCP)
Port 5401:
Blade
Runner 1.x, Back Construction (TCP)
Port 5402:
Blade
Runner 2.x, Back Construction (TCP)
Port
5500:
Virtual Network Computing (VNC),
Hotline Server (5500-5503) (TCP)
Port 5512:
Illusion
Mailer (TCP)
Port 5521:
Illusion
Mailer (TCP)
Port 5550:
Xtcp
2 (TCP)
Port 5555:
ServeMe
(TCP)
Port 5556:
BO
Facil, H0rtiga (TCP)
Port 5557:
BO
Facil (TCP)
Port 5569:
RoboHack
(TCP)
Port 5598:
BackDoor
2.03 (TCP)
Port 5631:
pcANYWHEREdat
(TCP/UDP)
Port 5632:
pcANYWHEREstat
(TCP/UDP)
Port 5637:
PC
Crasher (TCP)
Port 5638:
PC
Crasher (TCP)
Port 5670:
Active
Worlds (TCP)
Port 5698:
BackDoor.203
(TCP)
Port 5714:
WinCrash,
WinCrash 3 (TCP)
Port 5741:
WinCrash,
WinCrash 3 (TCP)
Port 5742:
WinCrash
(TCP)
Port 5800:
Virtual
Network Computing (VNC) (TCP)
Port 5881:
Y3K
RAT (UDP)
Port 5882:
Y3K
RAT (TCP/UDP)
Port 5888:
Y3K
RAT (TCP/UDP)
Port 5889:
Y3K
RAT (TCP)
Port 5900:
Virtual
Network Computing (VNC) (TCP)
Port 6000:
The
Thing, APStrojan (TCP)
Port 6006:
The
Thing, APStrojan (TCP)
Port 6112:
Starcraft,
Blizzard Battlenet (TCP)
Port 6272:
Secret
Service (TCP)
Port 6346:
GNUtella
(TCP/UDP)
Port 6400:
The
Thing, APStrojan (TCP)
Port 6500:
Devil
1.03 (TCP)
Port 6666:
TCPshell.c
(TCP)
Port 6667:
Schedule
Agent (TCP)
MSN Game Zone, Black and
White, mIRC Chat (TCP)
Port 6669:
Host
Control, Vampyre 1.0 (TCP)
Port 6670:
DeepThroat,
BackWeb Server, WinNuke eXtreame (TCP)
Port
6699:
Napster (TCP/UDP)
Port
6700:
Dwyco Video Conferencing
(6700-6702) (TCP)
Port 6711:
BackDoor-G,
SubSeven, Sub7(*) (TCP)
Port 6712:
BackDoor-G,
SubSeven, Sub7(*), Funny Trojan (TCP)
Port
6713:
BackDoor-G, SubSeven, Sub7(*)
(TCP)
Port 6723:
Mstream
(TCP)
Port 6767:
NT
Remote Control (TCP)
Port 6771:
DeepThroat
(TCP)
Port 6776:
2000
Cracks, BackDoor-G, SubSeven, Sub7(*) (TCP)
Port
6789:
Doly Trojan (TCP)
Port
6838:
Mstream (UDP)
Port
6880:
Dwyco Video Conferencing
(TCP)
Port 6883:
DeltaSource
(TCP)
Port 6891:
MSN
Messenger (6891-6900) (TCP)
Port 6901:
MSN
Messenger (TCP/UDP)
Port 6912:
Shit
Heep (TCP)
Port 6939:
Indoctrination,
Gatecrasher.a (TCP)
Port 6969:
GateCrasher,
IRC 3, NetController, Priority (TCP/UDP)
Port
6970:
GateCrasher (TCP)
QuickTime
4 Server (TCP/UDP)
Port 7000:
Active
Worlds (7000-7100) (TCP)
BackDoor-G,
SubSeven, Sub7*, Remote Grab, Kazimas (TCP)
Port
7001:
Freak88 (TCP)
Port
7013:
Anarchy Online (TCP/UDP)
Port
7070:
RealAudio (TCP/UDP)
Port
7201:
NetMonitor (TCP)
Port
7215:
BackDoor-G, SubSeven, Sub7(*)
(TCP)
Port 7300:
NetMonitor
(TCP)
Port 7301:
NetMonitor
(TCP)
Port 7306:
NetMonitor
(TCP)
Port 7307:
NetMonitor
(TCP)
Port 7308:
NetMonitor
(TCP)
Port 7424:
Host
Control (TCP/UDP)
Port 7597:
Qaz
(TCP)
Port 7609:
Snid
X2 (TCP)
Port 7777:
Active
Worlds (TCP)
Port 7789:
Back
Door Setup, ICQKiller (TCP)
Port 7875:
Ultima
UOMonitor (TCP)
Port 7983:
Mstream
(TCP)
Port 8000:
ShoutCast
Server (TCP)
PhoneFree (TCP)
Port
8010:
Wingate 3.0 (TCP)
Port
8076:
IStreamVideo2HP (TCP/UDP)
Port
8077:
IStreamVideo2HP (TCP/UDP)
Port
8080:
RingZero (TCP)
WebWasher
2.x, Unreal Tournament server (TCP/UDP)
Port
8787:
Back Orifice 2000, BO2K(*)
(TCP)
Port 8888:
Ultima
Patch (TCP)
Port 8897:
HackOffice
Armageddon (TCP)
Port 8989:
Rcon
(TCP)
Port 9000:
Netministrator
(TCP)
Port 9325:
Mstream
(UDP)
Port 9400:
InCommand
(TCP)
Port 9442:
Need
for Speed - Porche (TCP)
Port 9872:
Portal
of Doom (PoD) (TCP)
Port 9873:
Portal
of Doom (PoD) (TCP)
Port 9874:
Portal
of Doom (PoD) (TCP)
Port 9875:
Portal
of Doom (PoD) (TCP)
Port 9876:
Cyber
Attacker, Rux.Backdoor (TCP)
Port 9878:
TransScout
(TCP)
Port 9989:
iNi-Killer
(TCP)
Port 9999:
The
Prayer 1 (TCP)
Ultima Patch
(TCP)
Port 10067:
Portal
of Doom (PoD) (UDP)
Port 10085:
Syphillis
(TCP)
Port 10086:
Syphillis
(TCP)
Port 10101:
BrainSpy
(TCP)
Port 10167:
Portal
of Doom (PoD) (UDP)
Port 10520:
Acid
Shivers (TCP)
Port 10528:
Host
Control (TCP)
Port 10607:
Coma
(TCP)
Port 10666:
Ambush
(UDP)
Port 11000:
Senna
Spy, Senna Spy Trojans (TCP)
Port 11050:
Host
Control (TCP)
Port 11051:
Host
Control (TCP)
Port 11223:
Progenic
Trojan, Secret Agent (TCP)
Port 12053:
Delta
Three PC to Phone (TCP)
Port 12076:
GJamer,
MSH.104b (TCP)
Port 12083:
Delta
Three PC to Phone (TCP)
Port 12223:
Hack’99
KeyLogger (TCP)
Port 12345:
GabanBus,
NetBus 1.x, NetBus 1.7(*), Pie Bill Gates, WhackJob, X-bill
(TCP)
Port 12346:
GabanBus,
NetBus 1.x, NetBus 1.7(*), X-bill (TCP)
Port
12349:
BioNet (TCP)
Port
12361:
Whack-a-mole (TCP)
Port
12362:
Whack-a-mole (TCP)
Port
12623:
DUN Control (UDP)
Port
12624:
Buttman (TCP)
Port
12631:
WhackJob, WhackJob.NB1.7
(TCP)
Port 12701:
Eclipse
2000 (TCP)
Port 12754:
Mstream
(TCP)
Port 13000:
Senna
Spy (TCP)
Port 13010:
Hacker
Brazil (TCP)
Port 13700:
Kuang2
The Virus (TCP)
Port 14456:
Solero
(TCP)
Port 14500:
PC
Invader 0.7 (TCP)
Port 14501:
PC
Invader 0.7 (TCP)
Port 14502:
PC
Invader 0.7 (TCP)
Port 14503:
PC
Invader 0.7 (TCP)
Port 15000:
NetDaemon
1.0 (TCP)
Port 15092:
Host
Control (TCP)
Port 15104:
Mstream
(TCP)
Port 16000:
Motorhead
Server (TCP)
Port 16484:
Mosucker
(TCP)
Port 16639:
SWAT3
(TCP)
Port 16660:
Stacheldraht
(DDoS) (TCP)
Port 16772:
ICQ
Revenge (TCP)
Port 16969:
Priority
(TCP)
Port 17166:
Mosaic
(TCP)
Port 17300:
Kuang2
The Virus (TCP)
Port 17490:
CrazyNet
(TCP)
Port 17500:
CrazyNet
(TCP)
Port 17569:
Infector
1.4.x + 1.6.x (TCP)
Port 17777:
Nephron
(TCP)
Port 18753:
Shaft
(DDoS) (UDP)
Port 19864:
ICQ
Revenge (TCP)
Port 20000:
Millennium
II (TCP)
ICQ (TCP)
Port
20001:
Millennium (TCP)
Port
20002:
AcidkoR (TCP)
Port
20034:
NetBus 2.0 Pro, NetRex, WhackJob
(TCP)
Port 20203:
Chupacabra,
Logged! (TCP)
Port 20331:
Bla
(TCP)
Port 20432:
Shaft
(DDoS) (TCP/UDP)
Port 21544:
GirlFriend
(TCP)
Port 21554:
GirlFriend,
Schwindler, Schwindler 1.82, WinSp00fer, Kidterror (TCP)
Port
22222:
Prosiak (TCP)
Port
23005:
Net Trash 1.0 (TCP/UDP)
Port
23023:
Logged (TCP)
Port
23432:
Asylum (TCP)
Port
23456:
Evil FTP, Ugly FTP, WhackJob
(TCP/UDP)
Port 23476:
Donald
Dick (TCP/UDP)
Port 23477:
Donald
Dick (TCP)
Port 26000:
quake
(TCP)
Port 26214:
Dark
Reign 2 (TCP/UDP)
Port 26274:
Delta
Source (UDP)
Port 26681:
Spy
Voice (TCP)
Port 27015:
Half
Life Server (UDP)
Port 27374:
BackDoor-G,
SubSeven, Sub7(*) (TCP)
Port 27444:
Trin00
(DDoS) (UDP)
Port 27660:
QuakeIII
(UDP)
Port 27665:
Trin00
(DDoS) (TCP)
Port 27910:
Quake2
(Client and Server) (UDP)
Port 28431:
Hack’a’Tack
(UDP)
Port 28432:
Hack’a’Tack
(UDP)
Port 28910:
Soldier
of Fortune (TCP)
Heretic II Server
(TCP)
Port 29104:
Host
Control (TCP)
Port 29891:
The
Unexplained (UDP)
Port 30001:
Terr0r32
(TCP)
Port 30029:
AOL
Trojan (TCP)
Port 30100:
NetSphere
1.27a, NetSphere 1.31 (TCP)
Port 30101:
NetSphere
1.27a, NetSphere 1.31 (TCP)
Port 30102:
NetSphere
1.27a, NetSphere 1.31 (TCP)
Port 30103:
NetSphere
1.31 (TCP/UDP)
Port 30133:
NetSphere
Final (TCP)
Port 30303:
Sockets
de Troie, Socket 23 (TCP)
Port 30947:
Intruse
(TCP)
Port 30999:
Kuang2
(TCP)
Port 31335:
Trin00
(DDoS) (UDP)
Port 31336:
BOWhack,
ButtFunnel (TCP)
Port 31337:
BackFire,
Baron Night, Back Orifice, BackOrificeLM.LEENTech, BO client,
BO2K(*), Bo Facil, Deep BO, Freak (TCP/UDP)
Port
31338:
Back Orifice, ButtFunnel, DeepBO,
NetSpy DK (TCP/UDP)
Port 31339:
NetSpy
DK (TCP)
Port 31554:
Schwindler
(TCP)
Port 31666:
BOWhack,
BOWackmole (TCP)
Port 31778:
Hack’a’Tack
(TCP)
Port 31785:
Hack’a’Tack
(TCP)
Port 31787:
Hack’a’Tack
(TCP)
Port 31788:
Hack’a’Tack
(UDP)
Port 31789:
Hack’a’Tack
(UDP)
Port 31790:
Hack’a’Tack
(UDP)
Port 31791:
Hack’a’Tack
(UDP)
Port 31792:
Hack’a’Tack
(TCP)
Port 32100:
Peanut
Brittle, Project nEXT (TCP)
Port 32418:
Acid
Battery (TCP)
Port 33333:
Blakharaz,
Prosiak (TCP)
Port 33577:
PsychWard
(TCP)
Port 33777:
PsychWard
(TCP)
Port 33911:
Trojan
Spirit 2001a (TCP)
Port 34324:
BigGluck,
TN, Tiny Telnet Server (TCP)
Port 34555:
Trin00
(Windows) (DDoS) (UDP)
Port 35555:
Trin00
(Windows) (DDoS) (UDP)
Port 37651:
YAT
(TCP)
Port 40412:
The
Spy (TCP)
Port 40421:
Agent
40421, Masters Paradise, Master Paradise .96 (TCP)
Port
40422:
Masters Paradise 1.x (TCP)
Port
40423:
Masters Paradise, Masters
Paradise .97 (TCP)
Port 40425:
Masters
Paradise (TCP)
Port 40426:
Masters
Paradise 3.x (TCP)
Port 41000:
Audiogalaxy
Satellite (41000-50000) (TCP)
Port 41666:
Remote
Boot (TCP/UDP)
Port 43210:
Schoolbus
1.6 / 2.0 (TCP)
Port 44444:
Prosiak
(TCP)
Port 47262:
Delta
Source (UDP)
Port 47624:
Operation
FlashPoint, MSN Game Zone (TCP)
Starfleet
Command, Battlecom (TCP/UDP)
Port 49301:
Online
Keylogger (TCP)
Port 50505:
Sockets
de Troie (TCP)
Port 50766:
Fore,
Schwindler (TCP)
Port 51210:
Dialpad
(TCP)
Port 51996:
CafeIni
(TCP)
Port 53001:
Remote
Windows Shutdown (TCP)
Port 53217:
Acid
Battery 2000 (TCP)
Port 54283:
BackDoor-G,
SubSeven, Sub7(*) (TCP)
Port 54320:
Back
Orifice 2000, BO2K(*) (UDP)
Port 54321:
Schoolbus
.69-1.11 + 1.6 + 2.0, Back Orifice 2000, BO2K(*) (TCP/UDP)
Port
57341:
NetRaider (TCP)
Port
58339:
ButtFunnel (TCP)
Port
60000:
Deep Throat 2.0 / 3.0 (TCP)
Port
60068:
Xzip 6000068 (TCP)
Port
60411:
Connection (TCP)
Port
61348:
Bunker-Hill (TCP)
Port
61466:
Telecommando (TCP)
Port
61603:
Bunker-Hill (TCP)
Port
63485:
Bunker-Hill (TCP)
Port
65000:
Devil Trojan 1.03, Stacheldraht
(DDoS) (TCP)
Port 65432:
The
Traitor (TCP/UDP)
Port 65535:
RC
(TCP)
Help - my ports are being monitored!
The world is full of people who believe that by buying a set of tools, they will automatically acquire the skills to improve their cars, houses and other belongings. The reality is that they often cause a lot of damage, which is either left "as is" for years, or requires the work of a professional to repair.
In the wrong hands, any tool becomes anywhere from useless to positively dangerous. A scalpel may be used to perform intricate life-saving surgery. But not in my hands, and unless you're a surgeon, probably not in yours either.
Market forces being what they are, an endless variety of online security tools and applications have sprung up over the past few years. These may act as a firewall between your system and the outside world, may protect your hard drives from viruses, and may keep your system clean of trojans or trojan horses.
One fairly common tool is some form of application that monitors the ports on your system.
Let's take a quick step back, and make sure that we're clear on what a port actually is. The basic idea is that your computer does not have a single "Internet" channel as such. Although your connection may use one actual cable, the fact is that your computer will communicate different types of data through different outlets or ports. So, for example, your web browser will use one particular port (port 80) while you surf the web. Your email software will use a different port. If you use a webcam, this may use a whole load of different ports, for video, speech, maintaining the connection and so on.
To ensure that different applications don't conflict with each other, standardised conventions have emerged with time. For instance most web browsers will use HTTP, which uses port 80 by default, most email applications use port 25 for sending mail, and port 110 for receiving them, and most newsgroup applications will use port 119.
The problem is that different applications use many different ports. Almost all of them do so for very legitimate reasons. A very common scenario is that a person installs some form of port monitor or firewall software, which then alerts them when a certain application tries to use these ports.
At the time of writing this article, the following warning popped up:
At **:** on **/**/2002 the following communication was detected:
Protocol: TCP (Inbound)
Remote address ***.**.111.34 : 3439
A remote computer is attempting to establish a connection with your computer.
The question is, how on earth are you supposed to know what this means? And how are you supposed to understand what any similar alerts that may appear in the future mean? One way is to learn. Do a search on Google for phrases like "port monitoring", and you'll see there are no shortage of places to look for information. But the fact is that there's a lot of confusing information to absorb, and it may be some time before you're confident enough to understand the risks that may or may not be involved.
My own belief is that taking some basic preventative steps is many times more effective than floundering for a cure later. Let's break the issue down into two basic areas. People, sites or servers trying to access your computer from outside, and software on your system that is trying to "get out" through your web connection.
I have to admit to having a very basic rule for the incoming traffic. It's basic common sense. If I am online, and I get an alert from my firewall that XXX is trying to access port YYY on my machine I have two options. Let it, or deny it. If I'm expecting something from that person, eg an incoming voice chat, I'll accept it. If I don't know what it is, I'll deny it. If I block someone or something and they need to get through, what's the worst thing that can happen? If in doubt, keep it out.
===============================================================