|
Virus Alerts
Current Updates
Date: Mon, Oct. 25, 1999.
Subject: virus alert:
Budweiser Frogs
Date: November-10-1999
Subject: virus alert.
Bubbleboy.
Thread worm virus.
Subject: virus alert:
Mellissa virus.
Thread worm virus.
Subject: virus alert:
Netbus
Back orrifice variant
Subject: virus alert.
Masters Paradise
Back orrifice variant
Subject: virus alert:
Girlfriend
Back orrifice variant
Subject: virus alert.
Promise Software.
Subject: virus alert.
Explore.zip virus.
Subject: virus alert:
Chernobyl virus.
Subject: virus alert.
Back Orrifice trojan.
Port Security
Safeguards
Security
|
Welcome
This Site will attempt to keep up with new inovations and updates of current computer virus information.
There are more than 10,000 new and variations of computer virus written a month.
Please Note:
* Win 95 or Win 98: adding too many ports to scan for your scanner and operating system and machine, may cause certain problems (*about* 20 or 25, depending on your system).
* If running Win NT. (up to 50 ports)
In any event there are too many ports for operating systems, scanners and domestic machines to scan and monitor at the same time or even close.
| Port
1 |
Protocol |
Trojan Information |
NN 2.9b-def |
| 0 |
ICMP |
Click attack |
Yes |
| 19 |
UDP |
Chargen |
Yes |
| 21 |
TCP |
Detects if someone is trying to FTP to you. |
No |
| 23 |
TCP |
Detects if someone is trying to Telnet to you. |
No |
| 25 * |
TCP |
Several trojans use this port. |
No |
| 31 * |
TCP |
Agent 31, Hacker's Paradise, Master's Paradise |
No |
| 41 * |
TCP |
Deep Throat |
No |
| 53 |
TCP |
DNS |
Yes |
| 58 * |
TCP |
DM Setup |
No |
| 80 * |
TCP |
Executor |
No |
| 110 * |
TCP |
ProMail Trojan |
No |
| 121 * |
TCP |
Jammer Killah |
No |
| 129 |
TCP |
Password Generator Protocol |
Yes |
| 137 |
TCP |
Netbios name (DoS attacks) |
Yes |
| 138 |
TCP |
Netbios datagram (DoS attacks) |
Yes |
| 139 |
TCP |
Netbios session (DoS attacks) |
Yes |
| 456 * |
TCP |
Hacker's Paradise |
No |
| 555 |
TCP |
Stealth Spy, Phaze |
No |
| 666 |
TCP |
Attack FTP |
No |
| 1001 * |
TCP |
Silencer, WebEx |
No |
| 1011 * |
TCP |
Doly Trojan |
No |
| 1012 * |
TCP |
Doly Trojan |
No |
| 1024 * |
TCP |
NetSpy |
No |
| 1027 |
TCP |
ICQ |
Yes |
| 1029 |
TCP |
ICQ |
Yes |
| 1032 |
TCP |
ICQ |
Yes |
| 1080 |
TCP |
Used to detect Wingate sniffers. |
Yes |
| 1170 * |
TCP |
Voice Streaming Audio |
No |
| 1243 |
TCP |
Sub Seven |
No |
| 1245 * |
TCP |
VooDoo Doll |
No |
| 1492 * |
TCP |
FTP99CMP |
No |
| 1981 |
TCP |
Shockrave |
No |
| 1999 * |
TCP |
BackDoor |
No |
| 2001 * |
TCP |
Trojan Cow |
No |
| 2023 * |
TCP |
Ripper |
No |
| 2115 * |
TCP |
Bugs |
No |
| 2140 * |
TCP |
Deep Throat |
No |
| 2140 |
UDP |
Deep Throat |
No |
| 2565 * |
TCP |
Striker |
No |
| 2583 * |
TCP |
WinCrash |
No |
| 2801 * |
TCP |
Phineas Phucker |
No |
| 2989 |
UDP |
Rat |
No |
| 3024 * |
TCP |
WinCrash |
No |
| 3129 * |
TCP |
Master's Paradise |
No |
| 3150 * |
TCP |
Deep Throat |
No |
| 3150 |
UDP |
Deep Throat |
No |
| 3389 3 * |
TCP |
See footnote 3 at the bottom of this table. |
No |
| 3700 * |
TCP |
Portal of Doom |
No |
| 4092 * |
TCP |
WinCrash |
No |
| 4590 * |
TCP |
ICQ Trojan |
No |
| 5000 2 |
TCP |
Detects & blocks Sokets de Trois v1. |
Yes |
| 5001 |
TCP |
Detects & blocks Sokets de Trois v1. |
Yes |
| 5400 * |
TCP |
Blade Runner |
No |
| 5401 * |
TCP |
Blade Runner |
No |
| 5402 * |
TCP |
Blade Runner |
No |
| 5569 * |
TCP |
Robo-Hack |
No |
| 5742 * |
TCP |
WinCrash |
No |
| 6400 * |
TCP |
The Thing |
No |
| 6670 * |
TCP |
Deep Throat |
No |
| 6711 |
TCP |
Sub Seven |
No |
| 6712 * |
TCP |
Sub Seven |
No |
| 6713 * |
TCP |
Sub Seven |
No |
| 6771 * |
TCP |
Deep Throat |
No |
| 6776 |
TCP |
Sub Seven |
No |
| 6939 * |
TCP |
Indoctrination |
No |
| 6969 |
TCP |
Gate Crasher, Priority |
No |
| 6970 * |
TCP |
Gate Crasher |
No |
| 7000 * |
TCP |
Remote Grab |
No |
| 7300 |
TCP |
Net Monitor |
No |
| 7301 |
TCP |
Net Monitor |
No |
| 7306 * |
TCP |
Net Monitor |
No |
| 7307 * |
TCP |
Net Monitor |
No |
| 7308 * |
TCP |
Net Monitor |
No |
| 7789 * |
TCP |
ICKiller |
No |
| 9872 * |
TCP |
Portal of Doom |
No |
| 9873 * |
TCP |
Portal of Doom |
No |
| 9874 * |
TCP |
Portal of Doom |
No |
| 9875 * |
TCP |
Portal of Doom |
No |
| 9989 * |
TCP |
iNi-Killer |
No |
| 10067 * |
TCP |
Portal of Doom |
No |
| 10067 |
UDP |
Portal of Doom |
No |
| 10167 * |
TCP |
Portal of Doom |
No |
| 10167 |
UDP |
Portal of Doom |
No |
| 10520 * |
TCP |
Acid Shivers |
No |
| 10607 * |
TCP |
Coma |
No |
| 11000 * |
TCP |
Senna Spy |
No |
| 11223 * |
TCP |
Progenic Trojan |
No |
| 12076 |
TCP |
GJamer |
No |
| 12223 * |
TCP |
Hack'99, KeyLogger |
No |
| 12345 |
TCP |
Netbus, Ultor's Telnet Trojan |
No |
| 12346 |
TCP |
Netbus |
No |
| 12456 * |
TCP |
NetBus |
No |
| 13000 * |
TCP |
Senna Spy |
No |
| 16969 * |
TCP |
Priority |
No |
| 20000 |
TCP |
Millennium |
No |
| 20001 |
TCP |
Millennium |
No |
| 20034 * |
TCP |
NetBus 2 Pro |
No |
| 21554 |
TCP |
GirlFriend |
No |
| 22222 * |
TCP |
Prosiak |
No |
| 23456 |
TCP |
EvilFTP, UglyFTP |
No |
| 26274 * |
TCP |
Delta Source |
No |
| 26274 * |
UDP |
Delta Source |
No |
| 29891 * |
TCP |
The Unexplained |
No |
| 30100 |
TCP |
NetSphere |
No |
| 30101 * |
TCP |
NetSphere |
No |
| 30102 |
TCP |
NetSphere |
No |
| 30303 * |
TCP |
Sockets de Troie |
No |
| 31337 |
UDP |
Backorifice (BO) |
No |
| 31337 |
TCP |
Netpatch |
No |
| 31338 * |
TCP |
NetSpy DK |
No |
| 31338 |
UDP |
Deep BO |
No |
| 31339 * |
TCP |
NetSpy DK |
No |
| 31785 |
TCP |
Hack'a'Tack |
No |
| 31789 |
UDP |
Hack'a'Tack |
No |
| 31791 |
UDP |
Hack'a'Tack |
No |
| 33333 * |
TCP |
Prosiak |
No |
| 40421 |
TCP |
Master's Paradise - Hacked |
No |
| 40412 * |
TCP |
The Spy |
No |
| 40422 |
TCP |
Master's Paradise - Hacked |
No |
| 40423 |
TCP |
Master's Paradise - Hacked |
No |
| 40425 |
TCP |
Master's Paradise - Hacked |
No |
| 40426 * |
TCP |
Master's Paradise |
No |
| 47252 * |
TCP |
Delta Source |
No |
| 47262 * |
UDP |
Delta Source |
No |
| 50505 |
TCP |
Detects & blocks Sokets de Trois v2. |
No |
| 50776 * |
TCP |
Fore |
No |
| 53001 * |
TCP |
Remote Windows Shutdown |
No |
| 54320 |
TCP |
Back Orifice 2000 |
No |
| 54320 * |
UDP |
Back Orifice |
No |
| 54321 * |
TCP |
School Bus, Back Orifice |
No |
| 54321 |
UDP |
Back Orifice 2000 |
No |
| 60000 * |
TCP |
Deep Throat |
No |
| 61466 * |
TCP |
Telecommando |
No |
| 65000 |
TCP |
Devil |
No |
These are ports from 0 - 65000
Of course, unfortunately, this list does not cover all the porting security problems.
65000 - 655335 is not expanded upon on this list.
Port numbers are divided into 3 ranges or categories:
1) Well Known Ports (assigned), 2) Registered Ports, 3) Dynamic and/or Private Ports.
Well Known Ports are from 0 through 1023.
The assigned ports use a small portion of the possible port numbers. For many years the assigned ports were in the range 0-255. Recently, the range for assigned ports managed by the IANA has been expanded to the range 0-1023.
Registered Ports are from 1024 through 49151
Dynamic and/or Private Ports are those from 49152 through 65535
This list does not address registered ports, dynamic/private ports and capabilities of these services.
This list does not address ports from 65535 - ...
There are other porting security problem possibilities depending on the opponent programmers knowledge, capabilities and techniques utilised and techniques used (by both partys).
|
1 |
Win 95, Win 98: adding too many ports to scan may cause certain problems. (slow or no system resources)(20-25 max)
Win NT possibly scans up to 50 ports successfully.
|
| 2 |
Problems connecting to IRC servers, remove port 5000. |
|
3 |
Win NT is vulnerable to Terminal Server Attack through port 3389 (tcp).
Denial of service attack affects CPU/GDI Resources and eventually and can crash the system network or machine.
Affects Win NT Workstation and Server.
Use post service pack 5 patch to fix it. (MS)
|
These attempts at security options don't consider higher more advanced technologies or trains of thought than these considered by most Network Administrators, Engineers or Management.
Newer Infra Red (IR) and Radio Frequency (RF) technology possibilities may make the mind boggle for security answers.
For more information or if you have questions about content please e-mail Koalas Internet Security.
Virus Alert Reference Index
|
