TCP 5 = Remote Job Entry, Yoyo
TCP 7TCP 1 = TCP Port Service Multiplexer
TCP 2 = Death
TCP 11 = SKUN
TCP 12 = BOMBER
TCP 16 = SKUN
TCP 17 = SKUN
TCP 18 = Message Transfer Protocol, SKUN
TCP 19 = SKUN
TCP 20 = FTP Data, Amanda
TCP 21 = File Transport, Back Construction, Blade Runner, Doly Trojan, Fore, FTP Trojan, Invisible FTP, Larva, WebEx, WinCrash
TCP 22 = remote login protocol
TCP 23 = Remote Login (Telnet), Tiny Telnet Server (= TTS)
TCP 25 = Email (SMTP), AJAN, Antigen, Email Password Sender, Happy 99, Kuang2, Promail Trojan, Shtrilitz, Stealth, Tapiras, Terminator, Winpc, Winspy, Haebu CoCeda
TCP 27 = Assasin
TCP 28 = Amanda
TCP 29 = MSG ICP
TCP 30 = Agent 40421
TCP 31 = Agent 31, Hackers Paradise, MasterS Paradise, Agent 40421
TCP 37 = TIME, ADM WORM
TCP 39 = SUBSARI
TCP 41 = Deepthroat, Foreplay
TCP 42 = Host Name Server
TCP 43 = WHOIS
TCP 44 = Arctic
TCP 48 = Drat
TCP 49 = Host login protocol
TCP 50 = Drat
TCP 51 = fuck Lamers Backdoor
TCP 52 = Muska52, SKUN
TCP 53 = DNS, BONK (DOS EXPLOIT)
TCP 54 = Muska52
TCP 58 = DMSETUP
TCP 59 = DMSETUP
TCP 66 = Al-Bareki
TCP 69 = W32. Evala.worm, Backgate Kit, Nimda, Pasana, Storm, Storm
Worm, theef
TCP 70 = Gopher service, ADM WORM
TCP 79 = User Query (Firehotcker, ADM WORM
TCP 80 = Hypertext Server (HTTP), Executor, Ringzero
TCP 81 = ChUBO
TCP 99 = Hidden Port
TCP 108 = SNA Gateway Access Server
TCP 109 = POP2
TCP 110 = Email (POP3), Promail
TCP 113 = Kazimas, Auther IDNet
TCP 115 = Simple File Transfer Protocol
TCP 118 = SQL SERVICES, Infector 1.4.2
TCP 119 = NewsGroup (NNTP), Happy 99
TCP 121 = Jammerkiller, Bo Jammerkillah
TCP 129 = Password Generator Protocol
TCP 123 = NET Controller
TCP 133 = Infector 1.x
TCP 135 = Netbios Remote Procedure Call
TCP 137 = NetBIOS Name (DOS Attacks) TCP 138 = NetBIOS DataGram
TCP 139 = NetBIOS Session (DOS Attacks)
TCP 143 = IMAP
TCP 146 = FC Infector, Infector
TCP 150 = Netbios Session Service
TCP 156 = SQL server
TCP 161 = SNMP
TCP 162 = SNMP-TRAP
TCP 170 = A-TROJAN
TCP 179 = Border Gateway Protocol (BGP)
TCP 190 = Gateway Access Control Protocol (GACP)
TCP 194 = IRC
TCP 197 = Directory Location Service (DLS)
TCP 256 = Nirvana
TCP 315 = The Invasor
TCP 389 = Lightweight Directory Access Protocol (LDAP)
TCP 396 = Novell NetWare Over IP
TCP 420 = BREACH
TCP 421 = TCP Wrappers
TCP 443 = Secure Service
TCP 444 = SIMPLE NetWork Paging Protocol (SNPP)
TCP 445 = Microsoft-DS
TCP 456 = HACKERS Paradise, FuseSpark
TCP 458 = Apple QuickTime
TCP 531 = Rasmin
TCP 546 = DHCP Client
TCP 547 = DHCP Server
TCP 555 = Ini-Killer, Phase Zero, Stealth Spy
TCP 569 = MSN
TCP 605 = SECRETSERVICE
TCP 606 = Noknok8
TCP 661 = Noknok8
TCP 666 = Attack FTP, Satanz Backdoor, Back Construction, Dark Connection
INSIDE 1.2
TCP 667 = NokNok7.2
TCP 668 = Noknok6
TCP 692 = GAYOL
TCP 777 = AIM SPY
TCP 808 = RemoteControl, Winhole
TCP 815 = Everyone Darling
TCP 901 = Backdoor.devil
TCP 911 = DARK Shadow
TCP 999 = Deepthroat
TCP 1000 = DER SPAEHER
TCP 1001 = Silencer, WebEx, Der Spaeher
TCP 1003 = Backdoor
TCP 1010 = DOLY
TCP 1011 = DOLY
TCP 1012 = DOLY
TCP 1015 = DOLY
TCP 1020 = Vampire
TCP 1024 = Netspy.698 (YAI)
TCP 1025 = Netspy.698
TCP 1033 = NETSPY
TCP 1042 = BLA
TCP 1045 = rasmin
TCP 1047 = GATCRASHER
TCP 1050 = minicommand
TCP 1080 = Wingate, Worm.BugBear.b
TCP 1090 = Xtreme, vDolive
TCP 1095 = RAT
TCP 1097 = RAT
TCP 1098 = RAT
TCP 1099 = RAT
TCP 1111 = Backdoor.aimvisionTCP 1170 = Psyber Stream Server, Streaming Audio Trojan, Voice
TCP 1200 = NOBACKO
TCP 1201 = NOBACKO
TCP 1207 = Softwar
TCP 1212 = Nirvana, Visul Killer
TCP 1234 = Ultors
TCP 1243 = Backdoor -g, Subseven, Subseven apocalypse
TCP 1245 = VOODOO DOLL
TCP 1269 = MAVERICKS MATRIX
TCP 1313 = Nirvana
TCP 1349 = BONET
TCP 1441 = Remote Storm
TCP 1492 = ftp99cmp (backoriffE.ftp)
TCP 1509 = psyber streaming server
TCP 1600 = Shivka-Burka
TCP 1703 = EXLOITER 1.1
TCP 1807 = SpySender
TCP 1966 = FAKE FTP 2000
TCP 1976 = Custom Port
TCP 1981 = shockrave
TCP 1999 = Backdoor, TransScout
TCP 2000 = DER SPAEHER, INSANE NETWORK
TCP 2001 = Transmisson Scout
TCP 2002 = Transmisson Scout
TCP 2003 = Transmisson Scout
TCP 2004 = Transmisson SCOUT
TCP 2005 = TTRANSMISSON SCOUT
TCP 2023 = Ripper, Pass Ripper, Hack City Ripper Pro
TCP 2115 = BUGS
TCP 2121 = Nirvana
TCP 2140 = Deep Throat, THE INVASOR
TCP 2155 = Nirvana
TCP 2208 = RUX
TCP 2255 = Illusion MAILER
TCP 2283 = HVL RAT5
TCP 2300 = PC Explorer
TCP 2311 = Studio54
TCP 2565 = Striker
TCP 2583 = WinCrash
TCP 2600 = Digital rootbeer
TCP 2716 = PRAYER TROJAN
TCP 2801 = PhineAS Phucker
TCP 2989 = RAT
TCP 3024 = WinCrash Trojan
TCP 3128 = Ringzero
TCP 3129 = MASTERS PARADISE
TCP 3150 = Deep Throat, The Invasor
TCP 3210 = SCHOOLBUS
TCP 3456 = TERROR
TCP 3459 = ECLIPSE 2000
TCP 3700 = Portal of Doom
TCP 3791 = ECLYPSE
TCP 3801 = ECLYPSE
TCP 4000 = Tencent QQ client
TCP 4092 = WinCrash
TCP 4242 = VHM
TCP 4321 = BOBO
TCP 4444 = Prosiak, SWIFT Remote
TCP 4500 = w32.hllw.tufas
TCP 4567 = File Nail
TCP 4590 = ICQTROJANTCP 4950 = ICQTROJAN
TCP 5000 = WindowsXP Server, Blazer 5, Bubbel, Back Door Setup, Sockets de Troie
TCP 5001 = Back Door Setup, Sockets de Troie
TCP 5011 = One of the last Trojans (OOTLT)
TCP 5031 = Firehotcker, Metropolitan, Netmetro
TCP 5032 = MetropoliTan
TCP 5190 = ICQ Query
TCP 5321 = Firehotcker
TCP 5333 = Backage Trojan Box 3
TCP 5343 = WCRAT
TCP 5400 = Blade Runner, Backconstruction1.2
TCP 5401 = Blade Runner, Back Construction
TCP 5402 = Blade Runner, Back Construction
TCP 5471 = WinCrash
TCP 5521 = Illusion MAILER
TCP 5550 = XTCP, INSANE NETWORK
TCP 5555 = Serveme
TCP 5556 = BO Facil
TCP 5557 = BO Facil
TCP 5569 = ROBO-HACK
TCP 5598 = Backdoor 2.03
TCP 5631 = PCANYWHERE DATA
TCP 5637 = PC CRASHER
TCP 5638 = PC CRASHER
TCP 5698 = Backdoor
TCP 5714 = WinCrash3
TCP 5741 = WinCrash3
TCP 5742 = WinCrash
TCP 5881 = Y3K RAT
TCP 5882 = Y3K RAT
TCP 5888 = Y3K RAT
TCP 5889 = Y3K RAT
TCP 5900 = WinVNC, Huaxun VGA Broadcast Server
TCP 6000 = backdoor.ab
TCP 6006 = Noknok8
TCP 6272 = SECRETSERVICE
TCP 6267 = Guangxiang girl
TCP 6400 = Backdoor.ab, The Thing
TCP 6500 = Devil 1.03
TCP 6661 = Teman
TCP 6666 = TCPSHELL.C
TCP 6667 = NT Remote Control, Huaxun video receiving port
TCP 6668 = Huaxun video broadcast server
TCP 6669 = VAMPYRE
TCP 6670 = Deepthroat
TCP 6711 = SUBSEVEN
TCP 6712 = SUBSEVEN1.X
TCP 6713 = SUBSEVEN
TCP 6723 = MSTREAM
TCP 6767 = NT Remote Control
TCP 6771 = Deepthroat
TCP 6776 = Backdoor-G, Subseven, 2000 CRCKS
TCP 6789 = Doly Trojan
TCP 6838 = MSTREAM
TCP 6883 = DELTASOURCE
TCP 6912 = Shit Heep
TCP 6939 = IndocTrination
TCP 6969 = Gatecrasher, Priority, IRC 3
TCP 6970 = GATCRASHER
TCP 7000 = Remote Grab, NetMonitor, Subseven1.xtcp 7001 =Freak88
TCP 7201 = NetMonitor
TCP 7215 = Backdoor-g, Subseven
TCP 7001 = FREAK88, FREAK2K
TCP 7300 = NETMONITOR
TCP 7301 = NetMonitor
TCP 7306 = NetMonitor
TCP 7307 = NETMONITOR, Procspy
TCP 7308 = NetMonitor, X SPY
TCP 7323 = SYGATE server side
TCP 7424 = Host Control
TCP 7597 = QAZ
TCP 7609 = SNID X2
TCP 7626 = Ice
TCP 7777 = The Thing
TCP 7789 = Back Door Setup, ICQKiller
TCP 7983 = MSTREAM
TCP 8000 = XDMA, Tencent OICQ server side
TCP 8010 = Logfile
TCP 8080 = WWW Agent, Ring Zero, Chubo
TCP 8520 = w32.soCay.Worm
TCP 8787 = Backofrice 2000
TCP 8897 = Hack Office, ARMAGEDDON
TCP 8989 = Recon
TCP 9000 = NETMINISTRATOR
TCP 9325 = MSTREAM
TCP 9400 = Incommman
TCP 9401 = Incommman
TCP 9402 = incmman
TCP 9872 = Portal of Doom
TCP 9873 = Portal of Doom
TCP 9874 = Portal of Doom
TCP 9875 = Portal of Doom
TCP 9876 = Cyber Attacker
TCP 9878 = Transscout
TCP 9989 = Ini-Killer
TCP 9999 = PRAYER TROJAN
TCP 10067 = Portal of Doom
TCP 10084 = Syphillis
TCP 10085 = Syphillis
TCP 10086 = Syphillis
TCP 10101 = BRAINSPY
TCP 10167 = Portal of Doom
TCP 10168 = Worm.SupNot.78858.c
TCP 10520 = ACID Shivers
TCP 10607 = Coma Trojan
TCP 10666 = AMBUSH
TCP 11000 = SENNA SPY
TCP 11050 = Host Control
TCP 11051 = Host Control
TCP 11223 = Progenic, Hack '99keylogger
TCP 11831 = TROJ_LATINUS.SVR
TCP 12076 = gjamer, MSH.104B
TCP 12223 = HACK? 9 Keylogger
TCP 12345 = Gabanbus, Netbus, Pie Bill Gates, X-Bill
TCP 12346 = Gabanbus, Netbus, X-Bill
TCP 12349 = BONET
TCP 12361 = WHACK-A-MOLE
TCP 12362 = WHACK-A-MOLE
TCP 12378 = W32 / GIBE @ mm
TCP 12456 = NetBustcp 12623 = Dun Control
TCP 12624 = Buttman
TCP 12631 = WHACKJOB, WHACKJOB.NB1.7
TCP 12701 = Eclipse2000
TCP 12754 = MSTREAM
TCP 13000 = SENNA SPY
TCP 13010 = HACKER BRAZIL
TCP 13013 = psychward
TCP 13700 = Kuang2 the Virus
TCP 14456 = SOLERO
TCP 14500 = PC Invader
TCP 14501 = PC Invader
TCP 14502 = PC INVADER
TCP 14503 = PC Invader
TCP 15000 = NetDaemon 1.0
TCP 15092 = Host Control
TCP 15104 = MSTREAM
TCP 16484 = MOSUCKER
TCP 16660 = StacheLDraht (DDoS)
TCP 16772 = ICQ REVENGE
TCP 16969 = priority
TCP 17166 = MOSAIC
TCP 17300 = Kuang2 the Virus
TCP 17490 = CRAZYNET
TCP 17500 = Crazynet
TCP 17569 = Infector 1.4.x 1.6.x
TCP 17777 = nephron
TCP 18753 = Shaf (DDoS)
TCP 19864 = ICQ REVENGE
TCP 20000 = Millennium II (GRILFRIEND)
TCP 20001 = Millennium II (GRILFRIEND)
TCP 20002 = ACIDKOR
TCP 20034 = Netbus 2 Pro
TCP 20203 = Logged, Chupacabra
TCP 20331 = Blas
TCP 20432 = Shaf (DDoS)
TCP 21544 = Schwindler 1.82, Girlfriend
TCP 21554 = Schwindler 1.82, Girlfriend, EXLOITER 1.0.1.2
TCP 22222 = Prosiak, RUX UPLOADER 2.0
TCP 22784 = Backdoor.Intruzzo
TCP 23432 = asylum 0.1.3
TCP 23456 = Evil FTP, UGLY FTP, WHACKJOB
TCP 23476 = DONALD DICK
TCP 23477 = DONALD DICK
TCP 23777 = INET SPY
TCP 26274 = DELTA
TCP 26681 = SPY Voice
TCP 27374 = Sub Seven 2.0 , Backdoor.baste
TCP 27444 = TRIBAL FLOOD NETWORK, TRINOO
TCP 27665 = TRIBAL FLOOD NETWORK, TRINOO
TCP 29431 = Hack Attack
TCP 29432 = Hack Attack
TCP 29104 = Host Control
TCP 29559 = TROJ_LATINUS.SVR
TCP 29891 = THE UNEXPLAINED
TCP 30001 = TERR0R32
TCP 30003 = Death, Lamers Death
TCP 30029 = aol Trojantcp 30100 = NetSphere 1.27A, NetSphere 1.31
TCP 30101 = NetSphere 1.31, NetSphere 1.27A
TCP 30102 = NetSphere 1.27A, NetSphere 1.31
TCP 30103 = NetSphere 1.31
TCP NetSphere Final
TCP 30303 = Sockets de Troie
TCP 30947 = Intrus
TCP 30999 = Kuang2
TCP 21335 = TRIBAL FLOOD NETWORK, TRINOO
TCP 31336 = bo WHACK
TCP 31337 = Baron Night, Bo Client, Bo2, Bo Facil, Backfire, Back Orific, Deepbo, Freak2k, Netspy
TCP 31338 = NETSPY, BACK Orific, Deepbo
TCP 31339 = NETSPY DK
TCP 31554 = SCHWINDLER
TCP 31666 = Bowhack
TCP 31778 = Hack Attack
TCP 31785 = Hack Attack
TCP 31787 = Hack Attack
TCP 31789 = Hack Attack
TCP 31791 = Hack Attack
TCP 31792 = Hack Attack
TCP 32100 = peanutbrittle
TCP 32418 = ACID BATTERY
TCP 33333 = Prosiak, Blakharaz 1.0
TCP 33577 = SON OF PSYCHWARD
TCP 33777 = SON OF PSYCHWARD
TCP 33911 = Spirit 2001A
TCP 34324 = Biggluck, TN, TINY TELNET Server
TCP 34555 = trin00 (Windows) (DDoS)
TCP 35555 = trin00 (Windows) (DDoS)
TCP 36794 = Worm.BugBear-a
TCP 37651 = YAT
TCP 40412 = the spy
TCP 40421 = Agent 40421, Masters Paradise.96
TCP 40422 = MASTERS PARADISE
TCP 40423 = MASTERS Paradise.97
TCP 40425 = MASTERS PARADISE
TCP 40426 = MASTERS Paradise 3.x
TCP 41666 = Remote boot
TCP 43210 = SCHOOLBUS 1.6 / 2.0
TCP 44444 = Delta Source
TCP 47252 = Prosiak
TCP 47262 = DELTA
TCP 47878 = BIRDSPY2
TCP 49301 = Online Keylogger
TCP 50505 = Sockets de Troie
TCP 50766 = Fore, SCHWINDLER
TCP 51966 = cafeini
TCP 53001 = Remote Windows Shutdown
TCP 53217 = ACID BATTERY 2000
TCP 54283 = Back Door-g, SUB7
TCP 54320 = BACK OrificE 2000, Sheep
TCP 54321 = School Bus .69-1.11, Sheep, Bo2ktcp 57341 = Netraider
TCP 58008 = Backdoor.tron
TCP 58009 = Backdoor.tron
TCP 58339 = Buttfunnel
TCP 59211 = backdoor.ducktoy
TCP 60000 = Deep Throat
TCP 60068 = xzip 6000068
TCP 60411 = Connection
TCP 60606 = TROJ_BCKDOR.G2.A
TCP 61466 = Telecommando
TCP 61603 = Bunker-Kill
TCP 63485 = Bunker-Kill
TCP 65000 = Devil, DDOS
TCP 65432 = TH3TR41T0R, THE TRAITOR
TCP 65530 = TROJ_WINMITE.10
TCP 65535 = RC, Adore WORM / Linux
TCP 69123 = shitheep
TCP 88798 = Armageddon, Hack Office
UDP 1 = Sockets des troie
UDP 9 = chargen
UDP 19 = Chargen
UDP 69 = Pasana
UDP 80 = Penrox
UDP 135 = Netbios Remote Procedure Call
UDP 137 = NetBIOS Name (DOS ATTACKS)
UDP 138 = Netbios DataGram
UDP 139 = Netbios Session (DOS Attacks)
UDP 146 = Infector
UDP 1025 = MAVERICK's Matrix 1.2 - 2.0
UDP 1026 = Remote Explorer 2000
UDP 1027 = Trojan.huiGezi.e
UDP 1028 = KILO, SUBSARI
UDP 1029 = SUBSARI
UDP 1031 = XOT
UDP 1032 = akosch4
UDP 1104 = Rexxrave
UDP 1111 = DAODAN
UDP 1116 = LURKER
UDP 1122 = Last 2000, Singularity
UDP 1183 = cyb, sweetheart
UDP 1200 = NOBACKO
UDP 1201 = NOBACKO
UDP 1342 = Bla Trojan
UDP 1344 = PTAKS
UDP 1349 = BO DLL
UDP 1561 = Muska52
UDP 1772 = NetControle
UDP 1978 = SLAPPER
UDP 1985 = Black Diver
UDP 2000 = A-Trojan, Fear, Force, Gothic Intruder, Last 2000, Real 2000
UDP 2001 = Scalper
UDP 2002 = SLAPPER
UDP 2130 = mini backlash
UDP 2140 = Deep Throat, Foreplay, The Invasor
UDP 2222 = SweetHeart, Way
UDP 2339 = Voice Spy
UDP 2702 = Black Diver
UDP 2989 = RAT
UDP 3150 = deep throat
UDP 3215 = XHX
UDP 3333 = DAODAN
UDP 3801 = Eclypseudp 3996 = remote Anything
UDP 4128 = redshad
UDP 4156 = SLAPPER
UDP 5419 = DARKSKY
UDP 5503 = Remote Shell Trojan
UDP 5555 = DAODAN
UDP 5882 = Y3K RAT
UDP 5888 = Y3K RAT
UDP 6112 = Battle.Net Game
UDP 6666 = KILO
UDP 6667 = KILO
UDP 6766 = KILO
UDP 6767 = KILO, UIDME
UDP 6838 = MSTREAM Agent-Handler
UDP 7028 = Unknown Trojan
UDP 7424 = Host Control
UDP 7788 = SINGULARITY
UDP 7983 = MSTREAM HANDLER-Agent
UDP 8012 = PTAKKS
UDP 8090 = aphex's remote packet sniffer
UDP 8127 = 9_119, chonker
UDP 8488 = KILO
UDP 8489 = KILO
UDP 8787 = BACKORIFICE 2000
UDP 8879 = BACKORIFICE 2000
UDP 9325 = MSTREAM Agent-Handler
UDP 10000 = XHX
UDP 10067 = Portal of Doom
UDP 10084 = SYPHILLIS
UDP 10100 = SLAPPER
UDP 10167 = Portal of Doom
UDP 10498 = MSTREAM
UDP 10666 = AMBUSH
UDP 11225 = CYN
UDP 12321 = protoss
UDP 12345 = Blueice 2000
UDP 12378 = W32 / GIBE @ mm
UDP 12623 = Buttman, Dun Control
UDP 15210 = UDP Remote Shell Backdoor Server
UDP 15486 = KILO
UDP 16514 = KILO
UDP 16515 = KILO
UDP 18753 = Shaft Handler to Agent
UDP 20433 = SHAFT
UDP 21554 = Girlfriend
UDP 22784 = Backdoor.Intruzzo
UDP 23476 = DONALD DICK
UDP 25123 = MOTD
UDP 26274 = Delta Source
UDP 26374 = SUB-7 2.1
UDP 26444 = trin00 / tfn2k
UDP 26573 = SUB-7 2.1
UDP 27184 = Alvgus Trojan 2000
UDP 27444 = trinoo
UDP 29589 = KILO
UDP 29891 = the unnexplading
UDP 30103 = NetSphere
UDP 31320 = Little Witch
UDP 31335 = Trin00 DOS ATTACK
UDP 31337 = Baron Night, Bo Client, Bo2, Bo Facil, Backfire, Back Orific, Deepbo
UDP 31338 = BACK Orific, Netspy DK, Deepbo
UDP 31339 = Little Witch
UDP 31340 = little Witchudp 31416 = lithium
UDP 31787 = HACK ATACK
UDP 31789 = HACK ATACK
UDP 31790 = HACK ATACK
UDP 31791 = HACK ATACK
UDP 33390 = Unknown Trojan
UDP 34555 = trinoo
UDP 35555 = trinoo
UDP 43720 = KILO
UDP 44014 = IANI
UDP 44767 = SCHOOL BUS
UDP 46666 = Taskman
UDP 47262 = Delta Source
UDP 47785 = KILOV
UDP 49301 = Online Keylogger
UDP 49683 = fenster
UDP 49698 = KILO
UDP 52901 = Omega
UDP 54320 = back Orific
UDP 54321 = BACK OrificE 2000
UDP 54341 = Netraider Trojan
UDP 61746 = KILO
UDP 61747 = KILO
UDP 61748 = KILO
UDP 65432 = the traitor
Port: 0
Service: reserved
Description: Usually used to analyze the operating system. This method is capable of working because "0" is an invalid port in some systems, which will produce different results when you try to use the usual closing port to connect it. A typical scan, using an IP address of 0.0.0.0, setting an ACK bit and broadcasts Ethernet layer.
Port: 1
Service: TCPMUX
Note: This shows someone is looking for SGI IRIX machines. IRIX is the primary provider of TCPMUX. By default, TCPMUX is opened in this system. IRIX Machines is published as a few default unciprocgeted accounts such as IP, Guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators have forgotten to delete these accounts after installation. Therefore, Hacker searches for TCPMUX on the Internet and uses these accounts.
Port: 7
Service: echo
Note: When you see many people search for the Fraggle amplifier, send to X.x.x.0 and X.x.x.255 information.
Port: 19
Service: Character Generator
Description: This is a service that only sends characters. The UDP version will respond to the package containing the spam after receiving the UDP package. The data stream containing the spam when the TCP connection is sent until the connection is closed. Hacker uses IP spoof to launch a DOS attack. Forged two UDP packages between two Chargen servers. The same Fraggle DOS attack is broadcast to this port of the target address with a packet with counterfeit victim IP, and the victim is overloaded in order to respond to this data.
Port: 21
Service: ftp
Description: The port open by the FTP server is used to upload, download. The most common attacker is used to find ways to open anonymous's FTP server. These servers have a readable and writable directory. Trojan Doly Trojan, Fore, Invisible FTP, WebEX, WinCrash, and Blade Runner open port.
Port: 22
Service: SSH
Note: The connection of the TCP and this port established by PCANywhere may be to find SSH. This service has a lot of weaknesses, and if you are configured as a specific mode, many of the versions that use the RSAREF library will have a lot of vulnerabilities.
Port: 23
Service: Telnet
Description: Remote login, intruder is searching for remote login UNIX services. Most cases scan this port is to find the operating system running in the machine. There are other technologies, and the intruder will also find a password. Trojan TiNy Telnet Server opens this port. Port: 25
Service: SMTP
Description: The port open by the SMTP server is used to send an email. Intruders look for SMTP servers to pass their spam. The invader's account is turned off, and they need to connect to the high-bandwidth E- Mail server to pass simple information to different addresses. Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, Winspy are open.
Port: 31
Service: MSG Authentication
Note: Trojan Master Paradise, Hackers Paradise opens this port.
Port: 42
Service: WINS Replication
Description: WINS replication
Port: 53
Service: Domain Name Server (DNS)
Description: The ports open by the DNS server may be attempt to conduct regional delivery (TCP), deceive DNS (UDP) or hidden other communications. Therefore, the firewall often filters or records this port.
Port: 67
Service: Bootstrap Protocol Server
Note: The firewall that is often sent to the broadcast address 255.255.255.255 via DSL and Cable Modem often see data from the broadcast address 255.255.255.255. These machines request an address to the DHCP server. Hacker often enters them, assigns an address to initiate a large number of middleman attacks as partial routers. The client is broadcast to the 68 port broadcast request, and the server responds to the 67-port broadcast. This response uses broadcast because the client still does not know the IP address that can be sent.
Port: 69
Service: Trival File Transfer
Note: Many servers provide this service with BootP to facilitate download startup code from the system. But they often cause the intruder to steal any files from the system due to the error configuration. They can also be used to write files.
Port: 79
Service: Finger Server
Note: Intruders are used to obtain user information, query the operating system, and detect known buffers overflow errors, and respond to from their own machines to other machine finger scans.
Port: 80
Service: http
Description: Used for web browsing. Trojan Executor opens this port.
Port: 99
Service: Metagram Relay
Description: The back door program NCX99 opens this port.
Port: 102
Services: Message Transfer Agent (MTA) -X.400 over TCP / IP
Description: Message Transport Agent.
Port: 109
Service: Post Office Protocol -Version3
Description: POP3 server opens this port for receiving mail, client accessing the server-side mail service. POP3 services have many recognized weaknesses. There is at least 20 weaknesses overflow from the username and password exchange buffer, which means that the invader can enter the system before the truly landing. There are other buffers overflow errors after successfully logging in.
Port: 110
Services: Sun's RPC service all ports
Description: Common RPC services include RPC.Mountd, NFS, RPC.statd, RPC.CSMD, RPC.TTTYBD, AMD and other ports: 113
Service: Authentication Service
Note: This is a multi-computer running protocol for identifying TCP connections. This service using standards can get information about many computers. But it can serve as many services, especially those such as FTP, POP, IMAP, SMTP, and IRC. Usually, if you have many customers access these services through the firewall, you will see a number of connection requests for this port. Remember, if this port client will feel slowly connected to the E-mail server on the other side of the firewall. Many firewalls send back RST during blocking of TCP connections. This will stop slow connection.
Port: 119
Service: Network News Transfer Protocol
Description: News News Group Transfer Protocol to carry USENET communication. This port connection is usually people looking for a USENET server. Most ISP limits, only their customers can access their newsgroup servers. Open the newsgroup server will allow / read anyone's post, access the restricted newsgroup server, post anonymous to post or send a spam.
Port: 135
Service: Location Service
Note: Microsoft runs DCE RPC End-Point Mapper for this port for its DCOM service. This is similar to the functionality of UNIX 111 ports. Use DCOM and RPC services to register their location by End-Point Mapper on your computer. When remote customers are connected to a computer, they look for the location of the end-point mapper to find the service. Is this port of Hacker Scanning Computer to find this computer running Exchange Server? What version? Some DOS attacks are directly for this port.
Port: 137, 138, 139
Service: NetBIOS Name Service
Description: Where 137, 138 is a UDP port, and this port is used when transmitting a file over an online neighbor. And 139 port: The connection entry through this port is trying to get the NetBIOS / SMB service. This protocol is used for Windows files and printers sharing and Samba. There is also WINS Regisrtation to use it.
Port: 143
Services: Interim Mail Access Protocol V2
Note: Like the security of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: A Linux worm (ADMV0RM) will breed this port, so many of this port scan from uninformed users who have been infected. These vulnerabilities are very popular when Redhat allows IMAP by default in their Linux release versions. This port is also used in IMAP2, but it is not popular.
Port: 161
Service: SNMP
Note: SNMP allows remote management devices. All configurations and run information are stored in the database, which is available to SNMP. Many administrators' error configuration will be exposed to the Internet. CACKERS will try to use the default password public, private access system. They may test all possible combinations. The SNMP package may be incorrectly pointing to the user's network.
Port: 177
Service: x Display Manager Control Protocol
Note: Many intruders have access to the X-Windows operator through it, and it needs to open the 6000 port.
Port: 389
Service: LDAP, ILS
Description: Light directory access protocols and NetMeeting Internet Locator Server share this port. Port: 443
Service: https
Note: Web browsing ports provide an encryption and another HTTP transmitted through security port.
Port: 456
Service: [NULL]
Description: Trojan Hackers Paradise opens this port.
Port: 513
Service: Login, Remote Login
Description: Yes from the Unix computer sent from the subnet to the subnet using Cable Modem or DSL. These people provide information for invaders into their system.
Port: 544
Service: [NULL]
Description: Kerberos Kshell
Port: 548
Services: Macintosh, File Services (AFP / IP)
Description: Macintosh, file service.
Port: 553
Service: CORBA IIOP (UDP)
Note: This port broadcast will be seen using Cable Modem, DSL or VLAN. CORBA is an object-oriented RPC system. Intrusioners can use this information to enter the system.
Port: 555
Service: DSF
Description: Trojan PHASE 1.0, Stealth Spy, INIKILLER opens this port.
Port: 568
Service: MEMBERSHIP DPA
Description: Membership DPA.
Port: 569
Service: MEMBERSHIP MSN
Description: Membership MSN.
Port: 635
Service: MOUNTD
Description: Linux's MountD bug. This is a popular bug that scanned. Most of the scan for this port is UDP, but TCP-based mountd is increased (MountD is running on two ports at the same time). Remember that MountD can run at any port (which port is, you need to do a portmap query at port 111), just Linux default port is 635, just like NFS usually runs on 2049 port.
Port: 636
Service: LDAP
Description: SSL (Secure Sockets Layer)
Port: 666
Service: Doom ID Software
Description: Trojan Attack FTP, Satanz Backdoor open this port
Port: 993
Service: IMAP
Description: SSL (Secure Sockets Layer)
Port: 1001,1011
Service: [NULL]
Description: Trojan Silencer, WebEx opens 1001 ports. Trojan Doly Trojan open 1011 port.
Port: 1024
Service: reserved
Note: It is the beginning of dynamic ports, and many programs do not care which port connection network, they request the system to assign them the next idle port. Based on this allocation starts from port 1024. This means that the first request to issue a request to the 1024 port. You can restart the machine, open Telnet, and open a window to run natstat -a will see Telnet assigned 1024 port. There is also SQL Session also uses this port and 5000 ports.
Port: 1025, 1033
Services: 1025: Network BlackJack 1033: [NULL] Description: Trojan Netspy opens these 2 ports.
Port: 1080
Service: SOCKS
Description: This protocol passes through the firewall in a channel, allowing people behind the firewall to access the Internet through an IP address. In theory it should only allow the internal communication to arrive outside the Internet. However, due to the wrong configuration, it allows attacks located outside the firewall through the firewall. Wingate often happens, which often sees this situation when joining the IRC chat room.
Port: 1170
Service: [NULL]
Description: Trojan streaming audio Trojan, Psyber Stream Server, Voice opens this port.
Port: 1234, 1243, 6711, 6776
Service: [NULL]
Description: Trojan Subseven 2.0, Ultors Trojan opens 1234,6776 ports. Trojans Subseven 1.0 / 1.9 open 1243, 6711,6776 ports.
Port: 1245
Service: [NULL]
Description: Trojan VODOO opens this port.
Port: 1433
Service: SQL
Description: Microsoft's SQL service open port.
Port: 1492
Service: stone-design-1
Description: Trojan ftp99cmp open this port.
Port: 1500
Services: RPC Client Fixed Port Session Queries
Description: RPC Customer fixed port session query
Port: 1503
Service: NetMeeting T.120
Description: NetMeeting T.120
Port: 1524
Service: Ingress
Note: Many attack scripts will install a backdoor shell on this port, especially for the script of Sendmail and RPC service vulnerabilities in the Sun system. If you just install the firewall, you will see the connection at this port, which is likely to be the above reasons. You can try Telnet to this port on the user's computer to see if it will give you a shell. This issue is also available to 600 / PCServer.
Port: 1600
Service: ISSD
Description: Trojan Shivka-Burka opens this port.
Port: 1720
Service: Netmeeting
Description: NetMeeting H.233 Call Setup.
Port: 1731
Service: Netmeeting Audio Call Control
Description: NetMeeting audio call control.
Port: 1807
Service: [NULL]
Description: Trojan spysender opens this port.
Port: 1981
Service: [NULL]
Description: Trojan Shockrave opens this port.
Port: 1999
Service: Cisco Identification Port
Description: Trojan Backdoor opens this port.
Port: 2000
Service: [NULL]
Description: Trojan Girlfriend 1.3, Millenium 1.0 opens this port.
Port: 2001
Service: [NULL]
Description: Trojan Millenium 1.0, Trojan COW opens this port.
Port: 2023
Service: xinuexpansion 4
Description: Trojan Pass Ripper opens this port. Port: 2049
Service: NFS
Description: The NFS program is often running on this port. You usually need to access portmapper query which port is running.
Port: 2115
Service: [NULL]
Description: Trojan bugg opens this port.
Port: 2140, 3150
Service: [NULL]
Description: Trojan Deep Throat 1.0 / 3.0 opens this port.
Port: 2500
Services: RPC Client Using A Fixed Port Session Replication
Description: Apply a fixed port session replication RPC customer
Port: 2583
Service: [NULL]
Description: Trojan WinCrash 2.0 opens this port.
Port: 2801
Service: [NULL]
Description: Trojan phineas phucker opens this port.
Port: 3024, 4092
Service: [NULL]
Description: Trojan WinCrash opens this port.
Port: 3128
Service: Squid
Description: This is the default port of the Squid HTTP proxy server. The attacker scans this port is to search for an anonymous access to the Internet. It also sees the ports 8000, 8001, 8080, 8888 of other proxy servers. Another reason for scanning this port is that the user is entering the chat room. Other users will also verify this port to determine if the user's machine supports the agent.
Port: 3129
Service: [NULL]
Description: Trojan Master Paradise opens this port.
Port: 3150
Service: [NULL]
Description: Trojan The Invasor opens this port.
Port: 3210, 4321
Service: [NULL]
Description: Trojan Schoolbus open this port
Port: 3333
Service: DEC-Notes
Description: Trojan Prosiak opens this port
Port: 3389
Service: Super Terminal
Description: The Windows 2000 terminal opens this port.
Port: 3700
Service: [NULL]
Description: Trojan Portal of Doom open this port
Port: 3996,4060
Service: [NULL]
Description: Trojan RemoteanyTHING open this port
Port: 4000
Service: QQ client
Description: Tencent QQ client opens this port.
Port: 4092
Service: [NULL]
Description: Trojan WinCrash opens this port.
Port: 4590
Service: [NULL]
Description: Trojan ICQTROJAN opens this port.
Port: 5000, 5001, 5321, 50505 Services: [NULL]
Description: Trojan Blazer5 opens 5000 ports. Trojan Sockets de Troie Open 5000, 5001, 5321, 50505 port.
Port: 5400, 5401, 5402
Service: [NULL]
Note: Trojan Blade Runner opens this port.
Port: 5550
Service: [NULL]
Description: Trojan XTCP opens this port.
Port: 5569
Service: [NULL]
Description: Trojan Robo-Hack opens this port.
Port: 5632
Service: pcanywere Description: Sometimes a lot of scanning of this port is dependent on the location where users are. When the user opens PCANYWERE, it automatically scans the local area network C-class network to find a possible agent (here the agent refers to Agent instead of proxy). Intrudes will also find a computer that opens this service. So you should look at this source address of this scan. Some scanning packs of PCANYWERE often contain the UDP packets of port 22.
Port: 5742
Service: [NULL]
Description: Trojan WinCrash1.03 opens this port.
Port: 6267
Service: [NULL]
Description: Trojan Guangxiang girl opens this port.
Port: 6400
Service: [NULL]
Description: Trojan The Thing opens this port.
Port: 6670,6671
Service: [NULL]
Description: Trojan Deep Throat opens 6670 port. Deep Throat 3.0 open 6671 port.
Port: 6883
Service: [NULL]
Description: Trojan deltasource opens this port.
Port: 6969
Service: [NULL]
Description: Trojan Gatecrasher, Priority opens this port.
Port: 6970
Service: Reaudio
Note: Reaudio client receives audio data streams from the UDP port of the server's 6970-7170. This is set by the TCP-7070 port externally control connection.
Port: 7000
Service: [NULL]
Description: Trojan Remote Grab opens this port.
Port: 7300, 7301, 7306, 7307, 7308
Service: [NULL]
Description: Trojan NetMonitor opens this port. The additional NetSPY1.0 also opens 7306 ports.
Port: 7323
Service: [NULL]
Description: Sygate server side.
Port: 7626
Service: [NULL]
Description: Trojan giscier opens this port.
Port: 7789
Service: [NULL]
Description: Trojan Ickiller opens this port.
Port: 8000
Service: OICQ
Description: Tencent QQ server is open this port. '
Port: 8010
Service: Wingate
Description: Wingate agent opens this port.
Port: 8080
Service: proxy port
Description: WWW proxy opens this port.
Port: 9400, 9401, 9402
Service: [NULL]
Description: Trojan Incommand 1.0 opens this port.
Port: 9872, 9873, 9874, 9875, 10067, 10167
Service: [NULL]
Description: Trojan Portal of Doom open this port
Port: 9989
Service: [NULL]
Description: Trojan Ini-Killer opens this port.
Port: 11000
Service: [NULL]
Description: Trojan Sennaspy opens this port.
Port: 11223
Service: [NULL]
Description: Trojan Progenic Trojan opens this port.
Port: 12076,61466
Service: [NULL]
Description: Trojan Telecommando opens this port.
Port: 12223
Service: [NULL] Description: Trojan Hack'99 Keylogger opens this port.
Port: 12345, 12346
Service: [NULL]
Description: Trojan Netbus1.60 / 1.70, Gabanbus opens this port.
Port: 12361
Service: [NULL]
Description: Trojan WHACK-A-MOLE opens this port.
Port: 13223
Service: Powwow
Description: Powwow is a Tribal Voice chat program. It allows users to open private chats at this port. This process is very aggressive for establishing a connection. It will be stationed in this TCP port. A connection request similar to a heartbeat interval. If a dial user inherits the IP address from another chat, there will be many different people to test this port. This protocol uses opng as the first 4 bytes of its connection request.
Port: 16969
Service: [NULL]
Description: Trojan priority opens this port.
Port: 17027
Service: Conducent
Description: This is an outgoing connection. This is because someone has a shared software with Conducent "ADBOT" inside the company. Conducent "Adbot" is an advertising service for shared software. A popular software using this service is pkware.
Port: 19191
Service: [NULL]
Description: Trojan Blue flame opens this port.
Port: 20000, 20001
Service: [NULL]
Description: Trojan Millennium opens this port.
Port: 20034
Service: [NULL]
Description: Trojan NetBus Pro opens this port.
Port: 21554
Service: [NULL]
Description: Trojan girlfriend opens this port.
Port: 22222
Service: [NULL]
Description: Trojan Prosiak opens this port.
Port: 23456
Service: [NULL]
Description: Trojan Evil FTP, UGLY FTP opens this port.
Port: 26274, 47262
Service: [NULL]
Description: Trojan Delta opens this port.
Port: 27374
Service: [NULL]
Description: Trojan Subseven 2.1 opens this port.
Port: 30100
Service: [NULL]
Description: Trojan NetSphere opens this port.
Port: 30303
Service: [NULL]
Description: Trojan Socket23 opens this port.
Port: 30999
Service: [NULL]
Description: Trojan Kuang opens this port.
Port: 31337, 31338
Service: [NULL]
Description: Trojan BO (Back Orific) opens this port. In addition, the Trojan Deepbo is also open 31338 port.
Port: 31339
Service: [NULL]
Description: Trojan NetSPY DK opens this port.
Port: 31666
Service: [NULL]
Description: Trojan Bowhack opens this port.
Port: 33333
Service: [NULL]
Description: Trojan Prosiak opens this port.
Port: 34324
Service: [NULL]
Description: Trojan Tiny Telnet Server, Biggluck, TN open this port.
Port: 40412
Service: [NULL] Description: Trojan The SPY opens this port.
Port: 40421, 40422, 40423, 40426,
Service: [NULL]
Description: Trojan Masters Paradise opens this port.
Port: 43210, 54321
Service: [NULL]
Description: Trojan Schoolbus 1.0 / 2.0 opens this port.
Port: 44445
Service: [NULL]
Description: Trojan HAPPYPIG opens this port.
Port: 50766
Service: [NULL]
Description: Trojan Fore open this port.
Port: 53001
Service: [NULL]
Note: Trojan Remote Windows Shutdown opens this port.
Port: 65000
Service: [NULL]
Description: Trojan Devil 1.03 opens this port.
Port: 88
Description: Kerberos KRB5. In addition, TCP 88 port is also this purpose.
Port: 137
Description: SQL Named Pipes Encryption over Other Protocols Name Lookup (SQL Name Links on Other Protocol Names) and SQL RPC Encryption over Other Protocols Name Lookup (SQL RPC Encryption Technology on Other Protocol Name) and WINS NetBT Name Service (WINS NetBT Name Service) and WINS Proxy use this port.
Port: 161
Description: Simple Network Management Protocol (SMTP) (Simple Network Management Agreement)
Port: 162
Description: SNMP TRAP (SNMP traps)
Port: 445
Description: Common Internet File System (CIFS) (Public Internet File System)
Port: 464
Description: Kerberos Kpasswd (V5). In addition, TCP's 464 port is also this purpose.
