trojan port list
TRANSCRIPT
-
8/13/2019 Trojan Port List
1/13
Trojan Port List
HOW YOUR COMPUTER COMMUNICATES WITHTHE OUTSIDE WORLD
For your computer to be able to connect to the Internet and surf the web,download information and files, to run software updates and send and receiveemails and messages you have to connect to the outside world.
You already knew that, so pretty simple so far.
Without getting too technical, this connection mechanism in a computer is calledan IP Port and most of us are aware that our computers have a unique IPaddress so that we can receive information across the internet. Because thereare a large number of processes that potentially may need to be runningsimultaneously, the IP (Internet Protocol) system has some 65535 available
ports.
This may seem like an excessively large number but it ensures that channelconflicts are unlikely to arise particularly as new applications, programs andservices continue to evolve, and as each process usually requires at least oneunique sending and receiving port for each function and more if you are part of anetwork.
Each port is known by its port number with certain key ports being reserved forparticular functions. IANA is the governing body that issues registrations for useof IP ports which are divided into three ranges;
Ports 0 to 1023 are known as the Well Known Ports used for the mostcommon functions,Ports 1024 to 49151 designated as Registered Ports andPorts in the range 49152 to 65535 are defined as Dynamic or Private
Ports.
Network Sorcery'sIP Port Assignment page is for the real geeks among you tocheck out what applications or functions, if any, are allocated to which ports.
Actually, it can be a useful reference if a suspicious connection is detected usinga certain port and you want to determine if the connection may be part of a validprocess.
IP PORT VULNERABILITIES
So an IP port is a gateway from your computer to the outside world and accessfrom the outside world into your computer. These are the city gates to yourfortress and someone decided that you needed 65000 of them to guard !
With so many trojans and spyware around and so many doors to get thru it isnot difficult to see that at some point in time you may potentially be hacked.
If some of your bandwidth ever is hijacked and is being used as a thru-channelto attack other unsuspecting users then the most common symptom will beexcessive internet activity that does not appear to correspond to trafficgenerated by any legitimate processes that you have running.
One tool you use to check this quickly is Microsoft's built-in Task Manager,(Control Alt & Delete then select Task Manager). Use the tabs to navigate to seewhat processes are running and which ones are using your system resources.
ANTI-TROJAN.ORG
"It's a dangerousbusiness going outyour front door."~ J. R. R. Tolkien
The Fellowship of the Ring
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
2/13
Look at system resources being used and applications running.
Check your internet connection Icon and see what the internet send/receiveactivity levels are after closing all unnecessary programs. Note any suspiciousapplications for further investigation.
If a Trojan does penetrate your Firewall/Scanner security shield and attempts todownload some spyware to send information back to the hacker host it will needto open two ports on your machine to do so. IP Ports then are a vulnerability butas any traffic must pass thru these they can also become a detection point withthe r ight monitoring software.
Return to top
USEFUL MONITORING AND DETECTION TOOLS
The following are useful detection tools for determining what processes areaccessing the internet from your computer.
Process Explorer V11.21 (FREEWARE)
This utility is like a beefed up Task Manager.
Process Explorercan be used to find out program has a particular file ordirectory open and shows you information about which handles and DLLsprocesses have opened or loaded.
The top display frame of Process Explorer lists all the active processes, includingthe master application names and the lower frame shows dependant information
for any process selected. Another setting identifies what applications areaccessing which DLLs, Dynamic Linked Libraries, - mini program directory listswhich are accessed by active applications periodically to allow them run on yourcomputer.
Process Explorer is compatible with Windows 2000 SP4 and Windows XP.
Fport (FREEWARE)
Fport V2.0
Fport identifies unknown open ports and their associated applications. It reportsall open TCP/IP and UDP ports and maps them to the owning application.
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
3/13
This is the same information you would see using the 'netstat -a' or 'netstat n'commands, but it also maps those ports to running processes with the PID,process name and path.
Fport can be used to quickly identify unknown open ports and their associatedapplications.
Fport is compatible with Windows NT4, Windows 2000 and Windows XP Copyright2002 (c) by Foundstone, Inc. www.foundstone.com
FreePortScanner V2.7 (FREEWARE)
Free Port Scanneris a small, fast, robust port scanner for the Win32 platformand the display panel is simple but easy to use.
Scans can be done in a few seconds and can be on predefined port ranges. Thistool uses TCP packets to determine available hosts, open ports and serviceassociated with the port and other important characteristics.
Copyright by NSAUDITOR.COM
Compatible with Windows2000,WinXP,Windows2003
Return to top
TROJAN PORT ARCHIVE LIST
The following Trojan Port list compiled by Jonathan Read was current circa 2004before the Trojan/Spyware/Malware explosion. It shows which ports knowntrojans open to exchange information with the remote hacker host. Theinformation is posted here as an archival list for reference purposes.
PortOpened
ProtocolUsed
Name of trojan or trojans
1 UDP Sockets des Troie
2 TCP Death
20 TCP Senna Spy FTP server
21 TCP
Back Construction, Blade Runner, Cattivik FTPServer, CC Invader, Dark FTP, Doly Trojan,Freddy beta 2 - beta 3, Fore, Invisible FTP,Juggernaut 42, Larva, MotIv FTP, NetAdministrator, Ramen, Senna Spy FTP server,The Flu, Traitor 21, WebEx, WinCrash
22 TCP Shaft
23 TCPFire HacKer, Tiny Telnet Server - TTS, TruvaAtl, My Very Own Trojan
25 TCP
Ajan, Antigen, Barok, BSE Trojan, EmailPassword Sender - EPS, EPS II, Gip, Gris,Happy99, Hpteam mail, Hybris, I love you,Kuang2, Magic Horse, MBT (Mail BombingTrojan), Moscow Email trojan, Naebi, NewApt
worm, ProMail trojan, Shtirlitz, Stealth,Stukach, Tapiras, Terminator, WinPC, WinSpy
30 TCP Agent 40421
31 TCP Agent 31, Hackers Paradise, Masters Paradise
39 TCP SubSARI
41 TCP Deep Throat, Foreplay
44 TCP Arctic Trojan
48 TCP D.R.A.T
50 TCP D.R.A.T
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
4/13
58 TCP DMSetup
59 TCP DMSetup
79 TCP CDK, Firehotcker
80 TCP, ACK
711 Beta, Back End, AckCmd (ack), CGIBackDoor, Exector, Hooker, Ring Zero, WebServe 2, Back End, Back Orifice 2000 Plug-Ins,Cafeini, CGI Backdoor, Executor, God Message,God Message Creator, Hooker, IISworm, MTX,NCX, Reverse WWW Tunnel Backdoor,RingZero, Seeker, WAN Remote, Web ServerCT, WebDownloader
81 TCP RemoConChubo
99 TCP Hidden Port, NCX
110 TCP ProMail
113 TCP Invisible Identd Deamon, Kazimas
119 TCP Happy99
121 TCP, UDP Attack Bot, God Message, JammerKillah (UDP)
123 TCP NetController
133 TCP Farnaz
137 TCP, UDP Chode, MSinit (UDP)
138 TCP Chode
139 TCPChode, God Message worm, MSinit, Netlog,Network, Qaz
142 TCP NetTaxi
146 TCP, UDP The infector
170 TCP A-Trojan
334 TCP Backage
411 TCP Backage
420 TCP Breach, Incognito
421 TCP TCP Wrappers trojan
455 TCP Fatal Connections 2.0
456 TCPHackers Paradise 2 beta 3, Masters Paradise 98beta 2, Masters Paradise 99 beta 9.9d
513 TCP Grlogin
514 TCP RPC Backdoor
531 TCP Net666, Rasmin
555 TCP711, Ini-Killer, Net Administrator, Phase Zero,Phase-0, Stealth Spy
605 TCP Secret Service
666 TCP
Attack FTP, Back Construction, BLA trojan,
Cain & Abel, NokNok, Satans Back Door,ServU, ShadowPhyre, th3r1pp3rz
667 TCP SniperNet
669 TCP DP trojan
692 TCP GayOL
777 TCP AimSpy, Undetected
808 TCP WinHole
911 TCP, UDP DarkShadow's trojan
999 TCP, UDP Deep Throat, Foreplay, WinSatan
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
5/13
1000 TCP DerSpaeher, Direct Connection
1001 TCP DerSpaeher, Le Guardien, SK Silencer, WebEx
1010 TCP Doly
1011 TCP Doly
1012 TCP Doly
1015 TCP Doly
1016 TCP Doly
1020 TCP Vampire
1024 TCP Latinus 1.0, Latinus 1.2, NetSpy, Jade
1025 TCP, UDPFraggle Rock, NetSpy, Remote Storm (TCP andUDP)
1031 TCP Xanadu
1035 TCP Multidropper
1042 TCP BLA
1045 TCP Rasmin
1050 TCP MiniCommand
1053 TCP Thief
1054 ACKAckCmd
1066 TCP B.F. Evolution
1080 TCP WinHole
1081 TCP WinHole
1082 TCP WinHole
1083 TCP WinHole
1090 TCP Xtreme
1095 TCP Remote Administration Tool
1097 TCP Remote Administration Tool
1098 TCP Remote Administration Tool
1099 TCP B.F.Evolution
1104 UDP RexxRave
1150 TCP Orion
1151 TCP Orion
1170 TCPPsyber Stream Server, Streaming AudioServer, VoiceDLL
1200 UDP NoBackO
1201 UDP NoBackO
1207 TCP SoftWAR
1208 TCP Infector
1212 TCP Kaos
1234 TCP Ultor's Telnet Trojan, SubSeven Java client
1243 TCP SubSeven, SubSeven, Tiles
1245 TCP Voodoo Doll
1255 TCP Scarab
1256 TCP Project nEXT
1269 TCP Mavericks Matrix
1272 TCP The Matrix
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
6/13
1313 TCP NETrojan
1338 TCP Millenium Worm
1349 UDP Back Orifice DLL
1386 TCP Dagger
1394 TCP Gofriller
1441 TCP Remote Storm
1492 TCP FTP99cmp
1524 TCP Trinoo (DDoS)
1568 TCP Remote Hack
1600 TCP Direct Connection, Shivka-Burka
1703 TCP Exploiter
1777 TCP Scarab
1807 TCP Spy Sender
1966 TCP Fake FTP
1967 TCP F.Y.E.O, WM FTP Server
1969 TCP OpC Back orifice
1981 TCP Bowl 1.0, ShockRave
1991 TCP Pitfall
1999 TCP BackDoor, Transmission Scout
2000 TCPDerSpaeher, Insane Network, Last 2000,Remote Explorer 2000, Senna Spy TrojanGenerator
2001 TCP DerSpaeher, Trojan Cow
2023 TCP Ripper Pro
2080 TCP WinHole
2115 TCP Bugs
2130 UDP Mini Backlash
2140 UDP Invasor, Deep Throat, Foreplay
2155 TCP Illusion Mailer
2255 TCP Nirvana
2283 TCP Hvl RAT
2300 TCP Xplorer
2311 TCP Studio 54
2330 TCP Contact
2331 TCP Contact
2332 TCP Contact2333 TCP Contact
2334 TCP Contact
2335 TCP Contact
2336 TCP Contact
2337 TCP Contact
2338 TCP Contact
2339 TCP, UDP Voice Spy
2345 TCP Doly
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
7/13
2565 TCP Striker
2583 TCP WinCrash
2589 TCP Dagger
2600 TCP Digital Root beer
2716 TCP The Prayer
2773 TCP Subseven
2774 TCP Subseven
2801 TCP Phineas Phucker
2989 UDP R.A.T.
3000 TCP InetSpy beta 1, Remote Shut
3024 TCP WinCrash
3031 TCP Microspy
3128 TCP Reverse WWW Tunnel Backdoor, RingZero
3129 TCP Masters Paradise
3131 TCP SubSARI
3150 UDP Invasor, Mini BackLash, Deep Throat, Foreplay
3456 TCP Terror trojan
3457 TCP P.E.T
3459 TCP Eclipse 2000, Sanctuary
3700 TCP Portal of Doom
3777 TCP Psychward
3791 TCP Total Solar Eclypse
3801 TCP Total Solar Eclypse
4000 TCP Skydance
4092 TCP WinCrash
4201 TCP WarTrojan
4242 TCP Virtual Hacking Machine
4321 TCP Bobo
4444 TCP CrackDown, Prosiak, Swift Remote
4488 TCP Event Horizon
4567 TCP File Nail
4590 TCP ICQ Trojan
4653 TCP Cero
4666 TCP Mneah Trojan
4950 TCP ICQ Trojan
5000 TCPBioNet lite, Back Door Setup, Blazer5, Bubbel,ICKiller, Ra1d, Sockets des Troie
5001 TCP Back Door Setup, Sockets des Troie
5002 TCP cd00r, Shaft
5010 TCP Solo
5011 TCP One of the last trojans
5025 TCP WM Remote Keylogger
5031 TCP Net Metropolitan
5032 TCP Net Metropolitan
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
8/13
5321 TCP Firehotcker
5333 TCP Backage, NetDemon
5343 TCP wCrat
5400 TCP Back Construction, Blade Runner
5401 TCPBack Construction, Blade Runner, MneahTrojan
5402 TCPBack Construction, Blade Runner, MneahTrojan
5512 TCP Illusion Mailer
5534 TCP THE FLU
5550 TCP Xtcp
5555 TCP ServeMe
5556 TCP BO Facil
5557 TCP BO Facil
5569 TCP Robo Hack
5637 TCP PC Crasher
5638 TCP PC Crasher
5742 TCP WinCrash
5880 TCP Y3K
5882 TCP, UDP Y3K
5888 TCP, UDP Y3K
5889 TCP, UDP Y3K
6000 TCP tHing
6006 TCP Bad Blood
6272 TCP Secret Service
6400 TCP tHing
6661 TCP TEMan, Weia-Meia
6666 TCP Dark Connection Inside, NetBus worm
6667 TCPDark FTP, ScheduleAgent, Subseven, Trinity,WinSatan
6669 TCP Host Control, Vampire
6670 TCPBackWeb Server, Deep Throat, Foreplay,WinNuke eXtreame
6711 TCP SubSARI, SubSeven, VP Killer
6712 TCP Funny Trojan, Subseven
6713 TCP Subseven
6723 TCP Mstream
6771 TCP Deep Throat, Foreplay
6776 TCP 2000 Cracks, Subseven, VP Killer
6838 TCP Mstream (DDoS)
6883 TCP DELTA Source
6912 TCP ShitHeep
6939 TCP Indoctrination
6969 TCP Gatecrasher, IRC 3, Net Controller, Priority
6970 TCP Gatecrasher
7000 TCP Remote Grab
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
9/13
7001 TCP Freak88, Freak2k (DDoS)
7215 TCP Subseven
7300 TCP Net Monitor
7301 TCP Net Monitor
7306 TCP Net Monitor
7307 TCP Net Monitor
7308 TCP Net Monitor
7424 TCP, UDP Host Control
7626 TCP Glacier
7777 TCP God Message, Tini
8080 TCPBrown Orifice, RemoConChubo, Reverse WWWTunnel Backdoor, Ring Zero
8787 TCP BO2K
8988 TCP Back Hack
8989 TCP Rcon, Recon, Xcon
9000 TCP Netministrator
9325 UDP Mstream
9400 TCP Incommand
9872 TCP Portal of Doom
9873 TCP Portal of Doom
9874 TCP Portal of Doom
9875 TCP Cyber Attacker, RUX
9878 TCP Trans scout
9989 TCP INI Killer
9999 TCP Prayer
10067 UDP Portal of Doom
10085 TCP Syphilis
10086 TCP Syphilis
10100 TCP Control total beta 4, Gift
10101 TCP BrainSpy Beta, Silencer
10167 UDP Portal of Doom
10520 TCP Acid Shivers
10528 TCP Host Control
10607 TCP COMA
10666 UDP Ambush 1.0
11000 TCP Senna SPY
11050 TCP Host Control
11051 TCP Host Control
11223 TCP Progenic trojan, Secret Agent
12076 TCP Gjamer
12223 TCP Hack99 KeyLogger
12310 TCP Precursor
12345 TCPAshley, Fat Bitch trojan, Gabanbus, Mypic,Netbus, Netbus Toy, NetBus worm, Pie BillGates, Whack Job, X-bill, ValV-N.E.t
n Port List http://www.anti-trojan.org/port_op
3 8/19/2013
-
8/13/2019 Trojan Port List
10/13
12346 TCPFat Bitch trojan, Gabanbus, Mypic, Netbus,Netbus Toy, NetBus worm, Pie Bi ll Gates,Whack Job, X-bill, ValV-N.E.t
12349 TCP Bionet
12361 TCP Whack-a-Mole
12362 TCP Whack-a-Mole
12623 UDP DUN Control
12624 TCP ButtMan
12631 TCP Whack job
12754 TCP Mstream (DDoS)
13000 TCP Senna SPY
13010 TCP HBR (Hacker Brazil)
13013 TCP Psychward
13014 TCP Psychward
13223 TCP Hack99 KeyLogger
13473 TCP Chupacabra
14500 TCP PC Invader
14501 TCP PC Invader
14502 TCP PC Invader
14503 TCP PC Invader
15000 TCP NetDemon
15092 TCP Host Control
15104 TCP Mstream (DDoS)
15382 TCP SubZERO
15858 TCP CDK
16484 TCP MoSucker
16660 TCP Stacheldraht (DDoS)
16772 TCP ICQ Revenge
16959 TCP Subseven
16969 TCP Priority
17166 TCP Mosaic
17300 TCP Kuang 2 the Virus
17449 TCP Kid Terror
17499 TCP CrazzyNet
17500 TCP CrazzyNet
17569 TCP The Infector17593 TCP AudioDoor
17777 TCP Nephron
18753 UDP SHAFT
19864 TCP ICQ Revenge
20000 TCP Millenium
20001 TCP Insect, Millenium, Millenium (Lm)
20002 TCP AcidkoR
20005 TCP MoSucker
n Port List http://www.anti-trojan.org/port_op
13 8/19/2013
-
8/13/2019 Trojan Port List
11/13
20023 TCP VP Killer
20034 TCPNetBus 2.0 Pro, NetBus 2.0 Pro Hidden,NetRex, Whack Job
20203 TCP Chupacabra
20331 TCP BLA
20432 TCP Shaft
20433 UDP Shaft
21544 TCPGirlfriend, Exploiter, Freddy, Kid Terror,Maverick's Matrix
21554 TCP Exploiter, Kid Terror, Schwindler, Winsp00fer
22222 TCP Donald Dick, Prosiak, Ruler, RUX The TIc.K
23005 TCP Nettrash
23006 TCP Nettrash
23023 TCP Logged
23032 TCP Amanda
23432 TCP Asylum
23456 TCP Evil FTP, Ugly FTP, Whack Job
23476 TCP, UDP Donald Dick
23477 TCP Donald Dick
23777 TCP InetSpy beta 1
24000 TCP The Infector
25123 TCP Goy'Z Trojan
25685 TCP Moonpie
25686 TCP Moonpie
25982 TCP Moonpie
26274 UDP Delta Source
26681 TCP Voice Spy
27160 TCP Moonpie
27374 TCPBad Blood, Ramen, Seeker, Subseven,Ttfloader
27444 UDP TRINOO (DDoS)
27573 TCP Subseven
27665 TCP TRINOO (DDoS)
28678 TCP Exploiter
29104 TCP NETrojan
29891 UDP The Unexplained
30000 TCP Infector ?30001 TCP Err0r32
30003 TCP Lamers Death
30029 TCP AOL Trojan
30070 TCP Mantis (shaban)
30101 TCP NetSphere
30102 TCP NetSphere
30103 TCP, UDP NetSphere
30133 TCP NetSphere
n Port List http://www.anti-trojan.org/port_op
13 8/19/2013
-
8/13/2019 Trojan Port List
12/13
30303 TCP Sockets des Troie
30947 TCP Intruse
30999 TCP Kuang2
31335 TCP Trinoo
31336 TCP, UDP Bo Whack, Butt Funnel
31337 TCP, UDPBack Fire, Back Orifice, Baron Night, Beeone,BO Facil, BO spy, BO2, Freak88, Freak2k
31338 TCP, UDP DK NetSpy, Deep BO31339 TCP, UDP NetSpy (DK)
31557 TCP Xanadu
31666 TCP Bowhack
31785 TCP, UDP Hack'a'Tack
31787 TCP, UDP Hack'a'Tack
31788 TCP, UDP Hack'a'Tack
31789 TCP, UDP Hack'a'Tack
31790 TCP, UDP Hack'a'Tack
31791 UDP Hack'a'Tack
31792 UDP Hack'a'Tack
32001 TCP Donald Dick
32100 TCP Peanut Brittle, Project nEXT
32418 TCP Acid Battery
33270 TCP Trinity (DDoS)
33333 TCP Blakharaz, Prosiak
33577 TCP Son of Psychward
33777 TCP Son of Psychward
33911 TCP Spirit 2000, Spirit 2001
34324 TCP Big Gluck, TN
34444 TCP Donald Dick
34555 UDP WINTrinoo (DDoS)
35555 UDP WINTrinoo (DDoS)
37237 TCP Mantis
37651 TCP Y.A.T.
40412 TCP The Spy Beta 1
40421 TCP Agent 40421, Masters Paradise
40422 TCP Masters Paradise
40423 TCP Masters Paradise
40425 TCP Masters Paradise
40426 TCP Masters Paradise
41337 TCP Storm
41666 TCP, UDP Remote Boot Tool
44444 TCP Prosiak
44575 TCP Exploiter
47262 TCP, UDP Delta source
n Port List http://www.anti-trojan.org/port_op
13 8/19/2013
-
8/13/2019 Trojan Port List
13/13
48004 TCP Fraggle Rock
48006 TCP Fraggle Rock
49000 TCP Fraggle Rock
49301 TCP OnLine KeyLogger
50000 TCP SubSARI
50130 TCP Enterprise
50505 TCP Sockets des Troie
50766 TCP Fore, Schwindler
51966 TCP CAFEiNi
52317 TCP Acid Battery 2000
53001 TCP Remote Windows Shutdown
54283 TCP SubSeven
54320 TCP BO2K
54321 TCP BO2K, SchoolBus
55165 TCP File Manager Trojan
55166 TCP File Manager Trojan, WM Trojan Generator
57341 TCP NetRaider
58339 TCP Butt Funnel
60000 TCP Deep Throat, Foreplay, Sockets des Troie
60001 TCP Trinity (DDoS)
60068 TCP Xzip 6000068
60411 TCP Connection
61348 TCP Bunker Hill
61466 TCP Telecommando
61603 TCP Bunker Hill
63485 TCP Bunker Hill
64101 TCP Taskman
65000 TCP Devil, Sockets des Troie, Stacheldraht (DDoS)
65390 TCP Eclypse
65421 TCP Jade
65432 TCP, UDP Traitor
65530 TCP Windows Mite
65535 TCP RC
copyright 2001 anti-trojan.org
Return to top
anti-trojan.orgDisclaimer
Home What is a Trojan? Adware ? Spyware ? Trojan ? Virus ?
Protection & Control Have I got a Trojan? Help Ive been Hacked
Hoaxes Phishing Scams Why target me ?
Trojan Archives 10 Simple Anti-Trojan Rules Trojan Port List FAQ
Technical Assistance Forums Software Reviews Rogue Software
Software Downloads Link to Us Internet Security Sites Contact Us
About Anti-Trojan.org Other Helpful Stuff Recommended Reading Disclaimer
n Port List http://www.anti-trojan.org/port_op