PC Helpful TipsPC Helpful TipsPorts
There are more than 65,000 ports in the Windows operating system (65,535 TCP ports and 65,535 UDP ports). Hardware ports are used by printers and modems or NIC cards. A port is also an interface in a network device or a logical channel in a communications system. Network services use unique port number defined in the Network Information Service "services" database. Pirate programs use port monitors to find open ports and launch their programs on your machine using remote access services. Closing ports and remote services will protect your computer.
Some ports are normally used for certain default protocols such as TCP, UDP, ICMP, and SNMP. HTTP uses port 80. HTTPS is on port 443. FTP uses port 21. These defaults are defined by IANA -- the Internet Assigned Numbers Authority.
Although any protocol can be configured to use any port, most ports are normally used by two protocols: UDP and TCP, both part of TCP/IP. UDP (User Datagram Protocol) is one of the protocols for data transfer, and it runs tasks on the local machine. UDP is a “stateless” or silent protocol in that UDP does not acknowledge packets received. TCP acknowledges packets received and provides error detection. Personal firewalls and proxy servers can block some or all of these ports.
Checking Ports in Win 2K or Win XP
Close any programs that connect to the Internet (IE, AIM, Yahoo Messenger, etc.)
Go to the command prompt and Type "netstat -an" with no quotes. The display shows your computer listening on a few ports but no outbound connections. If dozens or hundreds of things are listed then the PC is infected.
To determine the IP address of the server you have bad ping times to, type "tracert <IP ADDRESS>". or a DNS name. The command looks like "tracert www.techspot.com" This will show ping times at each router hop.
Close Ports WINXP
Close ports 137, 138, 139
Write this command in the command prompt to modify the configuration of the WinXP service control manager.
C:\windows:sc config netbt start= disabled
Close port 445:
Start Registry Editor (Regedit.exe). Locate the following key in the registry: HKLM\System\CurrentControlSet\Services\NetBT\Parameters, --- Option TransportBindName.
Double click that value, and then delete the default value, thus giving it a blank value.
Close the registry editor.
DCOM and Port 135 Win98
DCOM uses Port 135 for transmissions so users who check their ports will find this one open if DCOM is enabled. Only after disabling DCOM in the registry will port 135 be closed with the firewall.
Disabling DCOM alone may not close Port 135 as there are other apps that can force it open.
http://accs-net.com/smallfish/dcom.htm#mdm
Enabling and disabling DCOM msdn.microsoft.com/library/psdk/com/security_8bzh.htm
This MS Library article gives directions for enabling/disabling Dcomcnfg.exe. Disabling DCOM through this interface should change the value of the Registry key.
COM Security FAQ support.microsoft.com/support/kb/articles/Q158/5/08.asp
This FAQ includes directions for enabling/disabling DCOM by editing the Registry.
Caution: Always back up the Windows Registry before making any changes. These changes require a reboot.
1. If HKEY_LOCAL_MACHINE\Software\Microsoft\OLE has the value "EnableDCOM" set to Y change this value to N to disable DCOM.
2. If HKEY_LOCAL_MACHINE\Software\Microsoft\OLE has the value "EnableRemoteConnections" set to Y change it to N to disable DCOM.
Commonly Used Ports by Windows and Unix
7 Echo
Echo servers relay all data received back to their source
17 Quote Of The Day
Random quote of the day
19 Character Generator
'CharGen' servers transmit streams of data as soon as a client connects
20 File Transfer Protocol (FTP) - file transfer
FTP to transfer files
21 File Transfer Protocol (FTP) - control
FTP to allow the client and server to communicate
23 Telnet
Telnet is a simple console-style communications protocol
25 Simple Mail Transfer Protocol (SMTP)
SMTP is the most popular mail transfer protocol on the Internet
43 Whois
Whois servers contain information about IP and DNS addresses
53 Domain Name Server (DNS)
DNS translates IP addresses to more human-readable addresses
80 Hypertext Transfer Protocol (HTTP) web server
HTTP is the protocol used to transfer data on the World Wide Web (WWW)
109 Post Office Protocol (POP)
POP servers allow you to check your email
110 Post Office Protocol (POP3)
The most popular version of POP
113 Ident
Identification protocol, returns info such as system type and username.
119 Network News Transfer Protocol (NNTP)
The protocol used by newsgroups
135 Remote Procedure Call (RPC)
Usually the RPC Locator Service, a registrar for all other RPC services NETBIOS Name Service
Used for local area network address resolution
138 NETBIOS Datagram Service
Used for local area network UDP transfers
139 NETBIOS Session Service
Used for local area network TCP transfers
443 Hypertext Transfer Protocol Secure (HTTPS)
Securely encrypted HTTP web transfer
1080 SOCKS Proxy
A common proxy server
1433 Microsoft SQL Server
Microsoft Structured Query Language server
6667 Internet Relay Chat (IRC)
Internet Relay Chat is a popular text-based chat medium
8080 Proxy
Commonly used as a proxy for web servers
Port Associated with Specific Trojans
From Pest Patrol http://pestpatrol.com/Support/About/PortChecker.exe
Port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
The "Well Known Ports" are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
Port Pests Using This Port
1 TCP R-Desktop
2 TCP R-Desktop
3 TCP R-Desktop
5 TCP Netzwerkchat 2.60
9 TCP Skun
10 TCP Skun
11 TCP NetSlayer
12 TCP Red Horse 0.1, Skun
13 TCP Skun
15 TCP Skun
16 TCP AIM PWS
20 TCP Amanda 2.0, Fictional Daemon 4.4
21 TCP Fore, Funny Trojan, Juggernaut 42
21 TCP Cattivik FTP Server, CyberSpy FTP, DFTPb, Diem's Mutter, Digital Hand, Fictional Daemon 4.4, FTP Trojan Generator, Joker's FTP Server, KCom FTP Server, KWM, Little Witch FTP, Motlv 1.2, Owned FTP 1.0, Paszczus, PSYchoFiles, RemoteHome2000 v1.2b, Skun, Slim FTPd, Snid, Solitaire
22 TCP Habibti, NT Shell 1.0
23 TCP AlphaDog, Autospy, Fictional Daemon 4.4, Hellraider 5.0, Lizards Tail 1.1, Manipulator Light, Prosiak
25 TCP Barrio
25 TCP BSE Trojan
26 TCP ComAnywhere 2.1
28 TCP Amanda 2.0, nt, Rewind FTP Server 1.0
31 TCP Agent40421, Masters Paradise
36 TCP Dizer
38 TCP Lazy Admin
48 TCP Drat
50 TCP Skun
51 TCP F__k Lamers BackDoor
52 TCP Muska52
53 TCP MSN Kamuflao, Muska52, Skun
54 TCP Muska52
66 TCP Al-Bareki, Dark Sill 4.4
69 TCP Pasana
80 TCP AIM Evil Doer, Arsd, ChatSpy, CoreServer, Ehks, Executor, Guptachar, Haan, HTTP RAT, IP Rape 1.0, ItAdEm, IWAnywhere, Nemesis 1.0, NETObserve, NetScreen, R:E:M:O:T:E, Screen Cutter 1.0, ShadowNet Remote Spy 2.0, Snow, SpyAnywhere
81 TCP Espionage, ItEye 2.2, Lizards Tail 1.1, RemoConChubo
82 TCP ItEye 2.2
85 TCP Assassin
87 TCP SSPPYY
88 TCP Deaths Corner, Freak (Freak88), ItEye 2.2
90 TCP GWBoy, ItEye 2.2
99 TCP Puerto Oculto 2.0
100 TCP Back Attack, Manipulator - SPAM Express, nt, Skun
101 TCP Back Attack
102 TCP Back Attack, OICQ Search
103 TCP Back Attack
104 TCP Back Attack, Skun
105 TCP Skun
106 TCP Skun
110 TCP ProAgent
111 TCP Invasion Crash
112 TCP Pest
113 TCP Alicia, ColdLife, Cyn, DataSpy Network X, Ders, Dosh, E-Surveiller, Helios Bot 1.0, Lite-SOCKS, Litmus, Neol, Petala, SBot, Sepro, Speedup
122 TCP Skun
123 TCP AsS4Ss1n Beginner RAT, Chat1, Mini Spy, MyCenter, Propel 1.0
133 TCP Farnaz, ItEye 2.2
135 TCP Dinkdink
136 TCP Rendezvous
142 TCP Net Taxi 1.8
142 TCP NetTaxi 1.8
143 TCP Back Attack, Evasive KeyLog 3.2.6, Infector
146 TCP Intruder
167 TCP SniperNet
170 TCP A-Trojan
171 TCP A-Trojan
178 TCP ItEye 2.2
187 TCP Specrem
200 TCP MBat, Skun
201 TCP One 0.12 beta
202 TCP One 0.12 beta
211 TCP One 0.12 beta
212 TCP One 0.12 beta, Skun
221 TCP Snape
222 UDP Optix
230 TCP Prosiak
290 TCP Skun
299 TCP One 0.12 beta
300 TCP ColdLife
306 TCP Quebus
314 TCP Blaire
345 TCP Cang
370 UDP Optix
401 TCP One 0.12 beta
402 TCP One 0.12 beta
404 TCP Orbit 1.0
416 TCP Mona
438 TCP E-Surveiller
452 TCP OMPN
455 TCP Fatal Connections
456 TCP Backdoor.Daniel, ChatSpy, Hackers Paradise 2.B3
456 UDP Backdoor.Daniel
543 TCP Cang
555 TCP Ini Killer
555 TCP Net Administrator 1.0, Phase Zero
564 TCP Oracle 1.0
567 TCP HRat 1.0
623 TCP RTB666
650 TCP MP Bus
651 TCP MP Bus, Stats
654 TCP HoaVeLu
660 TCP Mini Evangelion
666 TCP Alien Hacker 2.5, Back Construction, Beast, BLA, D86asm, Dark Connection Inside, Dark Sill 4.4, Dimbus 1.0, DXM SMTP Trojan, Enculator, F-Backdoor, Grifin, IP Rape 1.0, Lite-SOCKS, Mad RAT, Plateau Trojan 0.1, Satans Back Door, Slawek_troj 1.0
667 TCP SniperNet
673 TCP Hornet 1.0
680 TCP RTB666
700 TCP REX 0.1 Beta
714 TCP Lizards Tail 1.1
715 TCP Anal Rape 1.0a
717 TCP HLS Heroin Injector 2.0
777 TCP Undetected
777 TCP AIM Spy, CS Trojan for HBT, NetCrack, Radix
778 TCP NetCrack
785 TCP Network Terrorist 1.31
789 TCP AIM Robber
798 TCP Oracle 1.0
800 TCP Game 1.0, Pilot, Prosiak
810 TCP InclinedRoad
820 TCP Devil (Sforever)
831 UDP Optix
890 TCP MultiBot Pro
911 TCP DarkShadow, Dreamscape Keylogger, Dua ti choi
954 TCP HydroLeak beta 1
984 TCP Matite 1.0, Netrunner 2.5
992 TCP Snape
998 TCP ItEye 2.2
1000 TCP Destruktor, Gothic Intruder 1.1, InvisibleEvil 1.1, Nucker
1001 TCP Le Guardien
1001 TCP Anti-Denial, Back Attack, DarkScan 1.0, Gothic Intruder 1.1, Iseekumona, ItEye 2.2, Lula, Near Mohists, NeoArk, One 0.12 beta, Remote Connection, RFM 1.3, Sean, Sk Silencer
1003 TCP Avanzado, Backdoor, DarkScan 1.0
1005 TCP Pest
1006 TCP Remote Desktop
1008 TCP Autospy
1010 TCP Remote GUI 0.92
1011 TCP Arturik 1.0, InclinedRoad
1015 TCP JoTroj 1.0
1024 TCP Remote Administration Tool
1025 TCP Alien Spy
1025 TCP BDDT, DataSpy Network X, Forced Entry Remote System Administration, MeetTheLamer 1.0, Muska52
1025 UDP KiLo, Optix
1026 TCP Mosucker
1026 TCP BDDT, DataSpy Network X, Delta Remote Access, Dosh, Duddie, Remote Explorer, Solaris 1.0
1026 UDP Remote Explorer
1027 TCP DataSpy Network X, Netboy 1.0
1028 TCP DataSpy Network X, Dosh, Gibbon, KiLo
1028 UDP KiLo
1029 TCP KiLo
1030 TCP Gibbon
1033 TCP Dosh, Eurosol 6.0
1034 TCP MSN Log Thief 0.5
1035 TCP Dosh
1036 TCP Ders
1037 TCP Mosucker
1037 TCP Dosh
1038 TCP Barisot, Ders
1039 TCP Dosh
1040 TCP Infiltration 4.6
1041 TCP Dosh
1043 TCP Dosh
1080 TCP W32.Bugbear.B
1080 TCP EvilSocks, Neo City
1081 TCP Schadenfreude 0.1
1088 TCP Intruder by VML
1095 TCP B.F. Evolution
1097 TCP B.F. Evolution, HVL RAT
1098 TCP B.F. Evolution, HVL RAT
1099 TCP B.F. Evolution, HVL RAT
1100 TCP Crazy Evolution 2000
1101 TCP Prosiak
1109 TCP GLSpy
1111 TCP DaoDan, Remote XS, Roach 1.0
1111 UDP DaoDan
1115 TCP Lurker, Protoss
1116 TCP Lurker
1116 UDP Lurker
1119 TCP Ghost 1.0, Shadow32
1122 TCP BlackHole, Last 2000
1122 UDP BlackHole, Last 2000
1133 TCP Fake 0.2
1170 TCP Psyber Streaming Audio Server
1183 TCP Balistix
1187 TCP Specrem
1190 TCP GLSpy
1211 TCP Remote Viewport 0.91, RVC
1212 TCP Kaos, Master (Impactus), Red Horse 0.1, Red-Spy
1214 TCP Remote Control
1215 TCP Force, Remote Control
1216 TCP Remote Control
1217 TCP Remote Control
1218 TCP Schneckenkorn 1.0
1219 TCP Schneckenkorn 1.0
1221 TCP F__k Lamers BackDoor, Spy 2.60
1222 TCP F__k Lamers BackDoor
1225 TCP NetKillx
1229 TCP Harvester
1234 TCP KiLo
1234 TCP CD-ROM Trojan, Fade, NetAmine 4.10.1998, PWD Trojan 2.0, Red Horse 0.1
1243 TCP Hackworld 2.03
1256 TCP RexxRave 1.01
1263 TCP Rewind
1266 TCP Global Killer 1.0, Rewind
1275 TCP Fredisoft 1.1
1300 TCP Shadorium 2.1
1314 TCP DaoDan
1337 TCP RedShell
1337 TCP Joker, RedShell 1.0, RSocks
1354 TCP Skull Burrow
1357 TCP Ramtha 1.1
1386 TCP Dagger
1410 TCP Destruktor
1412 TCP Remote Commands, Remote Control
1415 TCP BlackHole, Last 2000
1441 TCP Remote Storm, Servidor (a)
1480 TCP Remote Hack
1492 TCP FTP 99 Trojan
1529 TCP SkyRat
1530 TCP SkyRat
1533 TCP Back Attack
1560 TCP Duddie
1561 UDP Muska52
1568 TCP Remote Hack
1598 TCP Remote Typer 2.0.0
1600 TCP Direct Connection, Sivka-Burka 0.2b
1601 TCP Direct Connection
1602 TCP Direct Connection
1634 TCP NetCrack
1651 TCP KiLo
1661 TCP Doped 1.0b
1688 TCP AMS
1689 TCP AMS
1700 TCP Fatal Wound 1.0
1784 TCP Snid
1800 TCP Fatal Wound 1.0
1807 TCP SpySender
1826 TCP Glacier
1850 TCP Black Angel
1871 TCP Serial Pager 1.3
1905 TCP Delta Remote Access
1907 TCP Hackboys Trojan
1911 TCP Artic
1941 TCP Hanky Panky
1967 TCP Trojan Generator
1978 TCP Feri d, HideDoor
1979 TCP Glacier
1981 TCP Shockrave
1981 TCP Bowl, Ramtha 1.1, SATAN, Simon, Spion
1982 TCP MagicLink, MagicLink NetPCSpy, Spion
1983 TCP Leszcz 5.50, QTaz, Skyfire Spy 1.09
1984 TCP Leszcz 5.50, Matite 1.0, QTaz
1985 TCP Black Diver, Skun
1986 TCP Akosch, Akosch Uploader, FileHack, Jaros Trojan, Red Horse 0.1, Snurzi
1987 TCP DeadCow, DNS 0.1
1994 TCP Invasion Crash
1999 TCP Akosch, Backdoor, Transmission Scout
2000 TCP A-Trojan, BlackHole, CNK, Evolution, Force, Gothic Intruder 1.1, Insane Network, Last 2000, Messiah, OnTarget, Real2000 Server, Remote Explorer, Ricta 1.0, RSC, Transmission Scout
2000 UDP Gothic Intruder 1.1, Remote Explorer
2001 TCP D.I.R.T., Der Spaeher, Jump Trojan 2.0, Protoss
2002 TCP BlackHole, Ramtha 1.1, Sensive
2004 TCP FileHack
2012 TCP NetControl 2
2023 TCP Ripper Pro
2025 TCP KS Rain 0.01b
2027 TCP Expir, Retard
2040 TCP Jack Trojan, Password
2060 TCP Protoss
2099 TCP DuRPC
2115 TCP Backdoor.Feap
2140 TCP BackLash, DeepThroat, Invasor 1.0, MiniBackLash
2140 UDP Invasor 1.0
2155 TCP Illusion Mailer
2156 TCP Oracle 1.0
2177 TCP Phantom FTP
2183 TCP Fiendish Person 1.1.6
2200 TCP Huey
2208 TCP Screen Control 1.0
2211 TCP Ego, Red Horse 0.1
2213 TCP Screen Control 1.0
2214 TCP Screen Control 1.0
2215 TCP Screen Control 1.0
2216 TCP Screen Control 1.0
2222 TCP DaoDan, H2000, Ramtha 1.1
2299 TCP Back Attack
2300 TCP Pc Xplorer 1.2
2310 TCP Oracle 1.0
2314 TCP ID_2001 1.0
2323 TCP DeskCam
2332 TCP Silent Spy
2337 TCP Hobbit.416
2434 TCP BackLash, MiniBackLash
2444 TCP Earthquake 1.5, Huntergop 1.5, Ramtha 1.1
2485 TCP PiaoYes
2501 TCP Solaris 1.0
2525 TCP Remote Kit
2527 TCP BLHouse
2589 TCP Dagger
2600 TCP Digital Rootbeer
2600 TCP Minicom (CS-Jami)
2601 TCP Minicom (CS-Jami)
2648 TCP OICQ Search
2684 TCP Red-Spy
2685 TCP Red-Spy
2702 TCP Black Diver
2945 TCP Majesty
2983 TCP Breach
2987 TCP Remote VIREUS
3000 TCP Fatal Wound 1.0, InetSpy b1, Remote Shut
3004 TCP Ramtha 1.1
3006 TCP Clandestine
3024 TCP Funny Trojan
3031 TCP Microspy 1.0
3065 TCP Ice Storm Killerz
3100 TCP Brain Wiper 0.3b, Fatal Wound 1.0
3119 TCP Delta Remote Access
3128 TCP Masters Paradise
3128 UDP Masters Paradise
3129 TCP Masters Paradise
3129 UDP Masters Paradise
3150 TCP BackLash, DeepThroat, Invasor 1.0, MiniBackLash
3150 UDP Invasor 1.0
3333 TCP DaoDan, Hanuman Server
3333 UDP DaoDan
3388 TCP Ego
3410 UDP Optix
3418 TCP SpySender
3456 TCP Evolution, Force
3459 TCP Kikbak 0.9, Sphere
3505 TCP Autospy
3527 TCP BLHouse
3539 TCP HRVG 2.0
3547 TCP Amitis
3586 TCP Snid
3600 TCP AmigaAnywhere
3627 TCP KnightSeven 1.0 II
3667 TCP Boss Eye 1.0
3700 TCP Portal Of Doom
3737 TCP Helios
3771 TCP Sin
3800 TCP Eclypse (Del_Armgo)
3996 UDP Remote Anything
3999 UDP Remote Anything
4000 TCP Infiltrator 1.0, Skydance
4000 TCP Neo City
4000 UDP Remote Anything
4004 TCP KBL Uploader
4044 TCP Puddy (b)
4069 TCP Sandpath Remote Control 1.3
4092 TCP Funny Trojan
4128 TCP RedShad 1.01, Shadow Remote 1.4
4128 UDP RedShad 1.01
4141 TCP rada-tat-RAT 1.0
4200 TCP PsyberMind 1.12
4210 TCP NetKey
4211 TCP NetKey
4225 TCP Silent Spy
4242 TCP Virtual Hacking Machine 0.2
4288 TCP Mosucker
4321 TCP Red Horse 0.1
4359 TCP Boiling
4368 TCP Boiling
4420 TCP GHackPro 1.4
4429 TCP Fear and Hope
4430 TCP Fear and Hope
4431 TCP Fear and Hope
4432 TCP Acid Trojan Horse, Black Dream, Fear and Hope
4433 TCP Black Dream, Fear and Hope, Illusion 1.0
4441 TCP Oracle 1.0
4442 TCP Oracle 1.0
4443 TCP Oracle 1.0
4444 TCP AlexMessoMalex Trojan, Avone 2 beta, CrackDown, DaoDan, H2000, Oracle 1.0
4445 TCP Oracle 1.0
4446 TCP Oracle 1.0
4447 TCP Oracle 1.0
4448 TCP Oracle 1.0
4449 TCP Oracle 1.0
4450 TCP Oracle 1.0
4451 TCP Oracle 1.0
4523 TCP Celine
4527 TCP BLHouse
4540 TCP Remote Revise
4545 TCP Internal Revise 1.0, Remote Revise
4563 TCP Mini Spy, Poltergeist
4564 TCP Poltergeist
4565 TCP Poltergeist
4566 TCP Poltergeist
4567 TCP File Nail, Poltergeist, Romort
4666 TCP Mneah Trojan 1.0
4685 TCP BackFire
4820 TCP RBackdoor
4881 TCP AIMVision
4899 TCP Remote Administrator (rat)
4950 TCP ICQ Trojan, Remote PC (Koby)
5000 TCP Blazer 5, Sockets de Troie
5000 TCP Bubbel 1.0, Kamikaze, Ra1d
5001 TCP Pinkle
5005 TCP Aladino
5011 TCP One of The last Trojans, Pc Xplorer 1.2, Peanut Brittle 0.2 Beta, Sneak
5023 TCP Net Metropolitan
5024 TCP Illusion 1.0
5031 TCP Net Metropolitan
5033 TCP Net Metropolitan
5050 TCP R0xr4t
5051 TCP MiniCli
5110 TCP ProRAT
5112 TCP ProRAT
5150 TCP NetEyes 1.0, Pizza
5151 UDP Optix
5152 TCP Institution
5155 TCP Oracle 1.0
5180 TCP Peeper
5188 TCP Srv
5190 TCP PW Thief 1.0
5221 TCP NOSecure
5250 TCP Pizza
5295 TCP Gates of Hell
5296 TCP Gates of Hell
5328 TCP Snow
5333 TCP Backage
5350 TCP Pizza
5377 TCP Iani
5400 TCP Back Construction, Blade Runner, Digital Spy 1.1b
5401 TCP Back Construction, Blade Runner, Digital Spy 1.1b, Mneah Trojan 1.0
5402 TCP Back Construction, Blade Runner, Digital Spy 1.1b, Mneah Trojan 1.0
5419 TCP Eagle Boy
5430 TCP NetAdvance
5447 TCP Alien Spy
5450 TCP Pizza
5512 TCP Illusion Mailer
5527 TCP BLHouse
5550 TCP Pizza
5555 TCP DaoDan, OnTarget, Remod 1.0, Serveme (Brooks Cole), Sonitro
5555 UDP DaoDan
5558 TCP EasyServ
5567 TCP Spook
5650 TCP Pizza
5656 TCP Aqua
5695 TCP Assassin
5697 TCP Assassin
5725 TCP Stang 2.1
5742 TCP Funny Trojan
5790 TCP Ramtha 1.1
5800 TCP OnTarget, RemEye 1.0, Soho Anywhere
5882 UDP Y3K Remote Administration Tool
5885 TCP AIMVision
5887 TCP NetDown 1.0
5888 TCP CIA
5888 UDP Y3K Remote Administration Tool
5889 TCP Y3K Remote Administration Tool
5900 TCP OnTarget, RemEye 1.0, Soho Anywhere
5933 TCP NOSecure
6000 TCP Raven, Remote Anything, Remote Server Trojan, Rewind
6001 TCP Rewind
6006 TCP Medusa Trojan 1.2
6066 TCP Remote Operations
6075 TCP Remote Operations
6167 TCP Evil-X
6200 TCP Deves
6201 TCP Deves
6210 TCP Raza FTP 1.0
6213 TCP Back Attack, Evasive KeyLog 3.2.6
6248 TCP Snake Trojan
6267 TCP Guangwaigirl
6272 TCP Secret Service
6506 TCP Lithium
6521 TCP Oracle 1.0
6655 TCP Aqua
6661 TCP Teman 1.00
6666 TCP Al-Bareki, DaoDan, Dark Sill 4.4, Fatal Wound 1.0, Lame Remote 1.0, NetCat32, Project Mayhem 1.0, Ramtha 1.1
6666 UDP KiLo
6667 TCP Diemirc.c - mIRC 5.7 denial of service exploits, ICQ Page Bomb
6667 TCP KiLo, Net-Devil
6667 UDP KiLo
6668 TCP KrAIMer, Master (Brazil)
6669 TCP Master (Brazil)
6671 TCP BackLash
6677 TCP BDirect 1.0, Exception Manager, Spy Program
6689 TCP Ayan Bilisim 0.1
6697 TCP Force
6701 TCP Netsnooper
6711 TCP Destruktor, Dua ti choi, Invasion Crash, KiLo, Lyb 1.1, NetKey, Sociable
6712 TCP CMJSpy, Lyb 1.1, SpadeAce
6712 UDP KiLo
6713 UDP KiLo
6714 UDP KiLo
6715 UDP KiLo
6718 TCP KiLo
6766 UDP KiLo
6767 TCP KiLo, NT Remote Controller 2000, Pasana, Remote Server Trojan
6767 UDP KiLo
6768 TCP Predator
6789 TCP BlackIce Trojan, Cyberjack
6883 TCP Delta Source
6888 TCP CIA
6891 TCP Force
6912 TCP Shit Heep, Shit-Heep Beta
6939 TCP Indoctrination
6966 TCP Sinister Uploader 1.0
6969 TCP GateCrasher, Priority
6969 TCP Bear & Tiger 1.0, Blue Adeptz, Colour Bugger, Danton, IRC-Hack, Jad 1.1, Khaos 2.1, Kid Terror 1.0, KODorjan, Net Controller, Sparta 1.1
6970 TCP GateCrasher
6970 TCP Colour Bugger, Danton
6971 TCP Danton
6972 TCP Danton
6973 TCP Danton
6974 TCP Danton
7000 TCP Remote Grab
7001 TCP Freak (Freak88)
7007 TCP CoreServer, Silent Spy
7020 TCP H04x3r 1.0
7030 TCP H04x3r 1.0
7070 TCP Luzak
7071 TCP Luzak
7119 TCP Massaker
7158 TCP Loho Boyshik 1.0
7253 TCP Global Patrol 1.31, Near Mohists
7274 TCP Autospy
7290 TCP NOSecure
7291 TCP NOSecure
7359 TCP Ramtha 1.1
7410 TCP Phoenix II
7511 TCP Genue 1.0
7609 TCP Snid
7614 TCP Galaxy trojan
7626 TCP Darksun, Glacier
7673 TCP Neoturk
7676 TCP Neoturk, Recon
7677 TCP Neoturk
7718 TCP Glacier
7721 TCP Cabronator
7722 UDP KiLo
7724 TCP Cabronator
7744 TCP Falling Star
7776 TCP RemoteCtrol 1.1
7777 TCP Tini
7777 TCP Enculator, Jodeitor, Snoopy
7778 TCP Izeburn, PrivatePort 001a
7788 TCP BlackHole, Last 2000
7788 UDP BlackHole, Last 2000
7800 TCP Paltalk trojan
7810 TCP Spook
7823 TCP Amitis
7826 TCP Oblivion
7839 TCP Greek Hackers RAT 1.0
7850 TCP Paltalk trojan
7878 TCP MySocket, Paltalk trojan
7879 TCP Paltalk trojan
7891 TCP David, Revenger 0.2
8000 TCP XConsole beta
8000 TCP SEQRAT 1.0
8008 TCP NetCrack
8012 TCP Ptakks
8012 UDP Ptakks
8080 TCP Cancer 1.0, Hackerz Backdoor, Hupegion, RemoConChubo
8081 TCP Hackerz Backdoor
8090 TCP Aphex's Packet Sniffer
8090 UDP Aphex's Packet Sniffer
8097 TCP Kryptonic Ghost Command
8108 TCP Lyb 1.1
8122 TCP Lyb 1.1
8125 TCP Double Helix
8126 TCP Chonker
8127 TCP Chonker
8127 UDP Chonker
8130 TCP Chonker, DLP
8131 TCP DLP
8181 TCP GetPassword 1.0, Lizards Tail 1.1
8200 TCP HGZ
8201 TCP HGZ
8202 TCP HGZ
8203 TCP HGZ
8204 TCP HGZ
8210 TCP China
8225 TCP HGZ
8255 TCP Pilot
8322 TCP DLP
8329 TCP DLP
8372 TCP Netboy 1.0
8488 UDP KiLo
8489 TCP KiLo
8489 UDP KiLo
8535 TCP Autocrat
8536 TCP Autocrat
8623 TCP BlackShade 1.0
8681 TCP Psycho Derek 2.0
8682 TCP Psycho Derek 2.0
8686 TCP Freak (Hatchet)
8710 TCP FreeGatez
8720 TCP Connection
8732 TCP Kryptonic Ghost Command
8734 TCP Autospy
8745 TCP Oracle 1.0
8746 TCP Oracle 1.0
8787 TCP Freak (Hatchet)
8799 TCP Fun Factory 1.0
8811 TCP Fear 1.5 (a), Sphere, Stability
8812 TCP Mona
8821 TCP Alicia
8888 TCP CrashCool, Dark IRC, PiaoYes, RMF-FM 1.1
8899 TCP KillDientes 1.5, NetHero
8943 TCP ISpyNow
8961 TCP Peers (a)
9000 TCP Netministrator 1.0
9090 TCP Aphex's Packet Sniffer
9329 TCP DLP
9400 TCP InCommand
9401 TCP InCommand
9402 TCP InCommand
9414 TCP NT Hack 1.0, Poison-tipped Arrow
9536 TCP Stealth Port 1.1
9536 TCP Lula
9561 TCP CRAT Pro 1.1
9563 TCP CRAT Pro 1.1
9713 TCP CIA
9777 TCP Satan Cam View 1.0
9778 TCP Satan Cam View 1.0
9800 TCP CIA
9824 TCP Sect 1.0
9870 TCP Remote Computer Control Center
9871 TCP NetVoyeur
9872 TCP Portal Of Doom
9873 TCP Portal Of Doom
9874 TCP Portal Of Doom
9875 TCP Portal Of Doom
9876 TCP Examehell, Raw 1.0 client, Sheep Goat
9877 TCP Small Big Brother 0.2b1
9878 TCP Small Big Brother 0.2b1, Transmission Scout
9879 TCP Small Big Brother 0.2b1
9889 TCP SnakDos
9908 TCP OnTarget
9909 TCP OnTarget
9919 TCP Kryptonic Ghost Command
9986 TCP Matrix Chat
9989 TCP Ini Killer
9999 TCP Forced Entry Remote System Administration, NetControl TakeOver, Oracle 1.0, PowerBot, SpadeAce
10000 TCP NetContrôle 3.0, Opwin Trojan 1.1, Oracle 1.0
10001 TCP DTr, Lula
10002 TCP ItEye 2.2, Lula, Podonok 1.0
10003 TCP Lula
10005 TCP NetContrôle 3.0, Opwin Trojan 1.1
10012 TCP Amanda 2.0
10013 TCP Amanda 2.0
10067 TCP Portal Of Doom
10067 UDP Portal Of Doom
10100 TCP Gift
10167 TCP Portal Of Doom
10167 UDP Portal Of Doom
10168 TCP Mtexer 1.0
10240 TCP Digital Hand
10607 TCP Coma
10666 UDP Ambush 1.0
10887 TCP BDDT
10889 TCP BDDT
11000 TCP Comando
11011 TCP Amanda 2.0
11111 TCP Breach
11111 TCP Stealth 1.0
11223 TCP Secret Agent 1.0
11223 TCP NukeProtecter 1.0
11225 TCP Cyn
11225 UDP Cyn
11264 TCP Remote Control
11660 TCP Back Streets 1.5
11666 TCP H04x3r Telnet Server
11831 TCP BackLash, DarkFace, DataRape, ForcedControl 1.0, Katux Latinus, Latinus (French) 1.0, Qwertos RAT 0.2
12001 TCP Poltergeist
12002 TCP Poltergeist
12003 TCP Poltergeist
12004 TCP Poltergeist
12005 TCP Poltergeist
12007 TCP Poltergeist
12008 TCP Poltergeist
12010 TCP Poltergeist
12016 TCP Poltergeist
12122 TCP Hellz Addiction
12310 TCP Precursor
12321 TCP Cyber Hazard, Protoss, RAT Control Center 1.0
12321 UDP Protoss
12345 TCP JPG Trojan
12345 TCP Acid Head 1.00, Backdoor.Netbus.dr, Blue Ice 2000 C, Fade, Luzak, Michal 5.0, Musdie 1.1, QTaz, Snape
12346 TCP JPG Trojan
12346 TCP Backdoor.Netbus.dr, Luzak, Michal 5.0
12349 TCP Bionet
12369 TCP Prior 1.0
12389 TCP Khe Sanh
12389 UDP Khe Sanh
12478 TCP Backage
12575 TCP MainLine
12623 UDP ButtMan
12624 TCP ButtMan
12701 TCP Eclipse 2000 (Iridium)
12764 TCP Remote Control
12884 TCP Anthena 4.0
12904 TCP Acropolis 1.0
13010 TCP Hacker Brazil
13014 TCP FTPPW 0.1
13079 TCP Kryptonic Ghost Command
13173 TCP Amitis
13401 TCP Exception Manager, Spy Program
13588 TCP Haxial RemoteAdminTool
13603 TCP Postic
13753 TCP Anal FTP, Silver FTP
14036 TCP Postic
14100 TCP Eurosol 6.0
14285 TCP Hell-Driver
14286 TCP Hell-Driver
14554 TCP Let Me Rule!
14728 TCP Zinx-A
15000 TCP NetDemon
15000 TCP In Route To The Hell 1.0, Look Spy
15164 TCP Activity Monitor
15206 UDP KiLo
15207 UDP KiLo
15333 TCP Gold, NetHero
15485 TCP KiLo
15485 UDP KiLo
15486 UDP KiLo
15500 TCP In Route To The Hell 1.0
15512 TCP Iani
15551 TCP In Route To The Hell 1.0
15553 TCP Dewin
15555 TCP IC Manage-IT
15695 TCP Kryptonic Ghost Command
16322 TCP LastDoor 1.0
16484 TCP Mosucker
16514 UDP KiLo
16515 UDP KiLo
16523 TCP Back Streets 1.5
16661 TCP A-311 Death, DFch, NetCrack
16666 TCP Iddono
16712 UDP KiLo
16761 TCP Kryptonic Ghost Command
16999 TCP MSN Log Thief 0.5
17146 TCP Amitis
17166 TCP Mosaic 2.0
17171 TCP Remotecmd 1.0
17499 TCP CrazzyNet
17569 TCP Infector, Intruder
17593 TCP AudioDoor
18713 TCP Hatred-Fiend
18714 TCP Hatred-Fiend
19116 TCP Parasite
19191 TCP Bluefire
19604 TCP Metal Trojan Pro 2.7
19605 TCP Metal Trojan Pro 2.7
19632 TCP Corrupted Lite
19850 TCP Digital Upload Trojan
19851 TCP Digital Upload Trojan
19949 TCP Avone 2 beta
19991 TCP DFch
20000 TCP AIR, Millenium, Predator, PSYchoFiles, Spook
20001 TCP AIR, Insect, Millenium, PSYchoFiles
20002 TCP Acid Kor, PSYchoFiles
20034 TCP Sambus
21009 TCP PiaoYes
21183 TCP RAD
21439 TCP Schedan
21445 TCP Excessive Force
21554 TCP W32/GirlFriend.backdoor.135
21554 TCP GirlFriend, Sensive
21684 TCP Intruse
21691 TCP Momaker
22115 TCP Cyn
22222 TCP Grob, Prosiak, Ruler
22311 TCP ProRAT
22456 TCP Clandestine
22456 TCP BLA
22457 TCP BLA
22554 TCP Anthena 4.0, GirlFriend, GMF Trojan 1.0, Lez Trojan, Ma Petite Amie, NoXcape, Schwindler 1.82, Sensive, Shang 1.5
22784 TCP Intruzzo
23000 TCP Rwins
23001 TCP Rwins
23002 TCP Rwins
23005 TCP Infinaeon, Net trash, NetTrash, Olive, Oxon 1.1, Scorpina 1.7c3
23006 TCP EZ Killa, Infinaeon, Net trash, NetTrash, Olive, Oxon 1.1, Scorpina 1.7c3
23032 TCP Amanda 2.0
23145 TCP REA2
23321 TCP Konik
23444 TCP NetBull
23456 TCP Clandestine
23456 TCP Evil FTP, NetEyes 1.0, Remote Keylogger
23476 TCP Donald Dick
23477 TCP Donald Dick
23762 TCP Lizards Tail 1.1
23777 TCP InetSpy b1
23819 TCP Lithium
24464 TCP Resoil FTP
24759 TCP Zinx-A
25002 TCP CRS-Gate 1.1, Motd
25002 UDP Motd
25123 TCP Goy FTP
25226 TCP Let Me Rule!
25386 TCP MoonPie
25453 TCP NeoUploader
25486 TCP MoonPie
25555 TCP CCCP 1.0
25685 TCP MoonPie
25686 TCP DarkFace, MoonPie
25885 TCP CRS-Gate 1.1, Motd
25982 TCP DarkFace
26097 TCP Let Me Rule!
26274 TCP Delta Source
26744 TCP Paszczus
26745 TCP Paszczus
26746 TCP Paszczus
26747 TCP Paszczus
27027 TCP Breath of Death 1.0
27160 TCP MoonPie
27184 TCP Alvgus, Alvgus Trojan 2000
27184 UDP Alvgus, Alvgus Trojan 2000
27373 TCP Charge
27374 TCP SubSeven
27374 TCP ColdLife
27499 TCP Pornu
27551 TCP Amitis
27878 TCP Kpsule
28034 TCP Invisible Hunter
28072 TCP JustJoke
28218 TCP Oracle 1.0
28384 TCP EZ Killa
28500 TCP Remote Saucer 1.1
28678 TCP Exploiter
29104 TCP NETrojan 1.0, NetTrojan
29559 TCP AntiLamer Backdoor, BackLash, Cyber Hazard, DarkFace, DataRape, DuckToy, ForcedControl 1.0, Iddono, Katux Latinus, Latinus (French) 1.0, Qwertos RAT 0.2, SkyRat
29589 TCP KiLo
29589 UDP KiLo
30000 TCP Barbie, Motalases 1.0
30001 TCP AntiPC, Error32
30003 TCP Lamers Death
30072 TCP Alpha
30100 TCP NetSphere
30101 TCP NetSphere
30102 TCP NetSphere
30331 TCP Muska52
30700 TCP Mantis (Shaban)
30947 TCP Intruse
31145 TCP Frapes
31320 TCP Little Witch
31337 TCP Back Orifice
31337 TCP Freak (Freak88), Igloo
31339 TCP Kiss, NetSpy (DK32)
31339 UDP NetSpy (DK32)
31415 TCP Lithium
31416 TCP Lithium
31416 UDP Lithium
31631 TCP Cleptomaniacos 1.0
32000 TCP BDDT
32100 TCP Project Next Beta Version 0.5.3
32222 TCP Remoter
32418 TCP Acid Battery 1.00
32791 TCP Acropolis 1.0
33156 TCP Poltergeist
33229 TCP Amitis
33291 TCP RemoteHAK
33333 TCP PcShare 2.0, Prosiak
33545 TCP Grob
33600 TCP Lazy Admin
34031 TCP Remote Control System 2.7
34033 TCP Remote Control System 2.7
34312 TCP Backdoor.Cigivip.15.b
34313 TCP Backdoor.Cigivip.15.b
34324 TCP BigGluck
34343 TCP Osiris
34463 TCP ItEye 2.2
36794 TCP W32.Bugbear
36926 TCP Remscan
37237 TCP Mantis (Lythical)
37651 TCP Charge
38742 TCP CyberSpy
39398 TCP BirdSpy 3.0
404022 TCP Modified Masters Paradise
40421 TCP Modified Masters Paradise
40423 TCP Modified Masters Paradise
40999 TCP Diem's Mutter
41626 TCP Shah
41666 TCP Remote Boot Tool 1.0
41666 UDP Remote Boot Tool 1.0
42012 TCP NetControl 2
42400 TCP Jesus Touch 1.5
43192 TCP Socks4 Proxy 1.0
43210 TCP SchoolBus
43720 UDP KiLo
43958 TCP Serv-U
44014 TCP Iani
44014 UDP Iani
44280 TCP Amitis
44390 TCP Amitis
44444 TCP Prosiak
44767 TCP SchoolBus
44767 TCP SchoolBus
45454 TCP Osiris
45654 TCP Little Busters
45672 TCP Let Me Rule!
45673 TCP Acropolis 1.0
47262 TCP Delta Source
47387 TCP Amitis
47698 UDP KiLo
47785 UDP KiLo
47891 TCP AntiLamer Backdoor
47895 TCP Indexer.a
48512 TCP Artic
49683 TCP Fenster
49683 UDP Fenster
49698 UDP KiLo
50000 TCP Starline 2.0 beta
50000 UDP Starline 2.0 beta
50005 TCP MagicLink
50130 TCP Enterprise
50766 TCP Fore
50829 UDP KiLo
51100 TCP ProRAT
51234 TCP Fearless Lite
51540 TCP Pet
51966 TCP Cafeini
51985 TCP Remote Hack
52978 TCP Gspot
53001 TCP Remote VIREUS
54008 TCP Near Mohists
54312 TCP Nova 1.0
54320 TCP MasterU
54321 TCP MasterU, Net Spider 1.0.3, SchoolBus
54896 TCP Omega
55165 TCP Poltergeist
55166 TCP Poltergeist
55178 TCP ItEye 2.2
55555 TCP Annoy Toys, Shadow Phyre
55665 TCP Pinochet
55666 TCP Pinochet
56309 TCP Nuschekrischtoff 1.0
56565 TCP Osiris
57319 TCP Nullbnc
57341 TCP Net Raider
57785 TCP Grob
57922 TCP Bionet
58134 TCP Charge
58343 TCP ProRAT
58850 TCP The Revenger
58886 TCP The Revenger
59090 TCP Mantice 1.0
59211 TCP DuckToy, Iddono
60006 TCP MagicLink
60014 TCP Igloo
60101 TCP MSN Log Thief 0.5
60411 TCP Connection
60412 TCP Connection
60551 TCP R0xr4t
60552 TCP R0xr4t
60666 TCP Basic Hell 1.0
61440 TCP Dynod
61746 UDP KiLo
61747 UDP KiLo
61748 UDP KiLo
62011 TCP DuckToy
62485 TCP Snake Trojan
62884 TCP R.A.S. 2002 1.0
63878 TCP Aphex FTP 1.0
63879 TCP Aphex FTP 1.0
64275 TCP Parasite
64429 TCP Amitis
64666 TCP RMS
65000 TCP Devil
65008 TCP Lanbyte 0.01
65390 TCP Eclypse (Xylo)
65421 TCP Alicia, BlackIce Trojan
65422 TCP Alicia
65505 TCP Spy Software 2.1
65534 TCP RCMD
65535 TCP Bigshot 1.0, Iddono, Rc
[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, USC/Information Sciences Institute, August 1980.
[RFC793] Postel, J., ed., "Transmission Control Protocol - DARPA Internet Program Protocol Specification", STD 7, RFC 793, USC/Information Sciences Institute, September 1981.
[RFC3077] Duros, E., W. Dabbous, H. Izumiyama, N. Fujii, and Y. Zhang, "A Link-Layer Tunneling Mechanism for Unidirectional Links", RFC 3077, March 2001.