Re: why dont worms use standard ports ?

From: octavius schmalz (arabesque_at_web.web)
Date: 05/04/04


Date: Tue, 04 May 2004 12:09:37 -0400

On Tue, 04 May 2004 11:48:56 -0400, BeamGuy wrote:

> 445 is a standard port. It is the port that is used for microsoft
> filesharing, so that you can allow others to read and write your hard
> drive as if it is their own. I use that occasionally in the office - and
> every once in awhile at home when I want to share stuff from the laptop to
> the desktop.
>
snip

All ports up to 1023 are considered standard, or well-known But
they can go up to 65535, with those up to 49151 known as registered and
the rest dynamic or private.
If you are running two HTTP servers, for example, the second one is
usually run over port 8080, probably because it "looks" a lot like 80 to
the eye.
However, the real question is why ISPs like comcast don't block all
outgoing local ports unless a user requests it be opened and takes
responsibility for it. Laziness? Maybe it's simply stupidity or lack of
knowledge on the part of their IT department.
But Sasser also uses port 9995 to do its evil work, and one other one in
that range.
There is also the question of the type of data sent over these ports, TCP
etc., which could be blocked if it is not the usual protocol for a
particular port. Eventually ISPs will have to do something. An open,
infected computer not only spews, but can be shut down by an annoyed spam
recipient, or perhaps used to crash the entire network.