Trojan Port List

http://www.anti-trojan.org/port_opened.html

Trojan Port List

HOW YOUR COMPUTER COMMUNICATES WITH THE OUTSIDE WORLD
For your computer to be able to connect to the Internet and surf the web, download information and files, to run software updates and send and receive emails and messages you have to connect to the outside world. You already knew that, so pretty simple so far. Without getting too technical, this connection mechanism in a computer is called an IP Port and most of us are aware that our computers have a unique IP address so that we can receive information across the internet. Because there are a large number of processes that potentially may need to be running simultaneously, the IP (Internet Protocol) system has some 65535 available ports. This may seem like an excessively large number but it ensures that channel conflicts are unlikely to arise particularly as new applications, programs and services continue to evolve, and as each process usually requires at least one unique sending and receiving port for each function and more if you are part of a network. Each port is known by its port number with certain key ports being reserved for particular functions. IANA is the governing body that issues registrations for use of IP ports which are divided into three ranges; Ports 0 to 1023 are known as the Well Known Ports used for the most common functions, Ports 1024 to 49151 designated as Registered Ports and Ports in the range 49152 to 65535 are defined as Dynamic or Private Ports. Network Sorcery's IP Port Assignment page is for the real geeks among you to check out what applications or functions, if any, are allocated to which ports. Actually, it can be a useful reference if a suspicious connection is detected using a certain port and you want to determine if the connection may be part of a valid process.

ANTI-TROJAN.ORG

"It's a dangerous business going out your front door." ~ J. R. R. Tolkien

The Fellowship of the Ring

IP PORT VULNERABILITIES
So an IP port is a gateway from your computer to the outside world and access from the outside world into your computer. These are the city gates to your fortress and someone decided that you needed 65000 of them to guard ! With so many trojans and spyware around and so many doors to get thru it is not difficult to see that at some point in time you may potentially be hacked. If some of your bandwidth ever is hijacked and is being used as a thru-channel to attack other unsuspecting users then the most common symptom will be excessive internet activity that does not appear to correspond to traffic generated by any legitimate processes that you have running. One tool you use to check this quickly is Microsoft's built-in Task Manager, (Control Alt & Delete then select Task Manager). Use the tabs to navigate to see what processes are running and which ones are using your system resources.

1 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

Look at system resources being used and applications running. Check your internet connection Icon and see what the internet send/receive activity levels are after closing all unnecessary programs. Note any suspicious applications for further investigation. If a Trojan does penetrate your Firewall/Scanner security shield and attempts to download some spyware to send information back to the hacker host it will need to open two ports on your machine to do so. IP Ports then are a vulnerability but as any traffic must pass thru these they can also become a detection point with the right monitoring software.

Return to top

USEFUL MONITORING AND DETECTION TOOLS

The following are useful detection tools for determining what processes are accessing the internet from your computer.

Process Explorer V11.21 (FREEWARE)

This utility is like a beefed up Task Manager. Process Explorer can be used to find out program has a particular file or directory open and shows you information about which handles and DLLs processes have opened or loaded. The top display frame of Process Explorer lists all the active processes, including the master application names and the lower frame shows dependant information for any process selected. Another setting identifies what applications are accessing which DLLs, Dynamic Linked Libraries, - mini program directory lists which are accessed by active applications periodically to allow them run on your computer. Process Explorer is compatible with Windows 2000 SP4 and Windows XP.

Fport (FREEWARE)
Fport V2.0 Fport identifies unknown open ports and their associated applications. It reports all open TCP/IP and UDP ports and maps them to the owning application.

2 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

This is the same information you would see using the 'netstat -a' or 'netstat n' commands, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications. Fport is compatible with Windows NT4, Windows 2000 and Windows XP Copyright 2002 (c) by Foundstone, Inc. www.foundstone.com

FreePortScanner V2.7 (FREEWARE)

Free Port Scanner is a small, fast, robust port scanner for the Win32 platform and the display panel is simple but easy to use. Scans can be done in a few seconds and can be on predefined port ranges. This tool uses TCP packets to determine available hosts, open ports and service associated with the port and other important characteristics. Copyright by NSAUDITOR.COM Compatible with Windows2000,WinXP,Windows2003

Return to top

TROJAN PORT ARCHIVE LIST

The following Trojan Port list compiled by Jonathan Read was current circa 2004 before the Trojan/Spyware/Malware explosion. It shows which ports known trojans open to exchange information with the remote hacker host. The information is posted here as an archival list for reference purposes.

Port Protocol Opened Used 1 2 20 UDP TCP TCP

Name of trojan or trojans

Sockets des Troie Death Senna Spy FTP server Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Freddy beta 2 - beta 3, Fore, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash Shaft Fire HacKer, Tiny Telnet Server - TTS, Truva Atl, My Very Own Trojan Ajan, Antigen, Barok, BSE Trojan, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Stukach, Tapiras, Terminator, WinPC, WinSpy Agent 40421 Agent 31, Hackers Paradise, Masters Paradise SubSARI Deep Throat, Foreplay Arctic Trojan D.R.A.T D.R.A.T

21

TCP

22 23

TCP TCP

25

TCP

30 31 39 41 44 48 50

TCP TCP TCP TCP TCP TCP TCP

3 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

58 59 79

TCP TCP TCP

DMSetup DMSetup CDK, Firehotcker

80

711 Beta, Back End, AckCmd (ack), CGI BackDoor, Exector, Hooker, Ring Zero, Web Serve 2, Back End, Back Orifice 2000 Plug-Ins, Cafeini, CGI Backdoor, Executor, God Message, TCP, ACK God Message Creator, Hooker, IISworm, MTX, NCX, Reverse WWW Tunnel Backdoor, RingZero, Seeker, WAN Remote, Web Server CT, WebDownloader

81 99 110 113 119 121 123 133 137 138 139 142 146 170 334 411 420 421 455 456 513 514 531 555 605 666 667 669 692 777 808 911 999

TCP TCP TCP TCP TCP

RemoConChubo Hidden Port, NCX ProMail Invisible Identd Deamon, Kazimas Happy99

TCP, UDP Attack Bot, God Message, JammerKillah (UDP) TCP TCP
NetController Farnaz

TCP, UDP Chode, MSinit (UDP) TCP TCP TCP

Chode Chode, God Message worm, MSinit, Netlog, Network, Qaz NetTaxi

TCP, UDP The infector TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP
A-Trojan Backage Backage Breach, Incognito TCP Wrappers trojan Fatal Connections 2.0 Hackers Paradise 2 beta 3, Masters Paradise 98 beta 2, Masters Paradise 99 beta 9.9d Grlogin RPC Backdoor Net666, Rasmin 711, Ini-Killer, Net Administrator, Phase Zero, Phase-0, Stealth Spy Secret Service Attack FTP, Back Construction, BLA trojan, Cain & Abel, NokNok, Satans Back Door, ServU, ShadowPhyre, th3r1pp3rz SniperNet DP trojan GayOL AimSpy, Undetected WinHole

TCP, UDP DarkShadow's trojan TCP, UDP Deep Throat, Foreplay, WinSatan

4 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

1000 1001 1010 1011 1012 1015 1016 1020 1024 1025 1031 1035 1042 1045 1050 1053 1054 1066 1080 1081 1082 1083 1090 1095 1097 1098 1099 1104 1150 1151 1170 1200 1201 1207 1208 1212 1234 1243 1245 1255 1256 1269 1272

TCP TCP TCP TCP TCP TCP TCP TCP TCP

DerSpaeher, Direct Connection DerSpaeher, Le Guardien, SK Silencer, WebEx Doly Doly Doly Doly Doly Vampire Latinus 1.0, Latinus 1.2, NetSpy, Jade Fraggle Rock, NetSpy, Remote Storm (TCP and Xanadu Multidropper BLA Rasmin MiniCommand Thief AckCmd B.F. Evolution WinHole WinHole WinHole WinHole Xtreme Remote Administration Tool Remote Administration Tool Remote Administration Tool B.F.Evolution RexxRave Orion Orion Psyber Stream Server, Streaming Audio Server, VoiceDLL NoBackO NoBackO SoftWAR Infector Kaos Ultor's Telnet Trojan, SubSeven Java client SubSeven, SubSeven, Tiles Voodoo Doll Scarab Project nEXT Mavericks Matrix The Matrix

TCP, UDP UDP) TCP TCP TCP TCP TCP TCP ACK TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP UDP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP

5 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

1313 1338 1349 1386 1394 1441 1492 1524 1568 1600 1703 1777 1807 1966 1967 1969 1981 1991 1999 2000 2001 2023 2080 2115 2130 2140 2155 2255 2283 2300 2311 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2345

TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP UDP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP

NETrojan Millenium Worm Back Orifice DLL Dagger Gofriller Remote Storm FTP99cmp Trinoo (DDoS) Remote Hack Direct Connection, Shivka-Burka Exploiter Scarab Spy Sender Fake FTP F.Y.E.O, WM FTP Server OpC Back orifice Bowl 1.0, ShockRave Pitfall BackDoor, Transmission Scout DerSpaeher, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan Generator DerSpaeher, Trojan Cow Ripper Pro WinHole Bugs Mini Backlash Invasor, Deep Throat, Foreplay Illusion Mailer Nirvana Hvl RAT Xplorer Studio 54 Contact Contact Contact Contact Contact Contact Contact Contact Contact

TCP, UDP Voice Spy TCP

Doly

6 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

2565 2583 2589 2600 2716 2773 2774 2801 2989 3000 3024 3031 3128 3129 3131 3150 3456 3457 3459 3700 3777 3791 3801 4000 4092 4201 4242 4321 4444 4488 4567 4590 4653 4666 4950 5000 5001 5002 5010 5011 5025 5031 5032

TCP TCP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP

Striker WinCrash Dagger Digital Root beer The Prayer Subseven Subseven Phineas Phucker R.A.T. InetSpy beta 1, Remote Shut WinCrash Microspy Reverse WWW Tunnel Backdoor, RingZero Masters Paradise SubSARI Invasor, Mini BackLash, Deep Throat, Foreplay Terror trojan P.E.T Eclipse 2000, Sanctuary Portal of Doom Psychward Total Solar Eclypse Total Solar Eclypse Skydance WinCrash WarTrojan Virtual Hacking Machine Bobo CrackDown, Prosiak, Swift Remote Event Horizon File Nail ICQ Trojan Cero Mneah Trojan ICQ Trojan BioNet lite, Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie Back Door Setup, Sockets des Troie cd00r, Shaft Solo One of the last trojans WM Remote Keylogger Net Metropolitan Net Metropolitan

7 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

5321 5333 5343 5400 5401 5402 5512 5534 5550 5555 5556 5557 5569 5637 5638 5742 5880 5882 5888 5889 6000 6006 6272 6400 6661 6666 6667 6669 6670 6711 6712 6713 6723 6771 6776 6838 6883 6912 6939 6969 6970 7000

TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP

Firehotcker Backage, NetDemon wCrat Back Construction, Blade Runner Back Construction, Blade Runner, Mneah Trojan Back Construction, Blade Runner, Mneah Trojan Illusion Mailer THE FLU Xtcp ServeMe BO Facil BO Facil Robo Hack PC Crasher PC Crasher WinCrash Y3K

TCP, UDP Y3K TCP, UDP Y3K TCP, UDP Y3K TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP
tHing Bad Blood Secret Service tHing TEMan, Weia-Meia Dark Connection Inside, NetBus worm Dark FTP, ScheduleAgent, Subseven, Trinity, WinSatan Host Control, Vampire BackWeb Server, Deep Throat, Foreplay, WinNuke eXtreame SubSARI, SubSeven, VP Killer Funny Trojan, Subseven Subseven Mstream Deep Throat, Foreplay 2000 Cracks, Subseven, VP Killer Mstream (DDoS) DELTA Source ShitHeep Indoctrination Gatecrasher, IRC 3, Net Controller, Priority Gatecrasher Remote Grab

8 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

7001 7215 7300 7301 7306 7307 7308 7424 7626 7777 8080 8787 8988 8989 9000 9325 9400 9872 9873 9874 9875 9878 9989 9999 10067 10085 10086 10100 10101 10167 10520 10528 10607 10666 11000 11050 11051 11223 12076 12223 12310 12345

TCP TCP TCP TCP TCP TCP TCP

Freak88, Freak2k (DDoS) Subseven Net Monitor Net Monitor Net Monitor Net Monitor Net Monitor

TCP, UDP Host Control TCP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP UDP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP TCP
Glacier God Message, Tini Brown Orifice, RemoConChubo, Reverse WWW Tunnel Backdoor, Ring Zero BO2K Back Hack Rcon, Recon, Xcon Netministrator Mstream Incommand Portal of Doom Portal of Doom Portal of Doom Cyber Attacker, RUX Trans scout INI Killer Prayer Portal of Doom Syphilis Syphilis Control total beta 4, Gift BrainSpy Beta, Silencer Portal of Doom Acid Shivers Host Control COMA Ambush 1.0 Senna SPY Host Control Host Control Progenic trojan, Secret Agent Gjamer Hack99 KeyLogger Precursor Ashley, Fat Bitch trojan, Gabanbus, Mypic, Netbus, Netbus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill, ValV-N.E.t

9 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

12346 12349 12361 12362 12623 12624 12631 12754 13000 13010 13013 13014 13223 13473 14500 14501 14502 14503 15000 15092 15104 15382 15858 16484 16660 16772 16959 16969 17166 17300 17449 17499 17500 17569 17593 17777 18753 19864 20000 20001 20002 20005

TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP

Fat Bitch trojan, Gabanbus, Mypic, Netbus, Netbus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill, ValV-N.E.t Bionet Whack-a-Mole Whack-a-Mole DUN Control ButtMan Whack job Mstream (DDoS) Senna SPY HBR (Hacker Brazil) Psychward Psychward Hack99 KeyLogger Chupacabra PC Invader PC Invader PC Invader PC Invader NetDemon Host Control Mstream (DDoS) SubZERO CDK MoSucker Stacheldraht (DDoS) ICQ Revenge Subseven Priority Mosaic Kuang 2 the Virus Kid Terror CrazzyNet CrazzyNet The Infector AudioDoor Nephron SHAFT ICQ Revenge Millenium Insect, Millenium, Millenium (Lm) AcidkoR MoSucker

10 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

20023 20034 20203 20331 20432 20433 21544 21554 22222 23005 23006 23023 23032 23432 23456 23476 23477 23777 24000 25123 25685 25686 25982 26274 26681 27160 27374 27444 27573 27665 28678 29104 29891 30000 30001 30003 30029 30070 30101 30102 30103 30133

TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP

VP Killer NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whack Job Chupacabra BLA Shaft Shaft Girlfriend, Exploiter, Freddy, Kid Terror, Maverick's Matrix Exploiter, Kid Terror, Schwindler, Winsp00fer Donald Dick, Prosiak, Ruler, RUX The TIc.K Nettrash Nettrash Logged Amanda Asylum Evil FTP, Ugly FTP, Whack Job

TCP, UDP Donald Dick TCP TCP TCP TCP TCP TCP TCP UDP TCP TCP TCP UDP TCP TCP TCP TCP UDP TCP TCP TCP TCP TCP TCP TCP
Donald Dick InetSpy beta 1 The Infector Goy'Z Trojan Moonpie Moonpie Moonpie Delta Source Voice Spy Moonpie Bad Blood, Ramen, Seeker, Subseven, Ttfloader TRINOO (DDoS) Subseven TRINOO (DDoS) Exploiter NETrojan The Unexplained Infector ? Err0r32 Lamers Death AOL Trojan Mantis (shaban) NetSphere NetSphere

TCP, UDP NetSphere TCP

NetSphere

11 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

30303 30947 30999 31335 31336 31337 31338 31339 31557 31666 31785 31787 31788 31789 31790 31791 31792 32001 32100 32418 33270 33333 33577 33777 33911 34324 34444 34555 35555 37237 37651 40412 40421 40422 40423 40425 40426 41337 41666 44444 44575 47262

TCP TCP TCP TCP

Sockets des Troie Intruse Kuang2 Trinoo

TCP, UDP Bo Whack, Butt Funnel TCP, UDP BO Facil, BO spy, BO2, Freak88, Freak2k TCP, UDP DK NetSpy, Deep BO TCP, UDP NetSpy (DK) TCP TCP
Xanadu Bowhack Back Fire, Back Orifice, Baron Night, Beeone,

TCP, UDP Hack'a'Tack TCP, UDP Hack'a'Tack TCP, UDP Hack'a'Tack TCP, UDP Hack'a'Tack TCP, UDP Hack'a'Tack UDP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP UDP UDP TCP TCP TCP TCP TCP TCP TCP TCP TCP
Hack'a'Tack Hack'a'Tack Donald Dick Peanut Brittle, Project nEXT Acid Battery Trinity (DDoS) Blakharaz, Prosiak Son of Psychward Son of Psychward Spirit 2000, Spirit 2001 Big Gluck, TN Donald Dick WINTrinoo (DDoS) WINTrinoo (DDoS) Mantis Y.A.T. The Spy Beta 1 Agent 40421, Masters Paradise Masters Paradise Masters Paradise Masters Paradise Masters Paradise Storm

TCP, UDP Remote Boot Tool TCP TCP

Prosiak Exploiter

TCP, UDP Delta source

12 of 13

8/19/2013 6:32 AM

Trojan Port List

http://www.anti-trojan.org/port_opened.html

48004 48006 49000 49301 50000 50130 50505 50766 51966 52317 53001 54283 54320 54321 55165 55166 57341 58339 60000 60001 60068 60411 61348 61466 61603 63485 64101 65000 65390 65421 65432 65530 65535

TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP

Fraggle Rock Fraggle Rock Fraggle Rock OnLine KeyLogger SubSARI Enterprise Sockets des Troie Fore, Schwindler CAFEiNi Acid Battery 2000 Remote Windows Shutdown SubSeven BO2K BO2K, SchoolBus File Manager Trojan File Manager Trojan, WM Trojan Generator NetRaider Butt Funnel Deep Throat, Foreplay, Sockets des Troie Trinity (DDoS) Xzip 6000068 Connection Bunker Hill Telecommando Bunker Hill Bunker Hill Taskman Devil, Sockets des Troie, Stacheldraht (DDoS) Eclypse Jade

TCP, UDP Traitor TCP TCP

Windows Mite RC
copyright 2001 anti-trojan.org

Return to top

Home

What is a Trojan?

Adware ? Spyware ? Trojan ? Virus ?

Protection & Control Have I got a Trojan? Help Ive been Hacked Hoaxes anti-trojan.org Disclaimer Phishing Scams Why target me ? Trojan Port List FAQ Rogue Software Contact Us

Trojan Archives 10 Simple Anti-Trojan Rules Technical Assistance Forums Software Downloads

Software Reviews

Link to Us

Internet Security Sites

About Anti-Trojan.org Other Helpful Stuff Recommended Reading Disclaimer

13 of 13

8/19/2013 6:32 AM