trojan port list

8/13/2019 Trojan Port List

1/13

Trojan Port List

HOW YOUR COMPUTER COMMUNICATES WITHTHE OUTSIDE WORLD

For your computer to be able to connect to the Internet and surf the web,download information and files, to run software updates and send and receiveemails and messages you have to connect to the outside world.

You already knew that, so pretty simple so far.

Without getting too technical, this connection mechanism in a computer is calledan IP Port and most of us are aware that our computers have a unique IPaddress so that we can receive information across the internet. Because thereare a large number of processes that potentially may need to be runningsimultaneously, the IP (Internet Protocol) system has some 65535 available

ports.

This may seem like an excessively large number but it ensures that channelconflicts are unlikely to arise particularly as new applications, programs andservices continue to evolve, and as each process usually requires at least oneunique sending and receiving port for each function and more if you are part of anetwork.

Each port is known by its port number with certain key ports being reserved forparticular functions. IANA is the governing body that issues registrations for useof IP ports which are divided into three ranges;

Ports 0 to 1023 are known as the Well Known Ports used for the mostcommon functions,Ports 1024 to 49151 designated as Registered Ports andPorts in the range 49152 to 65535 are defined as Dynamic or Private

Ports.

Network Sorcery'sIP Port Assignment page is for the real geeks among you tocheck out what applications or functions, if any, are allocated to which ports.

Actually, it can be a useful reference if a suspicious connection is detected usinga certain port and you want to determine if the connection may be part of a validprocess.

IP PORT VULNERABILITIES

So an IP port is a gateway from your computer to the outside world and accessfrom the outside world into your computer. These are the city gates to yourfortress and someone decided that you needed 65000 of them to guard !

With so many trojans and spyware around and so many doors to get thru it isnot difficult to see that at some point in time you may potentially be hacked.

If some of your bandwidth ever is hijacked and is being used as a thru-channelto attack other unsuspecting users then the most common symptom will beexcessive internet activity that does not appear to correspond to trafficgenerated by any legitimate processes that you have running.

One tool you use to check this quickly is Microsoft's built-in Task Manager,(Control Alt & Delete then select Task Manager). Use the tabs to navigate to seewhat processes are running and which ones are using your system resources.

ANTI-TROJAN.ORG

"It's a dangerousbusiness going outyour front door."~ J. R. R. Tolkien

The Fellowship of the Ring

n Port List http://www.anti-trojan.org/port_op

3 8/19/2013


2/13

Look at system resources being used and applications running.

Check your internet connection Icon and see what the internet send/receiveactivity levels are after closing all unnecessary programs. Note any suspiciousapplications for further investigation.

If a Trojan does penetrate your Firewall/Scanner security shield and attempts todownload some spyware to send information back to the hacker host it will needto open two ports on your machine to do so. IP Ports then are a vulnerability butas any traffic must pass thru these they can also become a detection point withthe r ight monitoring software.

Return to top

USEFUL MONITORING AND DETECTION TOOLS

The following are useful detection tools for determining what processes areaccessing the internet from your computer.

Process Explorer V11.21 (FREEWARE)

This utility is like a beefed up Task Manager.

Process Explorercan be used to find out program has a particular file ordirectory open and shows you information about which handles and DLLsprocesses have opened or loaded.

The top display frame of Process Explorer lists all the active processes, includingthe master application names and the lower frame shows dependant information

for any process selected. Another setting identifies what applications areaccessing which DLLs, Dynamic Linked Libraries, - mini program directory listswhich are accessed by active applications periodically to allow them run on yourcomputer.

Process Explorer is compatible with Windows 2000 SP4 and Windows XP.

Fport (FREEWARE)

Fport V2.0

Fport identifies unknown open ports and their associated applications. It reportsall open TCP/IP and UDP ports and maps them to the owning application.


3 8/19/2013


3/13

This is the same information you would see using the 'netstat -a' or 'netstat n'commands, but it also maps those ports to running processes with the PID,process name and path.

Fport can be used to quickly identify unknown open ports and their associatedapplications.

Fport is compatible with Windows NT4, Windows 2000 and Windows XP Copyright2002 (c) by Foundstone, Inc. www.foundstone.com

FreePortScanner V2.7 (FREEWARE)

Free Port Scanneris a small, fast, robust port scanner for the Win32 platformand the display panel is simple but easy to use.

Scans can be done in a few seconds and can be on predefined port ranges. Thistool uses TCP packets to determine available hosts, open ports and serviceassociated with the port and other important characteristics.

Copyright by NSAUDITOR.COM

Compatible with Windows2000,WinXP,Windows2003

Return to top

TROJAN PORT ARCHIVE LIST

The following Trojan Port list compiled by Jonathan Read was current circa 2004before the Trojan/Spyware/Malware explosion. It shows which ports knowntrojans open to exchange information with the remote hacker host. Theinformation is posted here as an archival list for reference purposes.

PortOpened

ProtocolUsed

Name of trojan or trojans

1 UDP Sockets des Troie

2 TCP Death

20 TCP Senna Spy FTP server

21 TCP

Back Construction, Blade Runner, Cattivik FTPServer, CC Invader, Dark FTP, Doly Trojan,Freddy beta 2 - beta 3, Fore, Invisible FTP,Juggernaut 42, Larva, MotIv FTP, NetAdministrator, Ramen, Senna Spy FTP server,The Flu, Traitor 21, WebEx, WinCrash

22 TCP Shaft

23 TCPFire HacKer, Tiny Telnet Server - TTS, TruvaAtl, My Very Own Trojan

25 TCP

Ajan, Antigen, Barok, BSE Trojan, EmailPassword Sender - EPS, EPS II, Gip, Gris,Happy99, Hpteam mail, Hybris, I love you,Kuang2, Magic Horse, MBT (Mail BombingTrojan), Moscow Email trojan, Naebi, NewApt

worm, ProMail trojan, Shtirlitz, Stealth,Stukach, Tapiras, Terminator, WinPC, WinSpy

30 TCP Agent 40421

31 TCP Agent 31, Hackers Paradise, Masters Paradise

39 TCP SubSARI

41 TCP Deep Throat, Foreplay

44 TCP Arctic Trojan

48 TCP D.R.A.T

50 TCP D.R.A.T


3 8/19/2013


4/13

58 TCP DMSetup

59 TCP DMSetup

79 TCP CDK, Firehotcker

80 TCP, ACK

711 Beta, Back End, AckCmd (ack), CGIBackDoor, Exector, Hooker, Ring Zero, WebServe 2, Back End, Back Orifice 2000 Plug-Ins,Cafeini, CGI Backdoor, Executor, God Message,God Message Creator, Hooker, IISworm, MTX,NCX, Reverse WWW Tunnel Backdoor,RingZero, Seeker, WAN Remote, Web ServerCT, WebDownloader

81 TCP RemoConChubo

99 TCP Hidden Port, NCX

110 TCP ProMail

113 TCP Invisible Identd Deamon, Kazimas

119 TCP Happy99

121 TCP, UDP Attack Bot, God Message, JammerKillah (UDP)

123 TCP NetController

133 TCP Farnaz

137 TCP, UDP Chode, MSinit (UDP)

138 TCP Chode

139 TCPChode, God Message worm, MSinit, Netlog,Network, Qaz

142 TCP NetTaxi

146 TCP, UDP The infector

170 TCP A-Trojan

334 TCP Backage

411 TCP Backage

420 TCP Breach, Incognito

421 TCP TCP Wrappers trojan

455 TCP Fatal Connections 2.0

456 TCPHackers Paradise 2 beta 3, Masters Paradise 98beta 2, Masters Paradise 99 beta 9.9d

513 TCP Grlogin

514 TCP RPC Backdoor

531 TCP Net666, Rasmin

555 TCP711, Ini-Killer, Net Administrator, Phase Zero,Phase-0, Stealth Spy

605 TCP Secret Service

666 TCP

Attack FTP, Back Construction, BLA trojan,

Cain & Abel, NokNok, Satans Back Door,ServU, ShadowPhyre, th3r1pp3rz

667 TCP SniperNet

669 TCP DP trojan

692 TCP GayOL

777 TCP AimSpy, Undetected

808 TCP WinHole

911 TCP, UDP DarkShadow's trojan

999 TCP, UDP Deep Throat, Foreplay, WinSatan


3 8/19/2013


5/13

1000 TCP DerSpaeher, Direct Connection

1001 TCP DerSpaeher, Le Guardien, SK Silencer, WebEx

1010 TCP Doly

1011 TCP Doly

1012 TCP Doly

1015 TCP Doly

1016 TCP Doly

1020 TCP Vampire

1024 TCP Latinus 1.0, Latinus 1.2, NetSpy, Jade

1025 TCP, UDPFraggle Rock, NetSpy, Remote Storm (TCP andUDP)

1031 TCP Xanadu

1035 TCP Multidropper

1042 TCP BLA

1045 TCP Rasmin

1050 TCP MiniCommand

1053 TCP Thief

1054 ACKAckCmd

1066 TCP B.F. Evolution

1080 TCP WinHole

1081 TCP WinHole

1082 TCP WinHole

1083 TCP WinHole

1090 TCP Xtreme

1095 TCP Remote Administration Tool



1099 TCP B.F.Evolution

1104 UDP RexxRave

1150 TCP Orion

1151 TCP Orion

1170 TCPPsyber Stream Server, Streaming AudioServer, VoiceDLL

1200 UDP NoBackO

1201 UDP NoBackO

1207 TCP SoftWAR

1208 TCP Infector

1212 TCP Kaos

1234 TCP Ultor's Telnet Trojan, SubSeven Java client

1243 TCP SubSeven, SubSeven, Tiles

1245 TCP Voodoo Doll

1255 TCP Scarab

1256 TCP Project nEXT

1269 TCP Mavericks Matrix

1272 TCP The Matrix


3 8/19/2013


6/13

1313 TCP NETrojan

1338 TCP Millenium Worm

1349 UDP Back Orifice DLL

1386 TCP Dagger

1394 TCP Gofriller

1441 TCP Remote Storm

1492 TCP FTP99cmp

1524 TCP Trinoo (DDoS)

1568 TCP Remote Hack

1600 TCP Direct Connection, Shivka-Burka

1703 TCP Exploiter

1777 TCP Scarab

1807 TCP Spy Sender

1966 TCP Fake FTP

1967 TCP F.Y.E.O, WM FTP Server

1969 TCP OpC Back orifice

1981 TCP Bowl 1.0, ShockRave

1991 TCP Pitfall

1999 TCP BackDoor, Transmission Scout

2000 TCPDerSpaeher, Insane Network, Last 2000,Remote Explorer 2000, Senna Spy TrojanGenerator

2001 TCP DerSpaeher, Trojan Cow

2023 TCP Ripper Pro

2080 TCP WinHole

2115 TCP Bugs

2130 UDP Mini Backlash

2140 UDP Invasor, Deep Throat, Foreplay

2155 TCP Illusion Mailer

2255 TCP Nirvana

2283 TCP Hvl RAT

2300 TCP Xplorer

2311 TCP Studio 54

2330 TCP Contact

2331 TCP Contact

2332 TCP Contact2333 TCP Contact

2334 TCP Contact

2335 TCP Contact

2336 TCP Contact

2337 TCP Contact

2338 TCP Contact

2339 TCP, UDP Voice Spy

2345 TCP Doly


3 8/19/2013


7/13

2565 TCP Striker

2583 TCP WinCrash

2589 TCP Dagger

2600 TCP Digital Root beer

2716 TCP The Prayer

2773 TCP Subseven

2774 TCP Subseven

2801 TCP Phineas Phucker

2989 UDP R.A.T.

3000 TCP InetSpy beta 1, Remote Shut

3024 TCP WinCrash

3031 TCP Microspy

3128 TCP Reverse WWW Tunnel Backdoor, RingZero

3129 TCP Masters Paradise

3131 TCP SubSARI

3150 UDP Invasor, Mini BackLash, Deep Throat, Foreplay

3456 TCP Terror trojan

3457 TCP P.E.T

3459 TCP Eclipse 2000, Sanctuary

3700 TCP Portal of Doom

3777 TCP Psychward

3791 TCP Total Solar Eclypse

3801 TCP Total Solar Eclypse

4000 TCP Skydance

4092 TCP WinCrash

4201 TCP WarTrojan

4242 TCP Virtual Hacking Machine

4321 TCP Bobo

4444 TCP CrackDown, Prosiak, Swift Remote

4488 TCP Event Horizon

4567 TCP File Nail

4590 TCP ICQ Trojan

4653 TCP Cero

4666 TCP Mneah Trojan

4950 TCP ICQ Trojan

5000 TCPBioNet lite, Back Door Setup, Blazer5, Bubbel,ICKiller, Ra1d, Sockets des Troie

5001 TCP Back Door Setup, Sockets des Troie

5002 TCP cd00r, Shaft

5010 TCP Solo

5011 TCP One of the last trojans

5025 TCP WM Remote Keylogger

5031 TCP Net Metropolitan

5032 TCP Net Metropolitan


3 8/19/2013


8/13

5321 TCP Firehotcker

5333 TCP Backage, NetDemon

5343 TCP wCrat

5400 TCP Back Construction, Blade Runner

5401 TCPBack Construction, Blade Runner, MneahTrojan

5402 TCPBack Construction, Blade Runner, MneahTrojan

5512 TCP Illusion Mailer

5534 TCP THE FLU

5550 TCP Xtcp

5555 TCP ServeMe

5556 TCP BO Facil

5557 TCP BO Facil

5569 TCP Robo Hack

5637 TCP PC Crasher

5638 TCP PC Crasher

5742 TCP WinCrash

5880 TCP Y3K

5882 TCP, UDP Y3K

5888 TCP, UDP Y3K

5889 TCP, UDP Y3K

6000 TCP tHing

6006 TCP Bad Blood

6272 TCP Secret Service

6400 TCP tHing

6661 TCP TEMan, Weia-Meia

6666 TCP Dark Connection Inside, NetBus worm

6667 TCPDark FTP, ScheduleAgent, Subseven, Trinity,WinSatan

6669 TCP Host Control, Vampire

6670 TCPBackWeb Server, Deep Throat, Foreplay,WinNuke eXtreame

6711 TCP SubSARI, SubSeven, VP Killer

6712 TCP Funny Trojan, Subseven

6713 TCP Subseven

6723 TCP Mstream

6771 TCP Deep Throat, Foreplay

6776 TCP 2000 Cracks, Subseven, VP Killer

6838 TCP Mstream (DDoS)

6883 TCP DELTA Source

6912 TCP ShitHeep

6939 TCP Indoctrination

6969 TCP Gatecrasher, IRC 3, Net Controller, Priority

6970 TCP Gatecrasher

7000 TCP Remote Grab


3 8/19/2013


9/13

7001 TCP Freak88, Freak2k (DDoS)

7215 TCP Subseven

7300 TCP Net Monitor





7424 TCP, UDP Host Control

7626 TCP Glacier

7777 TCP God Message, Tini

8080 TCPBrown Orifice, RemoConChubo, Reverse WWWTunnel Backdoor, Ring Zero

8787 TCP BO2K

8988 TCP Back Hack

8989 TCP Rcon, Recon, Xcon

9000 TCP Netministrator

9325 UDP Mstream

9400 TCP Incommand




9875 TCP Cyber Attacker, RUX

9878 TCP Trans scout

9989 TCP INI Killer

9999 TCP Prayer

10067 UDP Portal of Doom

10085 TCP Syphilis

10086 TCP Syphilis

10100 TCP Control total beta 4, Gift

10101 TCP BrainSpy Beta, Silencer

10167 UDP Portal of Doom

10520 TCP Acid Shivers

10528 TCP Host Control

10607 TCP COMA

10666 UDP Ambush 1.0

11000 TCP Senna SPY



11223 TCP Progenic trojan, Secret Agent

12076 TCP Gjamer

12223 TCP Hack99 KeyLogger

12310 TCP Precursor

12345 TCPAshley, Fat Bitch trojan, Gabanbus, Mypic,Netbus, Netbus Toy, NetBus worm, Pie BillGates, Whack Job, X-bill, ValV-N.E.t


3 8/19/2013


10/13

12346 TCPFat Bitch trojan, Gabanbus, Mypic, Netbus,Netbus Toy, NetBus worm, Pie Bi ll Gates,Whack Job, X-bill, ValV-N.E.t

12349 TCP Bionet

12361 TCP Whack-a-Mole

12362 TCP Whack-a-Mole

12623 UDP DUN Control

12624 TCP ButtMan

12631 TCP Whack job


13000 TCP Senna SPY

13010 TCP HBR (Hacker Brazil)

13013 TCP Psychward

13014 TCP Psychward

13223 TCP Hack99 KeyLogger

13473 TCP Chupacabra

14500 TCP PC Invader




15000 TCP NetDemon



15382 TCP SubZERO

15858 TCP CDK

16484 TCP MoSucker

16660 TCP Stacheldraht (DDoS)

16772 TCP ICQ Revenge

16959 TCP Subseven

16969 TCP Priority

17166 TCP Mosaic

17300 TCP Kuang 2 the Virus

17449 TCP Kid Terror

17499 TCP CrazzyNet

17500 TCP CrazzyNet

17569 TCP The Infector17593 TCP AudioDoor

17777 TCP Nephron

18753 UDP SHAFT

19864 TCP ICQ Revenge

20000 TCP Millenium

20001 TCP Insect, Millenium, Millenium (Lm)

20002 TCP AcidkoR

20005 TCP MoSucker


13 8/19/2013


11/13

20023 TCP VP Killer

20034 TCPNetBus 2.0 Pro, NetBus 2.0 Pro Hidden,NetRex, Whack Job

20203 TCP Chupacabra

20331 TCP BLA

20432 TCP Shaft

20433 UDP Shaft

21544 TCPGirlfriend, Exploiter, Freddy, Kid Terror,Maverick's Matrix

21554 TCP Exploiter, Kid Terror, Schwindler, Winsp00fer

22222 TCP Donald Dick, Prosiak, Ruler, RUX The TIc.K

23005 TCP Nettrash

23006 TCP Nettrash

23023 TCP Logged

23032 TCP Amanda

23432 TCP Asylum

23456 TCP Evil FTP, Ugly FTP, Whack Job

23476 TCP, UDP Donald Dick

23477 TCP Donald Dick

23777 TCP InetSpy beta 1

24000 TCP The Infector

25123 TCP Goy'Z Trojan

25685 TCP Moonpie

25686 TCP Moonpie

25982 TCP Moonpie

26274 UDP Delta Source

26681 TCP Voice Spy

27160 TCP Moonpie

27374 TCPBad Blood, Ramen, Seeker, Subseven,Ttfloader

27444 UDP TRINOO (DDoS)

27573 TCP Subseven

27665 TCP TRINOO (DDoS)

28678 TCP Exploiter

29104 TCP NETrojan

29891 UDP The Unexplained

30000 TCP Infector ?30001 TCP Err0r32

30003 TCP Lamers Death

30029 TCP AOL Trojan

30070 TCP Mantis (shaban)

30101 TCP NetSphere

30102 TCP NetSphere

30103 TCP, UDP NetSphere

30133 TCP NetSphere


13 8/19/2013


12/13

30303 TCP Sockets des Troie

30947 TCP Intruse

30999 TCP Kuang2

31335 TCP Trinoo

31336 TCP, UDP Bo Whack, Butt Funnel

31337 TCP, UDPBack Fire, Back Orifice, Baron Night, Beeone,BO Facil, BO spy, BO2, Freak88, Freak2k

31338 TCP, UDP DK NetSpy, Deep BO31339 TCP, UDP NetSpy (DK)

31557 TCP Xanadu

31666 TCP Bowhack

31785 TCP, UDP Hack'a'Tack





31791 UDP Hack'a'Tack

31792 UDP Hack'a'Tack


32100 TCP Peanut Brittle, Project nEXT

32418 TCP Acid Battery

33270 TCP Trinity (DDoS)

33333 TCP Blakharaz, Prosiak

33577 TCP Son of Psychward

33777 TCP Son of Psychward

33911 TCP Spirit 2000, Spirit 2001

34324 TCP Big Gluck, TN


34555 UDP WINTrinoo (DDoS)

35555 UDP WINTrinoo (DDoS)

37237 TCP Mantis

37651 TCP Y.A.T.

40412 TCP The Spy Beta 1

40421 TCP Agent 40421, Masters Paradise





41337 TCP Storm

41666 TCP, UDP Remote Boot Tool

44444 TCP Prosiak

44575 TCP Exploiter

47262 TCP, UDP Delta source


13 8/19/2013


13/13

48004 TCP Fraggle Rock



49301 TCP OnLine KeyLogger

50000 TCP SubSARI

50130 TCP Enterprise

50505 TCP Sockets des Troie

50766 TCP Fore, Schwindler

51966 TCP CAFEiNi

52317 TCP Acid Battery 2000

53001 TCP Remote Windows Shutdown

54283 TCP SubSeven

54320 TCP BO2K

54321 TCP BO2K, SchoolBus

55165 TCP File Manager Trojan

55166 TCP File Manager Trojan, WM Trojan Generator

57341 TCP NetRaider

58339 TCP Butt Funnel

60000 TCP Deep Throat, Foreplay, Sockets des Troie

60001 TCP Trinity (DDoS)

60068 TCP Xzip 6000068

60411 TCP Connection

61348 TCP Bunker Hill

61466 TCP Telecommando



64101 TCP Taskman

65000 TCP Devil, Sockets des Troie, Stacheldraht (DDoS)

65390 TCP Eclypse

65421 TCP Jade

65432 TCP, UDP Traitor

65530 TCP Windows Mite

65535 TCP RC

copyright 2001 anti-trojan.org

Return to top

anti-trojan.orgDisclaimer

Home What is a Trojan? Adware ? Spyware ? Trojan ? Virus ?

Protection & Control Have I got a Trojan? Help Ive been Hacked

Hoaxes Phishing Scams Why target me ?

Trojan Archives 10 Simple Anti-Trojan Rules Trojan Port List FAQ

Technical Assistance Forums Software Reviews Rogue Software

Software Downloads Link to Us Internet Security Sites Contact Us

About Anti-Trojan.org Other Helpful Stuff Recommended Reading Disclaimer


trojan port list

Documents