Jump to content











Photo

Dangerous Ports in Computer


  • Please log in to reply
6 replies to this topic

#1 Shirin Zaban

Shirin Zaban

    Frequent Member

  • Tutorial Writer
  • 423 posts
  • Location:Tehran
  • Interests:1_Making Unattended and Customized XP<br /><br />2_Making different types of Bootable and Multiboot CD/DVD<br /><br />3_Like to learn more about grub and grub4DOS
  •  
    Iran

Posted 17 July 2008 - 03:59 PM

=============================================================================
Dangerous Ports in Computer
=============================================================================

Hi

When talking about Computer ports,user should know that there are two kinds of ports in the
computer:

1.The ports that we plug cables over them,or in another word hardware ports,for example we
can say USB Port,Keyboard port and etc...

2.There are locations in computer’s memory that are used by devices or applications to send
or receive data.They are Called Ports too.

There is about 65535 ports of this kind in computers memory and each device or application
may use one (or more) of these locations for its own use.

For example:

port # 110 is used by Common Email program.
port # 666 is used by popular game Doom .
port # 434 is used by Mobile IP
port # 5010 is used by Yahoo! Messenger
port # 80 is used by www-http
port # 12345 is used by Trend Micro antivirus program
port # 412 is used by Direct Connect Client-to-Client

we see that each device or application are using one (or more) of this ports and in standard
applications the port or ports that are used are known.I mean that it is known that witch
port or ports are used by special program or services and else...

Note that some times some programs use the same port or ports.

Viruses and trojans are applications , so they use ports to do their works too.

The trojan writer selects one or more of 65535 ports of computer and try to do his bad attacks.
for example:

Port # 12345 is commonly used by various Trojans such as Netbus.(as a told above this port is
used by Trend Micro antivirus too).

Port # 1080 is used by SubSeven 2.2 and WinHole
Port # 1243 is used by BackDoor-G and SubSeven and Tiles
Port # 3150 is used by Deep Throat and Foreplay and Mini BackLash
Port # 4444 is used by CrackDown and Oracle and Prosiak and Swift Remote
Port # 6776 is used by 2000 Cracks and BackDoor-G and SubSeven and VP Killer


So, all users should have some informations about computer ports,and should check his ports
some times to be award of what is going in his computer.

note:
-------
May be this is useful for you to know:

The Trojan writer writes a program,uses an specific port for his program,then sends that to
our computer.Suppose that his trojan uses port # 1080 to work and he knows our IP address is
for example 178 114 58 210.

Now he can type command below in his command prompt:

Telnet 178.114.58.210 1080

by this command ,he will enter to our computer via port 1080 ,then he can type dangerous
commands to do his work.

So be careful,Be smart and learn befor getting attacked, Allways in regular periods check
your system.

=========================================================================

thats all i can say, hope to be helpful for some one

Have nice times

shirin zaban

#2 amalux

amalux

    Platinum Member

  • Tutorial Writer
  • 2813 posts
  •  
    United States

Posted 17 July 2008 - 05:11 PM

Good info Shirin, thanks!

A good test here will check your 'listening ports' and additional tests and info here. Results should look like this:
Attached File  passed.JPG   155.68KB   155 downloads

#3 Shirin Zaban

Shirin Zaban

    Frequent Member

  • Tutorial Writer
  • 423 posts
  • Location:Tehran
  • Interests:1_Making Unattended and Customized XP<br /><br />2_Making different types of Bootable and Multiboot CD/DVD<br /><br />3_Like to learn more about grub and grub4DOS
  •  
    Iran

Posted 17 July 2008 - 06:31 PM

Good info Shirin, thanks!

A good test here will check your 'listening ports' and additional tests and info here. Results should look like this:
Attached File  passed.JPG   155.68KB   155 downloads

=======================================
Hi Dear amalux

thank you for help

and also i want to add some more to tutorial:

==================================

More details about Computer ports:
------------------------------------

Ports from 0 to 1023 are often called the “well-known port numbers”,(are assigned by ICANN).
These ports include port 80, used by the http protocol for delivering Web pages, port 21
for ftp, port 110 for POP3 email . In these ports we will have little danger.

Ports 1024 to 49151 are called the registered ports, (assigned by ICANN) and are used by
particular programs.be careful in this ports.

ports from 49152 through to 65535 are called dynamic port numbers (or private ports) and can
be used by any program to communicate with any other program.these ports are extremely suspicious.

===================================================

In links below you can find the ports that are used by Trojans,Note that some trojans can
use other ports too.

http://www.chebucto....port-table.html
http://www.sans.org/...aq/oddports.php
http://www.tla.ch/TL...LIO/trojan.html
http://www.linuxsecu...ewall-seen.html
http://www.elfqrin.c...st.html#trojans

===================================================

The Dangerous Ports are not just ports used by trojans.there are other dangerous ports that
are used by some services that some viruses or worms can use them to make security problems.
For example The W32 Blaster Worm used a vulnerability in MS RPC port 135 to compromise a
Windows system.

I think The best way to protect your system is using good firwall,check your ports by assosiated
programs periodically.

Do not forget there is no software that can find all trojans ,worms and other dangerous applications
beacause some of them are new,and some of them use ports that are used by essential services and
programs and....
========================

have nice times

shirin zaban

#4 rawr

rawr

    Frequent Member

  • Advanced user
  • 163 posts

Posted 21 July 2008 - 08:24 PM

many thanx shrin




(big) list of ports commonly used by games/aplications ---> http://www.portforward.com/cports.htm

i often find this site saves me
having to setup to many routers/games
for friends http://www.portforward.com/


for any with a unquenchable thurst for knwolage hear is the full list

enjoy
:cheers:

#5 Shirin Zaban

Shirin Zaban

    Frequent Member

  • Tutorial Writer
  • 423 posts
  • Location:Tehran
  • Interests:1_Making Unattended and Customized XP<br /><br />2_Making different types of Bootable and Multiboot CD/DVD<br /><br />3_Like to learn more about grub and grub4DOS
  •  
    Iran

Posted 21 July 2008 - 08:41 PM

[quote name='rawral' date='Jul 21 2008, 08:24 PM' post='40104']
many thanx shrin


============================

Hi rawral

thanks alot for giving help

have nice times

shirin

#6 Sirquil

Sirquil

    Frequent Member

  • Advanced user
  • 108 posts
  • Location:Indianapolis, Indiana
  •  
    United States

Posted 21 July 2008 - 09:00 PM

Here is a utility from Nirsoft for viewing open TCP/IP and UDP ports:

CurrPorts v1.41
Copyright © 2004 - 2008 Nir Sofer
Web site: http://www.nirsoft.net




http://www.nirsoft.n...ils/cports.html

Works well with VistaPE :cheers:

#7 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10562 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 21 July 2008 - 09:48 PM

WireShark is also very good and free: http://www.wireshark.org

:cheers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users