Received: from c000.snv.cp.net ([209.228.32.67]) by merkeznotes.borusan.com (Lotus SMTP MTA v4.6.2  (693.3 8-11-1998)) with SMTP id 42256900.0055E684; Fri, 16 Jun 2000 17:38:16 +0200
Received: (cpmta 6312 invoked from network); 16 Jun 2000 07:43:45 -0700
Date: 16 Jun 2000 07:43:45 -0700
Message-ID: <20000616144345.6311.cpmta@c000.snv.cp.net>
X-Sent: 16 Jun 2000 14:43:45 GMT
Received: from [216.79.97.82] by mail.infosec.20m.com with HTTP;
    16 Jun 2000 07:43:45 PDT
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: mdogru@borusan.com
From: infosec@infosec.20m.com
Cc: Firewalls@Lists.GNAC.NET
X-Mailer: Web Mail 3.6.3.1
Subject: Re: why everybody tries my port #44767 ?

Here is a list of the default ports for most common trojans.
Of course, most of these can be changed before distributing the trojan.
This doesn't mean you're safe...I suggest getting a port scanner such as NMAP
http://www.insecure.org/nmap if you're using *nix. If you're using Windows I really can't help you there, I don't know which scanners are available for MS platforms. I'm sure someone on the list can suggest one. Scan your system for ports offering services. If anything suspicious comes up, let me know and I'll try to help out.




31337 tcp backorifice BO standard port 
21 TCP Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash ftp port spoofing trojans 
23 TCP Tiny Telnet Server small telnet daemon back door 
25 TCP Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator, WinPC, WinSpy, Kuang2 0.17A-0.30 
31 TCP Hackers Paradise Backdoor 
80 TCP Executor webport spoofed backdoor 
456 TCP Hackers Paradise Backdoor 
555 TCP Ini-Killer, Phase Zero, Stealth Spy Backdoor 
666 TCP Satanz Backdoor 
1001 TCP Silencer, WebEx Backdoor 
1011 TCP Doly Trojan Backdoor 
1095 TCP Rat Backdoor 
1097 TCP Rat Backdoor 
1098 TCP Rat Backdoor 
1099 TCP Rat Backdoor 
1170 TCP Psyber Stream Server, Voice Backdoor 
1234 TCP TCP Ultors Trojan Backdoor 
1243 TCP Sub 7 sends a notfier to a irc server of the hackers choice 'look for connections to irc servers n netsta -a' 
6711 TCP Sub 7 sends a notfier to a irc server of the hackers choice 'look for connections to irc servers n netsta -a' 
6776 TCP Sub 7 sends a notfier to a irc server of the hackers choice 'look for connections to irc servers n netsta -a' 


Be sure to check us out at http://infosec.20m.com
_________________________________________________




On Tue, 13 June 2000, "Mustafa Doğru" wrote:

> 
> 
> 
> I get reports on trial of connection on port 44767 to my personal computer.
> What for is this port?
> Thank u.
> 
> Mustafa Dogru
> Systems Specialist.
> 
> 
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]

   
-------------------------------------------------
Join a North Sky Community Today!
http://communities.northsky.com