Re: why dont worms use standard ports ?

From: octavius schmalz (arabesque_at_web.web)
Date: 05/04/04


Date: Tue, 04 May 2004 12:09:37 -0400

On Tue, 04 May 2004 11:48:56 -0400, BeamGuy wrote:

> 445 is a standard port. It is the port that is used for microsoft
> filesharing, so that you can allow others to read and write your hard
> drive as if it is their own. I use that occasionally in the office - and
> every once in awhile at home when I want to share stuff from the laptop to
> the desktop.
>
snip

All ports up to 1023 are considered standard, or well-known But
they can go up to 65535, with those up to 49151 known as registered and
the rest dynamic or private.
If you are running two HTTP servers, for example, the second one is
usually run over port 8080, probably because it "looks" a lot like 80 to
the eye.
However, the real question is why ISPs like comcast don't block all
outgoing local ports unless a user requests it be opened and takes
responsibility for it. Laziness? Maybe it's simply stupidity or lack of
knowledge on the part of their IT department.
But Sasser also uses port 9995 to do its evil work, and one other one in
that range.
There is also the question of the type of data sent over these ports, TCP
etc., which could be blocked if it is not the usual protocol for a
particular port. Eventually ISPs will have to do something. An open,
infected computer not only spews, but can be shut down by an annoyed spam
recipient, or perhaps used to crash the entire network.



Relevant Pages

  • RE: [Full-Disclosure] SQL Slammer - lessons learned
    ... >> Can you think of a legitimate reason why ISPs should allow ports ... I just want a pipe ... ... The information contained in this email and any attachments is ...
    (Full-Disclosure)
  • RE: [Full-Disclosure] SQL Slammer - lessons learned
    ... it's not to the ISP to choose wich ports and services should I use. ... I think you're confused about who owns the pipe. ... The ISPs can do ... business with them or take your business elsewhere. ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] Should ISPs be blocking open ports for their customers?
    ... is it common practice that ISPs are inspecting the TCP headers? ... >ports will isolate infected machines and slow the spread of malicious, ... >these worms do have legitimate uses. ...
    (Full-Disclosure)
  • Re: ISP Blocking ports
    ... >> My ISP blocks certain ports at the cable modem level. ... So, instead of signing petitions, upgrade your connection to one that _does_ ... If you don't like your current ISPs prices for that, ... or get yourself external hosting that supports your own vanity domain. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Outpost blocks everything
    ... >> also use them as DNS servers), and maybe a few other ports (25 for ... >> these ports are open because the server is doing multiple jobs. ... > But many ISPs are smart enough to restrict access to those ports to IP ... developers there running test web servers on their own PCs and them being ...
    (comp.security.firewalls)