[ WHITE PAPER ]
™
TCP/IP Ports List
Author:
Razorpoint Security Team
Version:
1.6
Date of current version:
2006-05/22
Date of original version:
2001-04/10
Copyright © 2001-2006 Razorpoint Security Technologies, Inc.
All Rights Reserved.
™
Table of Contents.
TCP/IP Ports List
Valid Ports
..........................................................................................................................................
1
.....................................................................................................................................................
2
Trojan / Backdoor Ports
May 22, 2006
...................................................................................................................................
24
TCP/IP Ports List [v1.6]
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
™
TCP/IP Ports List
TCP/IP (Transmission Control Protocol / Internet Protocol) is the primary packet type on the Internet. It uses an assigned list
of ports (numbered services used to accept connections) for valid Internet services. This TCP/IP ports list covers both TCP and
UDP (Universal Datagram Packet) port assignments used by authorized services like email (SMTP), news (NNTP), and the World
Wide Web (HTTP), in addition to illegitimate hacker/cracker backdoor, or trojan, ports.
Authorized (legitimate) port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic
and/or Private Ports. Well Known Ports are those from 0 through 1023, Registered Ports are those from 1024 through 49151,
and the Dynamic and/or Private Ports are those from 49152 through 65535. The Well Known Ports are assigned by the IANA
(Internet Assigned Numbers Authority) and on most systems can only be used by system (root level) processes or by programs
executed by privileged users. Ports for the TCP are defined in RFC 793, and ports for the UDP are defined in RFC 768. Where
ever possible, port assignments are the same for TCP and UDP packet types.
Razorpoint Security Technologies, Inc. continues to update this list on a regular basis and attempts to keep it as one of the
most comprehensive TCP/IP ports list available. This list contains TCP/IP ports used by most operating systems and network
technologies, including: Sun Solaris, Linux, BSD Unix (MacOS X, OpenBSD, FreeBSD, NetBSD, etc.), Windows, Cisco, Nortel and
3Com.
For more information, please contact Razorpoint Security Technologies, Inc. at (www.razorpointsecurity.com).
May 22, 2006
TCP/IP Ports List [v1.6]
Page 1 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
Valid TCP/IP Ports
Service Name
TCP Port
UDP Port
Description
<reserved>
tcpmux
compressnet
compressnet
<unassigned>
rje
<unassigned>
echo
discard
<unassigned>
systat
<unassigned>
daytime
<unassigned>
<unassigned>
<unassigned>
qotd
msp
chargen
FTP-data
FTP
SSH
Telnet
priv-mail
SMTP
<unassigned>
nsw-fe
msg-icp
msg-auth
<unassigned>
dsp
<unassigned>
priv-print
time
rap
rlp
<unassigned>
graphics
nameserver
nicname
mpm-flags
mpm
mpm-snd
ni-ftp
auditd
tacacs
re-mail-ck
la-maint
xns-time
domain
xns-ch
isi-gl
xns-auth
MTP
xns-mail
priv-file
<unassigned>
ni-mail
acas
0
1
2
3
4
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
29
31
32
33
34
35
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
0
1
2
3
4
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
29
31
32
33
34
35
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Reserved
TCP Port Service Multiplexer (RFC-1078)
Management Utility
Compression Process
Unassigned
Remote Job Entry
Unassigned
May 22, 2006
TCP/IP Ports List [v1.6]
sink null
Unassigned
Active Users
Unassigned
Daytime (RFC 867)
Unassigned
Unassigned <formerly netstat>
Unassigned
Quote of the Day
Message Send Protocol
Character Generator
File Transfer [Default Data]
File Transfer [Control]
Secure Shell (ssh / scp)
Any private mail system
Simple Mail Transfer Protocol
Unassigned
NSW User System FE
MSG ICP
MSG Authentication
Unassigned
Display Support Protocol
Unassigned
any private printer server
timserver
Route Access Protocol
Resource Location Protocol
Unassigned
Graphics
Host Name Server
Who Is
MPM FLAGS Protocol
Msg Processing Module [recv]
MPM [default send]
NI FTP
Digital Audit Daemon
Login Host Protocol (TACACS)
Remote Mail Checking Protocol
IMP Logical Address Maintenance
XNS Time Protocol
Domain Name Server
XNS Clearinghouse
ISI Graphics Language
XNS Authentication
Any private terminal access
XNS Mail
any private file service
Unassigned
NI MAIL
ACA Services
Page 2 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
whois
63
63
covia
tacacs-ds
sql*net
bootps
bootpc
tftp
gopher
netrjs-1
netrjs-2
netrjs-3
netrjs-4
priv-dial
deos
priv-rje
vettcp
finger
http
hosts2-ns
xfer
mit-ml-dev
ctf
mit-ml-dev
mfcobol
priv-term-l
kerberos-sec
su-mit-tg
dnsix
mit-dov
npp
dcp
objcall
supdup
dixie
swift-rvf
linuxconf
64
65
66
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
64
65
66
67
68
69
70
71
72
73
74
75
76
77
metagram
irc
hostname
99
100
101
iso-tsap
gppitnp
Email
acr-nema
csnet-ns
pop3pw
102
103
rtelnet
snagas
pop-2
pop-3
107
108
109
110
sunrpc
111
mcidas
auth
112
113
irc
audionews
sftp
ansanotify
uucp-path
114
115
116
117
May 22, 2006
104
105
106
81
82
83
84
85
86
88
89
90
91
96
98
106
113
TCP/IP Ports List [v1.6]
Whois++
VIA Systems - FTP
Communications Integrator (CI)
TACACS-Database Service
Oracle SQL*NET
Bootstrap Protocol Server
Bootstrap Protocol Client
Trivial File Transfer
Remote Job Service
Remote Job Service
Remote Job Service
Remote Job Service
Any private dial out service
Distributed External Object Store
any private RJE service, netjrs
World Wide Web HTTP
HOSTS2 Name Server
XFER Utility
MIT ML Device
Common Trace Facility
MIT ML Device
Micro Focus Cobol
any private terminal link, ttylink
Kerberos (v5)
SU/MIT Telnet Gateway
DNSIX Securit Attribute Token Map
MIT Dover Spooler
Network Printing Protocol
Device Control Protocol
Tivoli Object Dispatcher
BSD supdupd
DIXIE Protocol Specification
Swift Remote Virtural File Protocol
linuxconf
TAC News
Metagram Relay
Internet Relay Chat
hostnames NIC Host Name Server
Internet Relay Chat
tsap ISO-TSAP Class 0
Genesis Point-to-Point Trans Net, or x400 ISO
ACR-NEMA Digital Imag. & Comm. 300
Mailbox Name Nameserver
Eudora compatible PW changer
3Com TSMux
Remote Telnet
SNA Gateway Access Server
PostOffice V.2
PostOffice V.3
Internet Relay Chat (Fserve)
portmapper, rpcbind
Internet Relay Chat (Fserve)
McIDAS Data Transmission Protocol
ident, tap, Authentication Service
Internet Relay Chat (DCC)
Internet Relay Chat (Ident)
Audio News Multicast
Secure File Transfer Protocol
ANSA REX Notify
UUCP Path Service
Page 3 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
sqlserv
nntp
irc
erpc
118
119
120
121
smakynet
ntp
ansatrader
ansatrader
locus-map
locus-map
unitary
locus-con
gss-xlicen
pwdgen
cisco-fna
122
123
124
124
125
125
126
127
128
129
130
cisco-tna
131
cisco-sys
132
statsrv
ingres-net
loc-srv
profile
netbios-ns
netbios-dgm
netbios-ssn
emfis-data
emfis-cntl
bl-idm
imap2
news
uaac
iso-tp0
iso-ip
cronus
aed-512
sql-net
hems
bftp
sgmp
netsc-prod
netsc-dev
sqlsrv
knet-cmp
pcmail-srv
nss-routing
sgmp-traps
snmp
snmptrap
cmip-man
smip-agent
xns-courier
s-net
namp
namp
rsvd
rsvd
send
print-srv
multiplex
cl-1
xyplex-mux
mailq
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
167
168
168
169
170
171
172
173
174
May 22, 2006
SQL Services
Network News Transfer Protocol
Internet Relay Chat (Send)
Encore Expedited Remote Pro.Call
Internet Relay Chat (Send)
123
137
138
139
Network Time Protocol
ANSA REX Trader
ANSA REX Trader
Locus PC-Interface Net Map Ser
Locus PC-Interface Net Map Ser
Unisys Unitary Login
Locus PC-Interface Conn Server
GSS X License Verification
Password Generator Protocol
cisco FNATIVE
Internet Relay Chat (Get)
cisco TNATIVE
Internet Relay Chat (Get)
cisco SYSMAINT
Internet Relay Chat (Get)
Statistics Service
INGRES-NET Service
NCS local location broker
PROFILE Naming System
NETBIOS Name Service
NETBIOS Datagram Service
NETBIOS Session Service
EMFIS Data Service
EMFIS Control Service
Britton-Lee IDM
Inernet Mail Access Protocol v2
NewS window system
UAAC Protocol
CRONUS-SUPPORT
AED 512 Emulation Service
Background File Transfer Program
SQL Service
KNET/VM Command/Message Protocol
PCMail Server
Simple Network Management Protocol
snmp-trap
CMIP Manager
CMIP Agent
Xerox
Sirius Systems
Network PostScript
Network Innovations Multiplex
Network Innovations CL/1
TCP/IP Ports List [v1.6]
Page 4 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
vmnet
genrad-mux
xdmcp
nextstep
bgp
ris
unify
audit
ocbinder
ocserver
remote-kis
kis
aci
mumps
qft
gacp
prospero
osu-nms
srmp
irc
dn6-nlm-aud
dn6-smm-red
dls
dls-mon
smux
src
at-rtmp
at-nbp
at-3
at-echo
at-5
at-zis
at-7
at-8
tam
z39.50
914c-g
anet
ipx
vmpwscs
softpc
atls
dbase
mpp
uarps
imap3
fln-spx
rsh-spx
cdc
masqdialer
direct
sur-meas
dayna
link
dsp3270
subntbcst_tftp
bhfhs
rap
set
yak-chat
fw1-vpn
openport
nsiiops
arcisdms
May 22, 2006
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
242
243
244
245
246
247
248
256
257
258
259
260
261
262
X Display Manager Control Protocol
NextStep Window Server
Border Gateway Protocol
Intergraph
Unisys Audit SITP
KIS Protocol
Application Communication Interface
Plus Fives MUMPS
Queued File Transport
Gateway Access Control Protocol
Prospero Directory Service
OSU Network Monitoring System
Spider Remote Monitoring Protocol
Internet Relay Chat
DNSIX Network Level Module Audit
DNSIX Session Mgt Module Audit Redir
Directory Location Service
Directory Location Service Monitor
SNMP Unix Multiplexer
IBM System Resource Controller
AppleTalk Routing Maintenance
AppleTalk Name Binding
AppleTalk Unused
AppleTalk Echo
AppleTalk Unused
AppleTalk Zone Information
AppleTalk Unused
AppleTalk Unused
Trivial Authenticated Mail Protocol
wais, ANSI Z39.50
Texas Instruments 914C/G Terminal
ATEXSSTR
224
Insignia Solutions
Access Technology License Server
dBASE Unix
Netix Message Posting Protocol
Unisys ARPs
Interactive Mail Access Protocol v3
Berkeley rlogind with SPX auth
Berkeley rshd with SPX auth
Certificate Distribution Center
Masqdialer
Survey Measurement
Display Systems Protocol
secure electronic transaction
yak winsock personal chat
Check Point FireWall-1/VPN-1 Secure Port
iiop name service over tls/ssl
TCP/IP Ports List [v1.6]
Page 5 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
hdap
bgmp
x-bone-ctl
mom
http-mgmt
personal-link
cableport-ax
fxp
novastorbakcup
entrusttime
bhmds
bhmds
asip-webadmin
vslmp
magenta-logic
opalis-robot
dpsi
decauth
zannet
pkix-timestamp
pip
rtsps
pdap
pawserv
zserv
fatserv
csi-sgwp
mftp
matip-type-a
matip-type-b
dtag-ste-sb
ndsauth
bh611
datex-asn
cloanto-net-1
bhevent
shrinkwrap
tenebris_nts
scoi2odialog
semantix
srssend
rsvp_tunnel
aurora-cmgr
dtk
odmr
mortgageware
qbikgdp
rpc2portmap
codaauth2
clearcase
ulistserv
legent-1
legent-1
legent-2
hassle
nip
tnETOS
dsETOS
is99c
is99s
hp-collector
hp-managed-node
hp-alarm-mgr
arns
ibm-app
May 22, 2006
263
264
265
270
280
281
282
286
308
309
310
310
311
312
313
314
315
316
317
318
321
322
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
373
374
375
376
377
378
379
380
381
382
383
384
385
265
280
286
X-Bone CTL
http://www.Microsoft.com/mom/
cable port a/x
FXP Communication
novastor backup
appleshare ip webadmin
318
PKIX Timestamp
322
RTSPS
Prospero Data Access Protocol
Perf Analysis Workbench
Zebra server
Fatmen Server
Cabletron Management Protocol
MATIP Type A
MATIP Type B or bhoetty
DTAG, or bhoedap4
Cloanto Net 1
Tenebris Network Trace Service
SRS Send
Deception Tool Kit (lame -- see www.all.net)
Unix Listserv
Legent Corporation (Computer Associates)
Legent Corporation (Computer Associates)
Legent Corporation (Computer Associates)
Amiga Envoy Network Inquiry Proto
NEC Corporation
NEC Corporation
TIA/EIA/IS-99 modem client
TIA/EIA/IS-99 modem server
hp performance data collector
hp performance data managed node
hp performance data alarm manager
A Remote Network Server System
IBM Application
TCP/IP Ports List [v1.6]
Page 6 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
asa
aurp
unidata-ldm
ldap
uis
synotics-relay
synotics-broker
dis
embl-ndt
netcp
netware-ip
mptn
kryptolan
iso-tsap-c2
work-sol
ups
genie
decap
nced
ncld
imsp
timbuktu
prm-sm
prm-nm
decladebug
rmt
synoptics-trap
smsp
infoseek
bnet
silverplatter
onmux
hyper-g
ariel1
smpte
ariel2
ariel3
opc-job-start
opc-job-track
icad-el
smartsdp
svrloc
ocs_cmu
ocs_amu
utmpsd
utmpcd
iasd
nnsp
mobileip-agent
mobilip-mn
dna-cml
comscm
dsfgw
dasp
sgcp
decvms-sysmgt
cvc_hostd
https
snpp
microsoft-ds
ddm-rdb
ddm-dfm
ddm-ssl
as-servermap
May 22, 2006
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
ASA Message Router Object Def.
Appletalk Update-Based Routing Pro.
Unidata LDM Version 4
Lightweight Directory Access Protocol
SynOptics SNMP Relay Port
SynOptics Port Broker Port
Data Interpretation System
EMBL Nucleic Data Transfer
NETscout Control Protocol
Novell Netware over IP
Multi Protocol Trans. Net.
ISO-TSAP Class 2
Workstation Solutions
Uninterruptible Power Supply
Genie Protocol
Interactive Mail Support Protocol
Prospero Resource Manager Sys. Man.
Prospero Resource Manager Node Man.
DECLadebug Remote Debug Protocol
Remote MT Protocol
Trap Convention Port
IBM Operations Planning and Control Start
IBM Operations Planning and Control Track
Server Location
Usenet, Network News Transfer
secure http (SSL)
Simple Network Paging Protocol
ddm-byte
AS Server Mapper
TCP/IP Ports List [v1.6]
Page 7 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
tserver
sfs-smp-net
sfs-config
creativeserver
contentserver
creativepartnr
macon-tcp
scohelp
appleqtc
ampr-rcmd
skronk
datasurfsrv
datasurfsrvsec
alpes
kpasswd5
smtps
digital-vrc
mylex-mapd
photuris
rcp
scx-proxy
mondex
ljk-login
hybrid-pop
tn-tl-w1
tcpnethaspsrv
tn-tl-fd1
ss7ns
spsc
iafserver
loadsrv
iafdbase
dvs
ph
bgs-nsi
xlog
ulpnet
integra-sme
powerburst
sstats
avian
saft
gss-http
nest-protocol
micom-pfs
go-login
ticf-1
ticf-2
pov-ray
intecourier
pim-rp-disc
Dantz Retrospect
siam
iso-ill
isakmp
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
480
481
481
482
482
483
484
485
486
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
stmf
asa-appl-proto
intrinsa
citadel
mailbox-lm
ohimsrv
crs
xvttp
snare
501
502
503
504
505
506
507
508
509
May 22, 2006
Cray Network Semaphore server
Cray SFS config server
apple quick time
Kerberos (v5)
smtp protocol over TLS/SSL (was ssmtp)
Photuris Key Management
Radio Control Protocol
Integra Software Management Environment
Air Soft Power Burst
saft Simple Asynchronous File Transfer
Transport Independent Convergence for FNA
Transport Independent Convergence for FNA
MacOS Backup Software System
500
TCP/IP Ports List [v1.6]
ISO ILL Protocol
ISA/KMP Encryption Key Exchange
Baynetworks VPN
Page 8 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
fcp
passgo
exec
biff
login
who
shell
syslog
printer
videotex
talk
ntalk
utime
route
ripng
ulp
ibm-db2
ncp
timed
tempo
stx
custix
irc-serv
courier
conference
netnews
netwall
mm-admin
iiop
opalis-rdv
nmsp
gdomap
apertus-ldp
uucp
uucp-rlogin
commerce
klogin
510
511
512
512
513
513
514
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
kshell
ekshell
dhcpv6-client
dhcpv6-server
afpovertcp
idfp
new-rwho
cybercash
deviceshare
pirp
rtsp
dsf
remotefs
openvms-sysipc
sdnskmp
teedtap
rmonitor
monitor
chshell
snews
9pfs
whoami
streettalk
banyan-rpc
ms-shuttle
ms-rome
meter
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
May 22, 2006
FirstClass Server
BSD rexecd
comsat
BSD rlogind
BSD rwhod
BSD rshd
BSD syslogd
spooler (lpr/lpd)
BSD talkd
(talkd)
unixtime
router routed (RIP), or extended file name server
timeserver
newdate
Stock IXChange
Customer IXChange
rpc
chat
readnews
for emergency broadcasts
MegaMedia Admin
Networked Media Streaming Protocol
Apertus Technologies Load Determination
uucpd
Kerberos (v4/v5)
AppleShare over IP
krcmd Kerberos (v4/v5)
Kerberos encrypted remote shell -kfall
DHCPv6 Client
DHCPv6 Server
AFP (AppleShare) over TCP, also iDisk
new-who
Real Time Streaming Protocol
rfs, rfs_server, Brunhoff remote filesystem
rmonitord
chcmd
NNTP over SSL
Plan 9 file service
Microsoft shuttle
Microsoft rome
demon
TCP/IP Ports List [v1.6]
Page 9 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
umeter
sonar
banyan-vip
ftp-agent
vemmi
ipcd
vnas
ipdd
decbsrv
sntp-heartbeat
bdp
scc-security
philips-vc
keyserver
imap4-ssl
password-chg
submission
cal
eyelink
tns-cml
http-alt
eudora-set
http-rpc-epmap
tpip
cab-protocol
smsd
ptcnameservice
sco-websrvrmg3
acp
ipcserver
syslog-conn
xmlrpc-beep
idxp
tunnel
soap-beep
urm
nqs
sift-uft
npmp-trap
npmp-local
npmp-gui
sshell
sco-inetmgr
sco-sysmgr
sco-dtmgr
nlservd
cryptoadmin
IMAP Admin
qmqp
cups
ginad
mount
ldapssl
pcnfs
sanity
ldp
dhcp-failover
rrp
bwnfs
AppleShare IP Admin
pftp
purenoise
doom
vpp
MacOS Users & Groups
May 22, 2006
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
614
615
616
617
617
624
626
628
631
634
635
636
640
643
646
647
648
650
660
662
663
666
677
687
udemon
FTP Software Agent System
Bundle Discovery Protocol
Philips Video-Conferencing
IMAP4+SSL (use port 993 instead)
FileMaker Pro - HTTP Alternate
Eudora Settings Server
HTTP RPC Ep Map
601
602
603
604
605
PTC Name Service
SCO Web Server Manager 3
Aeolon Core Protocol
Sun IPC server
Reliable Syslog Service
XML-RPC over BEEP
IDXP
TUNNEL
SOAP over BEEP
Cray Unified Resource Manager
Sender-Initiated/Unsolicited File Transfer
614
615
616
617
624
SSLshell
Internet Configuration Manager
SCO System Administration Server
SCO Desktop Administration Server
http://www.arkeia.com
Crypto Admin
Qmail Quick Mail Queueing
Common UNIX Printing System
643
646
647
662
663
677
TCP/IP Ports List [v1.6]
NFS Mount Service
LDAP over SSL
PC-NFS DOS Authentication
SANity
LDP
DHCP Failover
NSI Registry Registrar Protocol
BW-NFS DOS Authentication
AppleShare Web & File Services
PFTP
PureNoise
Doom(Id Software)
Virtual Presence Protocol
Page 10 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
nmap
resvc
ha-cluster
BuddyPhone
BuddyPhone
elcsd
entrustmanager
cisco-tdp
netviewdm1
netviewdm2
netviewdm3
sometimes-rpc2
netcp
netgw
netrcs
flexlm
fujitsu-dev
ris-cm
kerberos-adm
kerberos
kerberos_master
qrh
rrh
krb_prop
nlogin
nlogin
con
krbupdate
kpasswd
quotad
cycleserv
omserv
webster
phonebook
vid
cadlock
rtip
cycleserv2
submit
rpasswd
acmaint_dbd
entomb
acmaint_transd
wpages
wpages
multiling-http
wpgs
wpgs
hp-collector
hp-managed-node
hp-alarm-mgr
concert
controlit
mdbs_daemon
device
iscsi
supfilesrv
rsync
accessbuilder
samba-swat
oftep-rpc
rndc
ftps-data
ftps
telnets
May 22, 2006
689
691
694
704
709
711
729
730
731
737
740
741
742
744
747
748
749
750
751
752
753
754
758
758
759
760
761
762
763
764
765
767
769
770
771
772
773
774
774
775
775
776
776
777
780
780
781
782
783
786
799
800
801
860
871
873
888
901
950
953
989
990
992
689
694
700
701
711
NMAP
Microsoft Exchange 2000 Server Routing
ha-cluster
BuddyPhone Communication (No FTP)
BuddyPhone Communication (No FTP)
errlog copy/server daemon
EntrustMgr - NorTel DES auth network
Cisco TDP
IBM NetView DM/6000 Server/Client
IBM NetView DM/6000 send
IBM NetView DM/6000 receive
Rusersd(OpenBSD)
NETscout Control Protocol
Network based Rev. Cont. Sys.
Flexible License Manager
Fujitsu Device Control
Russell Info Sci Calendar Manager
Kerberos 5 admin/changepw
kdc Kerberos (v4)
Kerberos `kadmin (v4)
kerberos/v5 server propagation
kreg Kerberos (v4) registration
kpwd Kerberos (v4) “passwd”
phone
777
Multiling HTTP
hp performance data collector
hp performance data managed node
hp performance data alarm manager
860
TCP/IP Ports List [v1.6]
iSCSI
SUP server
Rsync server ( http://rsync.samba.org )
Accessbuilder, or Audio CD Database
Samba SWAT tool.Also used by ISS RealSecure.
Often RPC.statd (on Redhat Linux)
RNDC is used by BIND 9 (& probably other NS)
FTP protocol (data) over TLS/SSL
FTP protocol (control) over TLS/SSL
Telnet protocol over TLS/SSL
Page 11 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
imaps
ircs
pop3s
xtreelic
vsinet
maitrd
busboy
puparp
garcon
applix
cadlock
silencer
webex
blackice-port-1002
ufsd
sometimes-rpc1
kdm
1001
1002
1008
1012
1024
listen
1025
nterm
windows-messenger-service
icq
icq
icq
iad1
iad2
iad3
netspy
w2k-printer-port-monitor
fpitp
wfremotertm
startron
nim
nimreg
polestar
kiosk
veracity
syscomlan
instl_boots
instl_bootc
socks
ansoft-lm-1
ansoft-lm-2
xaudio
xrl
kpop
nfsd-status
msql
mini-sql
sacred
supfiledbg
nfa
nfa
oracle-oms
phone
vchat
tripwire
streamingaudio
skkserv
mysql-cluster
hp-webadmin
openvpn
lupa
1026
May 22, 2006
993
994
995
996
996
997
998
998
999
999
1000
1027
1029
1032
1030
1031
1032
1033
1045
1046
1057
1058
1059
1060
1061
1062
1065
1067
1068
1080
1083
1084
1103
1104
1109
1110
1112
1114
1118
1127
1155
1155
1159
1167
1168
1169
1170
1178
1186
1188
1194
1212
IMAP4 protocol over TLS/SSL
IRC protocol over TLS/SSL
POP3 protocol over TLS/SSL
XTREE License Server
Applix ac
1001
1026
1033
1045
1046
1057
1060
1061
1062
1065
1104
1114
1118
1159
1168
1169
1170
1186
1188
1194
TCP/IP Ports List [v1.6]
UFS-aware server
rstatd (OpenBSD)
K Display Manager (KDE version of xdm)
Dwyco Video Conferencing (Range: 1024-5000)
listener RFS remote_file_sharing
network blackjack
remote_login network_terminal
http://www.lurhq.com/popup_spam.html
ICQ
ICQ
ICQ
BBN IAD
BBN IAD
BBN IAD
Fingerprint Image Transfer Protocol
WebFilter Remote Monitor
STARTRON
POLESTAR
KIOSK
Veracity
SYSCOMLAN
Installation Bootstrap Proto. Serv.
Installation Bootstrap Proto. Cli.
Socks/Wingate
Anasoft License Manager
Anasoft License Manager
Xaserver # X Audio Server
XRL
Pop with Kerberos
NFS Cluster status/Keep-Alive info
mini-sql server
Mini SQL
SACRED
SUP debugging
Network File Access
Network File Access
Oracle OMS
conference calling
VChat Conference Service
TripWire
streamingaudio
SKK (kanji input)
MySQL Cluster Manager
HP Web Admin
OpenVPN
Page 12 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
kazaa
nerv
vpnz
dns2go
florence
periscope
hotline
nessus
1214
1222
1224
1227
1228
1230
1234
1241
voodoo
hermes
emc-gateway
emperion
boomerang
bmc_patroldb
alta-ana-lm
bbn-mmc
bbn-mmx
sbook
editbench
equationbuilder
lotusnotes
relief
relief
rightbrain
rightbrain
intuitive-edge
cuillamartin
pegboard
connlcli
ftsrv
mimer
linx
timeflies
ndm-requester
ndm-server
adapt-sna
netware-csp
dcs
screencast
gv-us
us-gv
fc-cli
fc-ser
chromagrafx
molly
bytex
ibm-pps
cichlid
elan
dbreporter
telesis-licman
apple-licman
gwha
os-licman
atex_elmd
checksum
cadsi-lm
objective-dbc
iclpv-dm
iclpv-sc
iclpv-sas
iclpv-pm
iclpv-nls
1248
1273
1282
1304
1313
1346
1347
1348
1349
1350
1351
1352
1353
1353
1354
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
May 22, 2006
1214
1224
1227
1228
1230
1245
1273
1282
1304
1313
KAZAA
SNI R&D network
VPNz
DNS2Go
FLORENCE
Periscope
nessus client-to-server port
remote message server
EMC-Gateway
Emperion
Boomerang
BMC_PATROLDB
Alta Analytics License Manager
multi media conferencing
multi media conferencing
Registration Network Protocol
Registration Network Protocol
Digital Tool Works (MIT)
Lotus Notes
Relief Consulting
Relief Consulting
RightBrain Software
RightBrain Software
Intuitive Edge
CuillaMartin Company
Electronic PegBoard
Network DataMover Requester
Network DataMover Server
Network Software Associates
Novell NetWare Comm Service Platform
GlobalView to Unix Shell
Unix Shell to GlobalView
Fujitsu Config Protocol
Fujitsu Config Protocol
EPI Software Systems
IBM Person to Person Software
Cichlid License Manager
Elan License Manager
Integrity Solutions
Telesis Network License Manager
Apple Network License Manager
GW Hannaway Network License Manager
Objective Solutions License Manager
Atex Publishing License Manager
CheckSum License Manager
Computer Aided Design Software Inc LM
Objective Solutions DataBase Cache
Document Manager
Storage Controller
Storage Access Server
Print Manager
Network Log Server
TCP/IP Ports List [v1.6]
Page 13 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
iclpv-nlc
iclpv-wsm
dvl-activemail
audio-activmail
video-activmail
cadkey-licman
cadkey-tablet
goldleaf-licman
prm-sm-np
prm-nm-np
igi-lm
ibm-res
netlabs-lm
dbsa-lm
sophia-lm
here-lm
hiq
af
innosys
innosys-acl
ibm-mqseries
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
dbstar
novell-lu6.2
timbuktu-srv1
timbuktu-srv2
timbuktu-srv3
timbuktu-srv4
gandalf-lm
autodesk-lm
essbase
hybrid
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
zion-lm
sas-1
mloadd
informatik-lm
nms
tpdu
rgtp
blueberry-lm
ms-sql-s
ms-sql-m
ibm-cics
sas-2
tabula
eicon-server
eicon-x25
eicon-slp
cadis-1
cadis-2
WebSTAR/SSL Admin
marcam-lm
proxima-lm
ora-lm
apri-lm
oc-lm
peport
dwf
infoman
gtegsc-lm
genie-lm
interhdl_elmd
esl-lm
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
May 22, 2006
Network Log Client
PC Workstation Manager software
DVL Active Mail
Audio Active Mail
Video Active Mail
Cadkey License Manager
Cadkey Tablet Daemon
Goldleaf License Manager
Prospero Resource Manager
Prospero Resource Manager
Infinite Graphics License Manager
IBM Remote Execution Starter
NetLabs License Manager
DBSA License Manager
Sophia License Manager
Here License Manager
HiQ License Manager
AudioFile
1414
1424
IBM MQSeries
CUSeeMe Vdeo/Audio Server
Novell LU6.2
Timbuktu Service 1 Port
Timbuktu Service 2 Port
Timbuktu Service 3 Port
Timbuktu Service 4 Port
Gandalf License Manager
Autodesk License Manager
Essbase Arbor Software
Hybrid Encryption Protocol
CUSeeMe Vdeo/Audio Server
Zion Software License Manager
Satellite-data Acquisition System 1
mloadd monitoring tool
informatik License Manager
Hypercom NMS
Hypercom TPDU
Reverse Gossip Transport
Blueberry Software License Manager
Microsoft-SQL-Server
Microsoft-SQL-Monitor
Satellite-data Acquisition System 2
Eicon Security Agent/Server
Eicon X25/SNA Gateway
Eicon Service Location Protocol
Cadis License Management
Cadis License Management
4D WebStar Web Server Admin
Marcam License Management
Proxima License Manager
Optical Research Associates License Manager
Applied Parallel Research LM
OpenConnect License Manager
Tandem Distributed Workbench Facility
IBM Information Management
GTE Government Systems License Man
Genie License Manager
interHDL License Manager
ESL License Manager
TCP/IP Ports List [v1.6]
Page 14 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
dca
valisys-lm
nrcabq-lm
proshare1
proshare2
ibm_wrless_lan
world-lm
nucleus
msl_lmd
pipes
oceansoft-lm
csdmbase
csdm
aal-lm
uaiact
csdmbase
csdm
openmath
telefinder
taligent-lm
clvm-cfg
ms-sna-server
ms-sna-base
dberegister
pacerforum
airs
miteksys-lm
afs
confluent
lansource
nms_topo_serv
localinfosrvr
docstor
dmdocbroker
insitu-conf
anynetgateway
stone-design-1
netmap_lm
citrix-ica
cvc
liberty-lm
rfx-lm
watcom-sql
fhc
vlsi-lm
sas-3
shivadiscovery
imtc-mcs
evb-elm
funkproxy
utcd
symplex
diagmond
robcad-lm
mvx-lm
3l-l1
wins
fujitsu-dtc
fujitsu-dtcns
ifor-protocol
vpad
vpac
vpvd
vpvc
May 22, 2006
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
Valisys License Manager
Nichols Research Corp.
Proshare Notebook Application
Proshare Notebook Application
IBM Wireless LAN
World License Manager
MSL License Manager
Ocean Software License Manager
Active Analysis Limited License Manager
Universal Analytics
Taligent License Manager
Miteksys License Manager
AFS License Manager
Confluent License Manager
Citrix MetaFrame
Federico Heinz Consultora
VLSI License Manager
Satellite-data Acquisition System 3
Shiva
Databeam
EVB Software Engineering License Manager
Funk Software, Inc.
Universal Time daemon (utcd)
Robcad, Ltd. License Manager
Midland Valley Exploration Ltd. License Mgr
Microsofts Windows Internet Name Service
Fujitsu Systems Business of America, Inc
Fujitsu Systems Business of America, Inc
Virtual
Virtual
Virtual
Virtual
TCP/IP Ports List [v1.6]
Places
Places
Places
Places
Audio
Audio
Video
Video
data
control
data
control
Page 15 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
atm-zip-office
oracle-sql
1520
1521
rna-lm
cichild-lm
ingreslock
pdap
pdap-np
tlisrv
mciautoreg
coauthor
rap-service
rap-listen
miroconnect
virtual-places
micromuse-lm
ampr-info
ampr-inter
sdsc-lm
3ds-lm
intellistor-lm
rds
rds2
gridgen-elmd
simba-cs
aspeclmd
vistium-share
abbaccuray
laplink
axon-lm
shivasound
3m-image-lm
hecmtl-db
pciarray
livelan
veritas_pbx
web2host
ets
orbixd
oraclenames
simbaexpress
dialpad
dialpad
issd
citrix-ica
skytelnet
softdataphone
ontime
radius
radacct
kermit
nkd
shiva_confsrvr
xnmp
netview-aix-1
netview-aix-2
netview-aix-3
netview-aix-4
netview-aix-5
netview-aix-6
netview-aix-7
netview-aix-8
netview-aix-9
netview-aix-10
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1555
1556
1559
1569
1570
1575
1583
1584
1585
1600
1604
1618
1621
1622
1645
1646
1649
1650
1651
1652
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
May 22, 2006
atm zip office
Oracle SQLNet
nCube License Manager
Ricardo North America License Manager
ingres
Prospero
Prospero Data Access Prot non-priv
Oracle
Oracle
Virtual Places Software
Intellistor License Manager
Axon License Manager
Shiva Sound
Image Storage license manager 3M Company
1555
1556
1559
1569
1570
1575
1583
1618
1621
1622
1649
TCP/IP Ports List [v1.6]
livelan
Veritas Private Branch Exchange
web2host
ets
orbixd
oraclenames
simbaexpress
Dialpad
Dialpad
Citrix ICA, MS Terminal Server
skytelnet
softdataphone
ontime
radius authentication
radius accounting
kermit
Page 16 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
netview-aix-11
netview-aix-12
groupwise
prolink
carboncopy
snaresecure
groupwise
cuseeme
1671
1672
1677
1678
1680
1684
1686
1720
pptp
wm-asf
tftp-multi
radius
1723
1755
1758
1812
radacct
1813
pcm
sugp
licensedaemon
tr-rsrb-p1
tr-rsrb-p2
tr-rsrb-p3
stun-p1
stun-p2
stun-p3
snmp-tcp-port
stun-port
perf-port
tr-rsrb-port
gdp-port
x25-svc-port
tcp-id-port
callbook
wizard
globe
cfingerd
mailbox
emce
deslogin
oracle
invokator
raid-cc
dectalk
raid-am
conf
terminaldb
news
whosockami
search
pipe_server
raid-cc
servserv
ttyinfo
raid-ac
raid-am
raid-cd
troff
raid-sf
cypress
raid-cs
bootserver
bootserver
cypress-stat
bootclient
1827
1905
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2004
2005
2005
2006
2006
2007
2007
2008
2008
2009
2009
2010
2010
2011
2011
2012
2012
2013
2013
2014
2014
2015
2015
2016
2016
2017
2017
May 22, 2006
1677
1678
1684
1686
1812
1813
1905
groupwise
prolink
CarbonCopy Server
SnareSecure
http://www.Novell.com/products/groupwise/
CUSeeMe Vdeo/Audio Server
H.323/Q.931
Point-to-Point Tunnelling Protocol
Windows Media (.asf)
TFTP Multicast
RADIUS authentication protocol (RFC 2138)
CUSeeMe Vdeo/Audio Server
RADIUS accounting protocol (RFC 2139)
CUSeeMe Vdeo/Audio Server
PCM Agent (AutoSecure Policy Compliance Mgr)
Secure UP.Link Gateway Protocol
cisco license management
cisco RSRB Priority 1 port
cisco RSRB Priority 2 port
cisco RSRB Priority 3 port
cisco STUN Priority 1 port
cisco STUN Priority 2 port
cisco STUN Priority 3 port
cisco SNMP TCP port
cisco serial tunnel port
cisco perf port
cisco Remote SRB port
cisco Gateway Discovery Protocol
cisco X.25 service (XOT)
cisco identification port
curry
GNU finger
CCWS mm conf
encrypted symmetric telnet/login
raid
or, nfr411
raid
TCP/IP Ports List [v1.6]
Page 17 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
terminaldb
rellpack
whosockami
about
xinupageserver
servexec
xinuexpansion1
xinuexpansion2
xinuexpansion3
xinuexpansion4
ellpack
xribs
scrabble
shadowserver
submitserver
device2
blackboard
glogger
scoremgr
imsldoc
objectmanager
lam
interbase
isis
isis-bcast
rimsl
cdfunc
sdfunc
dls
dls-monitor
nfs
distrib-net-rsa
dlsrpn
dlswpn
go2call
go2call
zephyr-clt
zephyr-hm
eklogin
ekshell
rkinit
kx
kip
kauth
ats
ivs-video
shiva-vpn
ivsd
mysql-im
compaqdiag
pehelp
netscape-conf
apple-ug
ms-olap3
ms-olap4
fmpro-fdal
cvspserver
g-talk
venus
venus-se
codasrv
codasrv-se
rtsserv
rtsclient
wlbs
May 22, 2006
2018
2018
2019
2019
2020
2021
2021
2022
2023
2024
2025
2025
2026
2027
2028
2030
2032
2033
2034
2035
2038
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2064
2065
2067
2090
2103
2104
2105
2106
2108
2111
2112
2120
2201
2232
2241
2273
2301
2307
2327
2336
2382
2383
2399
2401
2421
2430
2431
2432
2433
2500
2501
2504
2090
2091
2233
Network File System
distributed.net RSA crypto decipher tool
Data Link Switch Read Port Number
Data Link Switch Write Port Number
Go2Call
Go2Call
Zephyr serv-hm connection
Zephyr hostmanager
Kerberos (v4) encrypted rlogin
Kerberos (v4) encrypted rshell
Kerberos (v4) remote initialization
X over kerberos
IP over kerberos
Remote kauth
Advanced Training System Program
IVS Video default
2273
IVS Daemon
MySql Instance Manager
Compaq Insight Management Web Agents
2382
2383
2399
Netscape Conference
Apple UG Control
Microsoft OLAP
Microsoft OLAP
Filemaker, Inc. -- Data Access Layer
CVS network server
G-Talk
2421
Resource Tracking system server
Resource Tracking system client
TCP/IP Ports List [v1.6]
Page 18 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
citrixima
hp-3000-telnet
zebrasrv
zebra
ripd
ripngd
ospfd
bgpd
webster
sybase
cp-udp-encap
listen
iss-realsec
active-ppp
2766
2998
3000
nessusd
3001
deslogin
deslogind
Program Linking
cfs
distrib-net-proxy
sj3
squid-http
squid-ipc
vmodem
viavideo
viavideo
viavideo
viavideo
viavideo
viavideo
ccmail
MacOS Net Assistant
mysql
dec-notes
msrdp
bmap
bungie-myth
prsvp
vat
vat-control
track
udt_os
mapper-nodemgr
mapper-mapethd
mapper-ws_ethd
netcheque
lockd
aol-aim-2
nuts_dem
nuts_bootp
wincim
EIMS Admin
rwhois
msql
unicall
krb524
sae-urn
fax
hylafax
rfa
3005
3006
3031
3049
3064
3086
3128
3130
3141
3230
3231
3232
3233
3234
3235
3264
3283
3306
3333
3389
3421
3453
3455
3456
3457
3462
3900
3984
3985
3986
4008
4045
4099
4132
4133
4144
4199
4321
4333
4343
4444
4500
4557
4559
4672
May 22, 2006
2512
2564
2600
2601
2602
2603
2604
2605
2627
2638
2512
2746
3000
Citrix IMA
HP 3000 NS/VT block mode telnet
zebra service
zebra vty
RIPd vty
RIPngd vty
OSPFd vty
BGPd vty
Network dictionary
Sybase database
Check Point UDP Encapsulation
System V listener port
ISS RealSecure IDS Remote Console Admin port
Active Worlds Msging
Deerfield MDaemon Email Server
User-level ppp daemon
Calista IP Phone (Inbound)
Nessus Security Scanner Daemon
Deerfield MDaemon Email Server
Encrypted symmetric telnet/login
MacOS Apple Events
/ AgentVU
cryptographic file system (nfs)
proxy port (distributed.net)
SJ3 (kanji input)
3230
3231
3232
3233
3234
3235
Polycom ViaVideo
Polycom ViaVideo
Polycom ViaVideo
Polycom ViaVideo
Polycom ViaVideo
Polycom ViaVideo
cc:Mail/Lotus
(H.323)
(H.323)
(H.323)
(H.323)
(H.323)
(H.323)
mySQL
DEC Notes
Microsoft Remote Display (Terminal) Protocol
Bull Apprise portmapper
Bungie Myth and Myth II Server
RSVP Port
VAT default data
VAT default control
software distribution
Unidata UDT OS
MAPPER network node manager
MAPPER TCP/IP server
MAPPER workstation server
NetCheque accounting
NFS lock daemon/manager
AOL Instant Messanger (Outbound)
NUTS Daemon
NUTS Bootp Server
Windows Compuserve Protocol
Remote Who Is
mini-sql server
Kerberos v5 -> v4 ticket translator
FlexFax FAX transmission service
HylaFAX client-server protocol
Remote file access server
TCP/IP Ports List [v1.6]
Page 19 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
commplex-main
5000
commplex-link
5001
rfe
FileMaker Pro
telelpathstart
telelpathattack
mmcc
rmonitor_secure
aol-aim-1
5002
5003
5010
5011
5050
5145
5190
aol-1
aol-2
aol-3
sgi-dgl
padl2sim
hacl-hb
hacl-gs
hacl-cfg
hacl-probe
hacl-local
hacl-test
cfengine
pcduo-old
pcduo
postgres
hotline
securid
5191
5192
5193
5232
5236
5300
5301
5302
5303
5304
5305
5308
5400
5405
5432
hotline
hotline
hotline
secureidprop
sdlog
sdserv
sdxauthd
sdadmind
rplay
pcAnywhereData
pcAnywhereStat
active-worlds
canna
proshareaudio
prosharevideo
prosharedata
prosharerequest
prosharenotify
vnc
vnc
vnc
vnc-1
vnc-2
ncd-pref-tcp
ncd-diag-tcp
ncd-conf-tcp
ncd-pref
ncd-diag
ncd-conf
X11
X11:1
X11:2
May 22, 2006
5500
5501
5502
5503
5510
5520
5530
5540
5550
5555
5631
5670
5680
5713
5714
5715
5716
5717
5800
5801
5900
5901
5902
5977
5978
5979
5997
5998
5999
6000
6001
6002
Yahoo Messenger Chat
Free Internet Chess Server
5003
Yahoo Messenger Chat
Radio Free Ethernet
FileMaker Pro over IP
multimedia conference control tool
RMonitor Secure
AOL Instant Messanger (Inbound)
Calista IP Phone (Outbound)
AmericaOnline1
AmericaOnline2
AmericaOnline3
SGI Distributed Graphics
HA
HA
HA
HA
5499
5632
TCP/IP Ports List [v1.6]
cluster
cluster
cluster
cluster
heartbeat
general services
configuration
probing
RemCon PC-Duo - old port
RemCon PC-Duo - new port
postgres database server
Hotline Server
SecurID
VNC Server
Hotline Server
Hotline Server
Hotline Server
Hotline Server
SecurID ACE/Server services
SecurID ACE/Server services
SecurID ACE/Server services
SecurID ACE/Server services
SecurID ACE/Server services
Active Worlds Messaging & Conferencing
Canna (Japanese Input)
proshare conf audio
proshare conf video
proshare conf data
proshare conf request
proshare conf notify
Virtual Network Computer
Virtual Network Computer
Virtual Network Computer
Virtual Network Computer Display :1
Virtual Network Computer Display :2
NCD preferences tcp port
NCD diagnostic tcp port
NCD configuration tcp port
NCD preferences telnet port
NCD diagnostic telnet port
NCD configuration telnet port
X Window server
X Window server
X Window server
Page 20 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
X11:3
X11:4
X11:5
X11:6
X11:7
X11:8
X11:9
arcserve
isdninfo
isdninfo
softcm
spc
dtspc
meta-corp
aspentec-lm
watershed-lm
statsci1-lm
statsci2-lm
lonewolf-lm
montage-lm
ricardo-lm
gnutella
netop-rc
xdsxdm
irc-serv
irc
irc
napster
acmsoda
napster
quicktime
6003
6004
6005
6006
6007
6008
6009
6050
6105
6106
6110
6111
6112
6141
6142
6143
6144
6145
6146
6147
6148
6346
6502
6558
6666
6667
6668
6699
6969
6699
6970
dwyco-video
dwyco-video
dwyco-video
net2phone
net2phone
net2phone
dwyco-video
afs3-fileserver
6700
6701
6702
6802
6803
6880
7000
afs3-callback
afs3-prserver
afs3-vlserver
afs3-kaserver
afs3-volser
afs3-errors
afs3-bos
afs3-update
afs3-rmtsys
ups-onlinet
realmedia
font-service
dialpad
fodms
dlip
icb
qaz
CUSeeMe
CUSeeMe
CUSeeMe-1
CUSeeMe-2
CUSeeMe-3
CUSeeMe-4
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7070
7100
7175
7200
7201
7326
7597
7640
7642
7648
7649
7650
7651
May 22, 2006
6346
X Window server
X Window server
X Window server
X Window server
X Window server
X Window server
X Window server
ARCserve agent
isdninfo
i4lmond
HP SoftBench CM
HP SoftBench Sub-Process Control
CDE subprocess control
Meta Corporation License Manager
Aspen Technology License Manager
Watershed License Manager
StatSci License Manager - 1
StatSci License Manager - 2
Lone Wolf Systems License Manager
Montage License Manager
Ricardo North America License Manager
GNUtella Peer-to-Peer File Sharing System
NetOp Remote Control (by Danware Data A/S)
internet relay chat server
Internet Relay Chat
Internet Relay Chat
Napster Music Sharing System
6970
6801
7648
TCP/IP Ports List [v1.6]
Napster file (MP3) sharing software
QuickTime Server (UDP Range: 6970-7000)
RealMedia Server (UDP Range: 6970-7170)
Dwyco Video Conferencing
Dwyco Video Conferencing
Dwyco Video Conferencing
Net2Phone
Net2Phone
Net2Phone
Dwyco Video Conferencing
afs file server
Internet Relay Chat
ActiveWorlds (Range: 7000-7100)
callbacks to cache managers
users & groups database
volume location database
AFS/Kerberos authentication service
volume managment server
error interpretation service
basic overseer process
server-to-server updater
remote cache manager service
onlinet uninterruptable power supplies
RealMedia (Audio/Video)
X Font Service
Dialpad
FODMS FLIP
Internet Citizens Band
Quaz trojan worm
CUSeeMe Video/Audio Server
CUSeeMe Video/Audio Server
CUSeeMe Video/Audio Server
CUSeeMe Video/Audio Server
CUSeeMe Video/Audio Server
CUSeeMe Video/Audio Server
Page 21 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
active-worlds-2
shoutcast
shoutcast
shoutcast
shoutcast
shoutcast
shoutcast
jserv
ajp13
http-proxy
blackice-icecap
blackice-alerts
cp-cluster
dialpad
sun-answerbook
seosload
zeus-admin
jetdirect
man
sd
ivisit
issa
issc
palace-chat
palace-chat
stel
amanda
amandaidx
amidxtape
pksd
dwyco-video
delta3pc2phone
delta3pc2phone
delta3pc2phone
delta3pc2phone
delta3pc2phone
isode-dua
biimenu
liquid-au
btx
wnn6
wnn6_Cn
wnn6_Kr
wnn6_Tw
hpnpd
hpnpd
internetphone
delta3pc2phone
wnn6_DS
halflife
Quake3Server
Quake2Server
Quake3Server
heretic2
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
Solaris RPC port
May 22, 2006
7777
8000
8001
8002
8003
8004
8005
8007
8009
8080
8081
8082
8116
8680
8888
8892
9090
9100
9535
9876
9991
9992
9997
9998
10005
10080
10082
10083
11371
12053
12083
17007
18000
18888
20005
22273
22289
22305
22321
22370
22370
26208
27960
28910
32770
32771
32772
32773
32774
32775
32776
32777
32778
32779
Active Worlds Messaging & Conferencing
Shoucast Streaming MP3 Server
Shoucast Streaming MP3 Server
Shoucast Streaming MP3 Server
Shoucast Streaming MP3 Server
Shoucast Streaming MP3 Server
Shoucast Streaming MP3 Server
Apache JServ module
8116
9943
12000
12080
12120
12122
22555
24150
27015
27660
27910
TCP/IP Ports List [v1.6]
Common HTTP proxy/second web server port
ICECap user console
BlackIce Alerts sent to this port
Check Point Clustering
Dialpad (Range: 8680-8686)
Sun Answerbook HTTP server
Computer Associates eTrust ACX
Zeus Admin Server
HP JetDirect
Session Director
Ivisit
ISS System Scanner Agent
ISS System Scanner Console
Palace Chat Server
Palace Chat Server
Secure telnet
Amanda Backup Util
Amanda indexing
Amanda tape indexing
PGP Public Key Server
Dwyco Video Conference (Range: 12000-16090)
Delta Three PC to Phone
Delta Three PC to Phone
Delta Three PC to Phone
Delta Three PC to Phone
Delta Three PC to Phone
Beckman Instruments, Inc.
LiquidAudio
xcept4 (German Telekoms CEPT videotext service)
Wnn6 (Japanese input)
Wnn6 (Chinese input)
Wnn6 (Korean input)
Wnn6 (Taiwanse input)
Hewlett-Packard Network Printer daemon
Hewlett-Packard Network Printer daemon
Internet Phone
Delta Three PC to Phone (Range: 24150 - 24179)
Wnn6 (Dserver)
Half Life Game Server
Quake 3 Arena Server (for first player)
Quake 2 Server
Quake 3 Arena Server
Heretic II Game Server
Solaris RPC port
Solaris RPC port (rusersd)
Solaris RPC port (status)
Solaris RPC port (rquotad)
Solaris RPC port (rusersd)
Solaris RPC port (status)
Solaris RPC port (sprayd)
Solaris RPC port (walld)
Solaris RPC port (rstatd)
Solaris RPC port
Page 22 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
Solaris RPC port
Solaris RPC port
Solaris RPC port
timestep
sygatefw
novell
reachout
coldfusion-auth
coldfusion-auth
ciscopop
dbbrowse
dialpad
dialpad
dialpad
ivisit
cuseeme
pcAnywhere
32780
32786
32787
38036
39213
40193
43188
44442
44443
45000
47557
51210
65301
Solaris RPC port
Solaris RPC port (mountd)
Solaris RPC port dmispd (DMI Service Provider)
SyGate Firewall Mgmt port v3.0 build 521 and <
51200
51201
56768
56800
ColdFusion Advanced Security/Siteminder Auth
ColdFusion Advanced Security/Siteminder Auth
Cisco PostOffice Protocol for NetRanger (IDS)
Databeam Corporation
Dialpad
Dialpad
Dialpad
Ivisit
CUSeeMe
pcAnywhere
###
May 22, 2006
TCP/IP Ports List [v1.6]
Page 23 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
Trojan / Backdoor Ports
The following ports should be considered as hostile ports as they are mostly used for trojans or backdoor programs. Hackers/crackers
that break into systems often start processes running on one of the following ports and then use them to either regain entry or launch
attacks against other sites.
Service Name
TCP Port
0
2
8
9
19
20
21
UDP Port
1
22
23
25
30
31
May 22, 2006
Description
Click attack (ICMP)
Sockets des Troie
Death
Ping Attack (ICMP)
Chargen
Chargen
Senna Spy FTP server
Back Construction
Blade Runner
Cattivik FTP Server
CC Invader
Dark FTP
Dolly Trojan
Fore
Invisible FTP
Juggernaut 42
Larva
MotIv FTP
Net Administrator
Ramen
Senna Spy FTP server
The Flu
Traitor 21
WebEx
WinCrash
Shaft
Fire HacKer
Tiny Telnet Server - TTS
Truva Atl
Ajan
Antigen
Barok
Email Password Sender (EPS) & EPS II
Gip
Gris
Happy99
Hpteam mail
Hybris
I love you
Kuang2
Magic Horse
MBT (Mail Bombing Trojan)
Moscow Email trojan
Naebi
NewApt worm
ProMail trojan
Shtirlitz
Stealth
Tapiras
Terminator
WinSpy
Agent 40421
Agent 31
Hackers Paradise
Masters Paradise
TCP/IP Ports List [v1.6]
Page 24 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
41
48
50
58
59
79
80
81
90
99
110
113
119
121
123
129
133
137
137
138
139
142
146
170
334
411
420
139
146
421
455
456
May 22, 2006
TCP/IP Ports List [v1.6]
Deep Throat
Foreplay
DRAT
DRAT
DMSetup
DMSetup
CDK
Firehotcker
711 trojan (Seven Eleven)
AckCmd
Back End
Back Orifice 2000 Plug-Ins
Cafeini
CGI Backdoor
Executor
God Message
God Message Creator
Hooker
IISworm
MTX
NCX
Reverse WWW Tunnel Backdoor
RingZero
Seeker
WAN Remote
Web Server CT
WebDownloader
RemoConChubo
Hidden Port 2.0
Hidden Port
NCX
ProMail trojan
Invisible Identd Deamon
Kazimas
Happy99
Attack Bot
God Message
JammerKillah
Net Controller
Password Generator Protocol
Farnaz
Netbios name (DoS attacks)
Chode
Netbios name (DoS attacks)
Msinit
Chode
Netbios session (DoS attacks)
Chode
God Message worm
Msinit
Netlog
Network
Qaz
Netbios session (DoS attacks)
NetTaxi
Infector 1.3
A-trojan
Backage
Backage
Breach
Incognito
TCP Wrappers trojan
Fatal Connections
Hackers Paradise
Page 25 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
513
514
531
555
605
666
667
669
692
777
808
911
999
1000
1001
1010
1011
1012
1015
1016
1020
1024
1025
1025
1033
1035
1042
1045
1049
1050
1053
1054
1080
1081
1082
1083
1090
1095
1097
1098
May 22, 2006
TCP/IP Ports List [v1.6]
Grlogin
RPC Backdoor
Net666
Rasmin
711 trojan (Seven Eleven)
Ini-Killer
Net Administrator
Phase Zero
Stealth Spy
Secret Service
Attack FTP
Back Construction
BLA trojan
Cain & Abel
NokNok
Satans Back Door - SBD
ServU
Shadow Phyre
th3r1pp3rz (Therippers)
SniperNet
DP trojan
GayOL
AIM Spy Application
Undetected
WinHole
Dark Shadow
Deep Throat
Foreplay
WinSatan
Der SpSher / Der Spaeher
Direct Connection
Der SpSher / Der Spaeher
Le Guardien
Silencer
WebEx
Doly Trojan
Doly Trojan
Doly Trojan
Doly Trojan
Doly Trojan
Vampire
Jade
Latinus
NetSpy
Remote Storm
Mavericks Matrix 1.2 - 2.0
Remote Storm
NetSpy
Multidropper
BLA trojan
Rasmin
/sbin/initd
MiniCommand
The Thief
AckCmd
WinHole
WinHole
WinHole
WinHole
Xtreme
Remote Administration Tool - RAT
Remote Administration Tool - RAT
Remote Administration Tool - RAT
Page 26 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
1099
1150
1151
1170
1207
1208
1212
1234
1200
1201
1243
1245
1255
1256
1269
1272
1313
1338
1349
1394
1441
1492
1524
1568
1600
1703
1777
1807
1966
1967
1969
1981
1999
2000
2001
2002
2003
2004
2005
2023
2080
2115
2140
May 22, 2006
2130
2140
TCP/IP Ports List [v1.6]
Blood Fest Evolution
Remote Administration Tool - RAT
Orion
Orion
Psyber Stream Server - PSS
Streaming Audio Server
Voice
NoBackO
NoBackO
SoftWAR
Infector
Kaos
SubSeven Java client
Ultors Trojan
BackDoor-G
SubSeven Apocalypse
Tiles
Sub Seven
VooDoo Doll
Scarab
Project nEXT
Mavericks Matrix
The Matrix
NETrojan
Millenium Worm
BackOrifice DLL Comm
GoFriller
Backdoor G-1
Remote Storm
FTP99CMP
Trinoo
Remote Hack
Direct Connection
Shivka-Burka
Exploiter
Scarab
SpySender
Fake FTP
WM FTP Server
OpC BO
Bowl
Shockrave
Back Door
SubSeven
TransScout
Der SpSher / Der Spaeher
Insane Network
Last 2000
Remote Explorer 2000
Senna Spy Trojan Generator
Der SpSher / Der Spaeher
Trojan Cow
TransScout
TransScout
TransScout
TransScout
Ripper Pro
WinHole
Bugs
Mini Backlash
The Invasor
Deep Throat
Foreplay
Page 27 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
2155
2255
2283
2300
2311
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2345
2565
2583
2600
2716
2721
2773
2339
2774
2801
3000
3024
3028
3031
3128
3129
3150
2989
3150
3456
3459
3700
3777
3791
3801
4000
4092
4100
4242
4321
4444
4567
4590
4950
5000
5001
May 22, 2006
TCP/IP Ports List [v1.6]
Illusion Mailer
Nirvana
HLV Rat5
Xplorer
Studio 54
Contact
Contact
Contact
Contact
Contact
Contact
Contact
Contact
Contact
Contact
Voice Spy
Voice Spy
Doly Trojan
Striker trojan
WinCrash
Digital RootBeer
The Prayer 1.2 -1.3
Phase Zero
SubSeven
SubSeven 2.1 Gold
SubSeven
SubSeven 2.1 Gold
Phineas Phucker
Remote Administration Tool - RAT
Remote Shut
WinCrash
Ring Zero
Microspy
Reverse WWW Tunnel Backdoor
RingZero
Masters Paradise
The Invasor
Deep Throat
Foreplay
Mini Backlash
Terror trojan
Eclipse 2000
Sanctuary
Portal of Doom
PsychWard
Total Solar Eclypse
Total Solar Eclypse
SkyDance
WinCrash
Watchguard Firebox Admin DoS
Virtual Hacking Machine - VHM
BoBo
Prosiak
Swift Remote
File Nail
ICQ Trojan
ICQ Trogen (Lm)
Back Door Setup
Blazer5
Bubbel
ICKiller
Ra1d
Sockets des Troie
Back Door Setup
Page 28 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
5002
5010
5011
5025
5031
5032
5321
5333
5343
5400
5401
5402
5512
5521
5534
5550
5555
5556
5557
5569
5637
5638
5742
5760
5880
5882
5888
5889
6000
6006
6272
6400
6661
6666
5882
5888
6667
6669
6670
6671
6711
6712
6713
6723
May 22, 2006
TCP/IP Ports List [v1.6]
Sockets des Troie
cd00r
Shaft
Solo
One of the Last Trojans - OOTLT
modified
WM Remote KeyLogger
Net Metropolitan 1.0
Net Metropolitan 1.04
Firehotcker
Backage
NetDemon
wCrat - WC Remote Administration Tool
Back Construction
Blade Runner
Back Construction
Blade Runner
Back Construction
Blade Runner
Illusion Mailer
Xtcp
Illusion Mailer
The Flu
Xtcp
ServeMe
BO Facil
BO Facil
Robo-Hack
PC Crasher
PC Crasher
WinCrash
Portmap Remote Root Linux Exploit
Y3K RAT
Y3K RAT
Y3K RAT
Y3K RAT
The Thing 1.6
Bad Blood
Secret Service
The Thing
TEMan, Weia-Meia
Dark Connection Inside
NetBus worm
Sub-7 Trojan (new icq notification)
Subseven 2.1.4 DefCon 8
SubSeven
Dark FTP
ScheduleAgent
Trinity
WinSatan
Host Control
Vampyre
BackWeb Server
Deep Throat
Foreplay
WinNuke eXtreame
Deep Throat
BackDoor-G
SubSeven
VP Killer
Funny trojan
SubSeven
SubSeven
Mstream attack-handler
Page 29 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
6771
6776
6883
6912
6939
6969
6838
6970
7000
7001
7028
7215
7300
7301
7306
7307
7308
7424
7597
7626
7777
7028
7424
7789
7891
7983
8080
8787
8879
8988
8989
9000
9400
9872
9873
9874
9875
9876
9878
9989
9999
10000
10005
May 22, 2006
8879
9325
10067
TCP/IP Ports List [v1.6]
Deep Throat
Foreplay
2000 Cracks
BackDoor-G
SubSeven
VP Killer
Mstream Agent-handler
Delta Source DarkStar
Sh*t Heap (not 69123)
Indoctrination
GateCrasher
IRC 3
Net Controller
Priority
GateCrasher
Exploit Translation Server
Kazimas
Remote Grab
SubSeven
SubSeven 2.1 Gold
Freak88
Freak2k
Unknown Trojan
SubSeven
SubSeven 2.1 Gold
NetMonitor
NetMonitor
NetMonitor
NetMonitor
NetMonitor
Host Control
QaZ (Remote Access Trojan)
Glacier
God Message
Tini
Back Door Setup
ICKiller
The ReVeNgEr
MStream handler-agent
Brown Orifice
RemoConChubo
Reverse WWW Tunnel Backdoor
RingZero
Back Orifice 2000
Back Orifice 2000
BacHack
Rcon
Recon
Xcon
Netministrator
MStream Agent-handler
InCommand
Portal of Doom
Portal of Doom
Portal of Doom
Portal of Doom
Cyber Attacker
Rux
TransScout
ini-Killer
The Prayer 1.2 -1.3
OpwinTRojan
OpwinTRojan
Portal of Doom
Page 30 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
10085
10086
10100
10101
10520
10528
10607
11000
11050
11051
11223
10167
10498
10666
12076
12223
12345
12346
12349
12361
12362
12363
12456
12624
12631
12701
12754
13000
13010
13013
13014
13223
13473
13700
14500
14501
14502
14503
15000
15092
15104
15382
15858
16484
16660
16772
May 22, 2006
12623
TCP/IP Ports List [v1.6]
Syphillis
Syphillis
Control Total, Gift trojan
BrainSpy, Silencer
Portal of Doom
Mstream handler-agent
Acid Shivers
Host Control
Coma
Ambush
Senna Spy Trojan Generator
Host Control
Host Control
Progenic trojan
Secret Agent
Gjamer
Hack 99 KeyLogger
Ashley
cron / crontab
Fat Bitch trojan,
GabanBus
icmp_client.c
icmp_pipe.c
Mypic
NetBus
NetBus Toy
NetBus worm
Pie Bill Gates
Ultors Trojan
Whack Job
X-bill
Fat Bitch trojan
GabanBus
NetBus
X-bill
BioNet
Whack-a-mole
Whack-a-mole
Whack-a-mole
DUN Control
NetBus
ButtMan
Whack Job
Eclypse 2000
Mstream attack-handler
Senna Spy Trojan Generator
Hacker Brasil - HBR
PsychWard
PsychWard
Hack 99 KeyLogger
Chupacabra
Kuang2 the Virus
PC Invader
PC Invader
PC Invader
PC Invader
NetDemon
Host Control
Mstream attack-handler
SubZero
CDK
Mosucker
Stacheldraht
ICQ Revenge
Page 31 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
16959
16969
17166
17300
17449
17499
17500
17569
17593
17777
18753
19864
20000
20001
18753
20002
20005
20023
20034
20203
20331
20432
20433
21544
21554
22222
23005
23006
23023
23032
23432
23456
23476
23477
23777
24000
25685
25686
25982
26681
26274
27374
27444
May 22, 2006
23476
26274
27444
TCP/IP Ports List [v1.6]
SubSeven
Subseven 2.1.4 DefCon 8
Priority
Mosaic
Kuang2 the virus
Kid Terror
CrazzyNet
CrazzyNet
Infector
Audiodoor
Nephron
Shafthandler to Agent
ICQ Revenge
Millenium
Millenium
Millenium (Lm)
AcidkoR
Mosucker
VP Killer
NetBus 2.0 Pro
NetBus 2.0 Pro Hidden
NetRex
Whack Job
Chupacabra
Logged!
BLA trojan
Shaft Client to handlers
Shaft Agent to handlers
GirlFriend
Kid Terror
Exploiter
Kid Terror
Schwindler
Winsp00fer
Donald Dick
Prosiak
Ruler
RUX The TIc.K
NetTrash
NetTrash
Logged
Amanda
Asylum
Evil FTP
Ugly FTP
Whack Job
Donald Dick
Donald Dick
InetSpy
Infector
Moonpie
Moonpie
Moonpie
Delta Source
Voice Spy
Delta Source
Bad Blood
Ramen
Seeker
SubSeven
SubSeven 2.1 Gold
Subseven 2.1.4 DefCon 8
SubSeven Muie Ttfloader
Trin00/TFN2K
Page 32 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
27573
27665
28678
29104
29369
29891
30000
30001
30003
30029
30100
30101
30102
30103
30133
30303
30464
30947
30999
31335
31336
eleet
30103
31335
31337
31337
31338
31339
31666
31785
31788
31792
32001
32100
31338
31787
31789
31790
31791
32418
33270
33333
33577
33777
33911
33390
34324
May 22, 2006
TCP/IP Ports List [v1.6]
SubSeven 2.1
Trin00 DoS Attack
Exploiter
NetTrojan
ovasOn
The Unexplained
Infector
ErrOr32
Lamers Death
AOL Trojan
NetSphere
NetSphere
NetSphere
NetSphere
NetSphere Final
Sockets des Troie
IceCast remote overflow
Intruse
Kuang2
Trin00 DoS Attack
BO-Whack
Butt Funnel
Back Fire
Back Orifice 1.20 patches
Back Orifice (Lm)
Back Orifice russian
Baron Night, Beeone
BO client
BO Facil
BO spy
BO2
cron / crontab
Freak88
Freak2k
icmp_pipe.c
Sockdmini
Back Orifice
Deep BO
Back Orifice
Butt Funnel
NetSpy (DK)
Deep BO
NetSpy (DK)
BO-Whack
HackaTack
HackaTack
HackaTack
HackaTack
HackaTack
HackaTack
HackaTack
Donald Dick
Peanut Brittle
Project nEXT
Acid Battery
Trinity Trojan
Blakharaz
Prosiak
Unknown trojan
Son of PsychWard
Son of PsychWard
Spirit 2000
Spirit 2001
Big Gluck
Page 33 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
34444
37237
37651
40412
40421
40422
40423
40425
40426
41337
41666
43210
44444
44575
47252
50130
50505
50766
34555
35555
47262
49301
51966
52317
53001
54283
54320
54321
55165
55166
57341
58339
60000
60001
60068
60411
61348
61466
61603
63485
64101
65000
65390
65421
65432
65534
65535
65432
TN
Donald Dick
Trinoo (Windows only)
Trinoo (Windows only)
Mantis
Yet Another Trojan - YAT
The Spy
Agent 40421
Masters Paradise
Masters Paradise
Masters Paradise
Masters Paradise
Masters Paradise
Storm
Remote Boot Tool (RBT)
Masters Paradise
Prosiak
Exploiter
Delta Source
Delta Source
OnLine KeyLogger
Enterprise
Sockets de Troie 2.0
Fore
Schwindler
Cafeini
Acid Battery 2000
Remote Windows Shutdown (RWS)
SubSeven
SubSeven 2.1 Gold
Back Orifice 200 (Default Port)
Back Orifice 200 (Default Port)
School Bus
File Manager trojan
WM Trojan Generator
WM Trojan Generator
NetRaider Trojan
Butt Funnel
Deep Throat
Foreplay
Sockets des Troie
Trinity
Xzip 6000068
Connection
Bunker-Hill Trojan
TeleCommando
Bunker-Hill Trojan
Bunker-Hill Trojan
Taskman
Devil
Sockets des Troie
Stacheldraht
Eclypse
Jade
The Traitor (= th3tr41t0r)
/sbin/initd
RC1 trojan
###
May 22, 2006
TCP/IP Ports List [v1.6]
Page 34 of 34
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.