Ports used by malware

From: Toby A Inkster (UseTheAddressInMySig_at_deadspam.com)
Date: 03/03/04


Date: Wed, 03 Mar 2004 16:16:16 +0000

I have put together a (tiny) list of ports used by various backdoor kits
and viruses. It is in a format that is easy for nmap to read.

The idea is that you can use it in conjunction with nmap to scan your
network for some common compromises. Not total security, but it should
help.

        http://www.goddamn.co.uk/tobyink/?page=5

Any ideas for other ports I should add? Or a similar database of nasty
ports that I can steal info from?

thanks

-- 
Toby A Inkster BSc (Hons) ARCS
Contact Me - http://www.goddamn.co.uk/tobyink/?page=132


Relevant Pages

  • Re: AW: Re: nmap -sS SYN-SCAN does not find all open Ports?
    ... Network Security Engineer and Analyst ... that there is actually no problem with nmap. ... ports that are not listed by nmap are in state closed. ... Could it somehow be related to my backend firewall? ...
    (Security-Basics)
  • Re: Nmap questions for the experts
    ... nmap has its own mailing lists, you can find those on insecure.org. ... Do you really use nmap before running nessus? ... Only open ports will be fed to ...
    (Security-Basics)
  • Re: nmap udp scan takes too long
    ... I am looking for a tool like nmap that would help me penetrate a filter port. ... But unicornscan beats nmap as it comes to udp scanning. ... Securing Apache Web Server with thawte Digital Certificate ... Open and filtered ports rarely send any kind ...
    (Security-Basics)
  • Re: nmap port name question?
    ... does nmap get the name of the port from my /etc/services, ... would report that those ports probably correspond to a mail server ... 49152/tcp open unknown syn-ack ... 49153, msrpc ...
    (Security-Basics)
  • Re: Is my home computer at risk knowing that nmap says...
    ... Arizona) and saw that his firewall was DROPing connections to unused ... ports - including two ports that nmap scans by default. ... you responded to shows a reasonable response based on a minimal test ...
    (comp.os.linux.security)