Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
List of Ports commonly used by Trojans
#1
Please note that this isn't a complete list by any means, but it will give you an idea of what to look out for in Netstat. Be aware that some of the lower Ports may well be running valid services.



UDP:
1349 Back Ofrice DLL
31337 BackOfrice 1.20
31338 DeepBO
54321 BackOfrice 2000


TCP:
21 Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash
23 Tiny Telnet Server
25 Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator, WinPC, WinSpy, Kuang2 0.17A-0.30
31 Hackers Paradise
80 Executor
456 Hackers Paradise
555 Ini-Killer, Phase Zero, Stealth Spy
666 Satanz Backdoor
1001 Silencer, WebEx
1011 Doly Trojan
1170 Psyber Stream Server, Voice
1234 Ultors Trojan
1243 SubSeven 1.0 - 1.8
1245 VooDoo Doll
1492 FTP99CMP
1600 Shivka-Burka
1807 SpySender
1981 Shockrave
1999 BackDoor 1.00-1.03
2001 Trojan Cow
2023 Ripper
2115 Bugs
2140 Deep Throat, The Invasor
2801 Phineas Phucker
3024 WinCrash
3129 Masters Paradise
3150 Deep Throat, The Invasor
3700 Portal of Doom
4092 WinCrash
4567 File Nail 1
4590 ICQTrojan
5000 Bubbel
5000 Sockets de Troie
5001 Sockets de Troie
5321 Firehotcker
5400 Blade Runner 0.80 Alpha
5401 Blade Runner 0.80 Alpha
5402 Blade Runner 0.80 Alpha
5400 Blade Runner
5401 Blade Runner
5402 Blade Runner
5569 Robo-Hack
5742 WinCrash
6670 DeepThroat
6771 DeepThroat
6969 GateCrasher, Priority
7000 Remote Grab
7300 NetMonitor
7301 NetMonitor
7306 NetMonitor
7307 NetMonitor
7308 NetMonitor
7789 ICKiller
8787 BackOfrice 2000
9872 Portal of Doom
9873 Portal of Doom
9874 Portal of Doom
9875 Portal of Doom
9989 iNi-Killer
10067 Portal of Doom
10167 Portal of Doom
10607 Coma 1.0.9
11000 Senna Spy
11223 Progenic trojan
12223 HackĀ“99 KeyLogger
12345 GabanBus, NetBus
12346 GabanBus, NetBus
12361 Whack-a-mole
12362 Whack-a-mole
16969 Priority
20001 Millennium
20034 NetBus 2.0, Beta-NetBus 2.01
21544 GirlFriend 1.0, Beta-1.35
22222 Prosiak
23456 Evil FTP, Ugly FTP
26274 Delta
30100 NetSphere 1.27a
30101 NetSphere 1.27a
30102 NetSphere 1.27a
31337 Back Orifice
31338 Back Orifice, DeepBO
31339 NetSpy DK
31666 BOWhack
33333 Prosiak
34324 BigGluck, TN
40412 The Spy
40421 Masters Paradise
40422 Masters Paradise
40423 Masters Paradise
40426 Masters Paradise
47262 Delta
50505 Sockets de Troie
50766 Fore
53001 Remote Windows Shutdown
54321 SchoolBus .69-1.11
61466 Telecommando
65000 Devil

http://www.bleepingcomputer.com/tutorial...ial99.html
Reply
#2
Nice info. But the red is hurting my eyes.
Reply
#3
(04-12-2010, 04:56 AM)BrainDeadFreak Wrote: Nice info. But the red is hurting my eyes.

Geeze. Took me like 5 minutes to do that. I'll change it.
Reply
#4
Looks nice. I might refer to this some time. Thanks.
Reply
#5
You forgot to add port 3074
Reply
#6
That is a nice list you have compiled. Although I wouldn't JUST block those ports because of the massive security risk. The manufacturer of the Trojan can easily change the ports used.
-Poppins
WhiteHat Hacker, Infection Control and HJT Team Trainee
Poppinsā„¢
Originally from: Hackforums.net
Reply
#7
Excellent resource. Thanks for posting.
[Image: csx47jm4kbi80w88ajnf.png]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [TUT]Remove Rat Servers/Trojans/Connections M_a_X 8 6,010 06-18-2011, 12:28 PM
Last Post: +Moon

Forum Jump:


Users browsing this thread: 1 Guest(s)