Ports used by malware

From: Toby A Inkster (UseTheAddressInMySig_at_deadspam.com)
Date: 03/03/04

Date: Wed, 03 Mar 2004 16:16:16 +0000

I have put together a (tiny) list of ports used by various backdoor kits
and viruses. It is in a format that is easy for nmap to read.

The idea is that you can use it in conjunction with nmap to scan your
network for some common compromises. Not total security, but it should


Any ideas for other ports I should add? Or a similar database of nasty
ports that I can steal info from?


Toby A Inkster BSc (Hons) ARCS
Contact Me - http://www.goddamn.co.uk/tobyink/?page=132

Relevant Pages

  • Re: AW: Re: nmap -sS SYN-SCAN does not find all open Ports?
    ... Network Security Engineer and Analyst ... that there is actually no problem with nmap. ... ports that are not listed by nmap are in state closed. ... Could it somehow be related to my backend firewall? ...
  • Re: Nmap questions for the experts
    ... nmap has its own mailing lists, you can find those on insecure.org. ... Do you really use nmap before running nessus? ... Only open ports will be fed to ...
  • Re: nmap udp scan takes too long
    ... I am looking for a tool like nmap that would help me penetrate a filter port. ... But unicornscan beats nmap as it comes to udp scanning. ... Securing Apache Web Server with thawte Digital Certificate ... Open and filtered ports rarely send any kind ...
  • Re: nmap port name question?
    ... does nmap get the name of the port from my /etc/services, ... would report that those ports probably correspond to a mail server ... 49152/tcp open unknown syn-ack ... 49153, msrpc ...
  • Re: UDP Scanning - how nmap really works
    ... > Seen as this method cannot be used, it does not seem feasible for nmap to generate any meaningful information in this ... > situation yet somehow it is differentiating between filtered and open udp ports. ... So how does it match PORT_FIREWALLED in UDP scanning? ... and still is marginally useful in internal networks with no filtering going on. ...