Service on internet is accessed from certain port. At any IP address
there is port from 0 – 65535 which can be activated. This port has a
logic function (not physic function as physic port or parallel port on
our computer), but just like physic port it use to access some certain
services on internet.
Common used port:
- Port 21 FTP (file transfer protocol)
- Port 22 SSH (Secure Shell)
- Port 23 Telnet
- Port 25 SMTP (Simple Mail Transfer Protocol)
- Port 80 HTTP (Hypertext Transfer Protocol)
- Port 110 POP3 (Post Office Protocol, version 3)
- Port 119 NNTP (Network News Transfer Protocol)
- Port 139 NetBIOS session service
- Port 143 IMAP (Internet Message Access Protocol)
- Port 194 IRC (Internet Relay Chat Protocol)
If we access some port then ports above will be used, depending on
the service. If we browsing, so we access port 80. If we read an email,
so the used port is 110. Sending email using port 25. Web email using
port 143. Read newsgroup from ISP using 119, and chatting using port
194, etc.
And for our computer which opened the service, it should be there is
not much port opened, commonly just 25, 110, and 139 (Assume using
Windows 9x/ME which open port 139). Especially we need to pay attention
to port 139, because it can be a hole for hacker to attack our Windows
9x/ME computer. If there is any ports opened, so just pay attention for
it. Such if port 21 opened, have we ever install FTP server program and
Is the program running now? Also if port 23 opened, are we using telnet
service? It causes this port is uncommonly opened on computer which
just using for access internet (not giving service to another computer).
To detect what port are opened now we can using port scanner such SuperScan or UltraScan and scan our
local IP address (127.0.0.1).
local IP address (127.0.0.1).
Like we see above, there are 4 port opened. Port 25 and Port 110 are
common used, but what about port 1005 and 1025, what kind of port are
they? By searching the information from internet suing search engine
(such Google, www.google.com)
so we have information that port 1005 is a Theef Trojan and port 1025
is a Network Blackjack. What kind of port are they, where are they come
from? Port 1005 probably unintentionally open port when download some
program, running it and Trojan Theef is activated silently then open
the port and make our computer being server for attacker who has the
remote! And also port 1025 it seem opened while browsing some gamble
site on internet. To learning more about port (which one is dangerous
or not), you can find here http://www.glocksoft.com/trojan_port.htm
Below are some popular Trojan horse port:
Back Orifice/Back Orifice 2000 54320, 54321
NetBus 1.60, 1.70 12345
NetBusPro 2.01 20003
SubSeven 27374
Back Orifice/Back Orifice 2000 54320, 54321
NetBus 1.60, 1.70 12345
NetBusPro 2.01 20003
SubSeven 27374
0 comments:
Post a Comment