[Dshield] Miscreant ports

Johannes Ullrich jullrich at euclidian.com
Sun Oct 19 17:07:42 GMT 2003

> Does anyone know where I can find a list of the ports that 
> various viruses, worms, and Trojans listen?

Couple comments:

Many trojans allow customizing the listen ports, and frequently
these listen ports are chosen to overlap with 'real' applications
in order to mask the scans, or to allow for a higher probability 
to have the scans past by firewalls.

Overall, the best way to find significant trojan ports is by
listening to the scans your firewall receives. The scanners
usually know what they are looking for ;-)

Some ports to look for:

Neohapsis used to have a very complete downloadable list which
could be grepped 

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list