Trojan Port List

The following is a free Trojan port list that shows UDP/TCP ports, the IANA description, and on what port they operate.

Port	Type	IANA Description	Trojan(s)
2	tcp	Management Utility	Death
20	tcp	File Transfer [Default Data]	Senna Spy FTP server
21	tcp	File Transfer [Control]	Back Construction, Blade Runner, Doly Trojan, Fore, Invisible FTP, Juggernaut 42 , Larva, MotIv FTP, Net Administrator, Senna Spy FTP server, Traitor 21, WebEx, WinCrash
22	tcp	SSH Remote Login Protocol	Shaft
23	tcp	Telnet	Fire HacKer, Tiny Telnet Server - TTS, Truva Atl
25	tcp	Simple Mail Transfer	Ajan, Antigen, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinS
31	tcp	MSG Authentication	Agent 31, Hackers Paradise, Masters Paradise
41	tcp	Graphics	Deep Throat, Foreplay or Reduced Foreplay
48	tcp	Digital Audit Daemon	DRAT
50	tcp	Remote Mail Checking Protocol	DRAT
59	tcp	any private file service	DMSetup
69	tcp	Trivial File Transfer	W32.Evala.Worm
70	tcp	Gopher	W32.Evala.Worm
79	tcp	Finger	CDK, Firehotcker
80	tcp	World Wide Web HTTP	AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero
80	tcp	World Wide Web HTTP	AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero
80	tcp	World Wide Web HTTP	AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero
81	tcp	HOSTS2 Name Server	RemoConChubo
90	tcp	DNSIX Securit Attribute Token Map	Hidden Port 2.0
99	tcp	Metagram Relay	Hidden Port
110	tcp	Post Office Protocol - Version 3	ProMail trojan
113	tcp	Authentication Service	Invisible Identd Deamon, Kazimas
119	tcp	Network News Transfer Protocol	Happy99
121	tcp	Encore Expedited Remote Pro.Call	JammerKillah
123	tcp	Network Time Protocol	Net Controller
133	tcp	Statistics Service	Farnaz
142	tcp	Britton-Lee IDM	NetTaxi
146	tcp	ISO-IP0	Infector
146	udp	ISO-IP0	Infector
170	tcp	Network PostScript	A-trojan
344	tcp	Prospero Data Access Protocol	Backage
420	tcp	SMPTE	Breach
421	tcp	Ariel 2	TCP Wrappers trojan
456	tcp	macon-tcp	Hackers Paradise
513	tcp	remote login a la telnet;	Grlogin
514	tcp	cmd	RPC Backdoor
531	tcp	chat	Rasmin
555	tcp		Ini-Killer , Net Administrator, Phase Zero, Phase-0, Stealth Spy
605	tcp	SOAP over BEEP	Secret Service
666	tcp	doom Id Software	Attack FTP, Back Construction, Cain & Abel, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre
667	tcp	campaign contribution disclosures - SDR Technologies	SniperNet
669	tcp	MeRegister	DP trojan
692	tcp	Hyperwave-ISP	GayOL
777	tcp	Multiling HTTP	AimSpy, Undetected
911	tcp	xact-backup	Dark Shadow
999	tcp		Deep Throat, Foreplay or Reduced Foreplay, WinSatan
1000	tcp		Der Späher / Der Spaeher
1010	tcp	surf	Doly Trojan
1024	tcp	Reserved	NetSpy
1025	udp	network blackjack	Maverick's Matrix 1.2 - 2.0
1045	tcp	Fingerprint Image Transfer Protocol	Rasmin
1049	tcp	Tobit David Postman VPMN	/sbin/initd
1050	tcp	CORBA Management Agent	MiniCommand
1054	tcp	BRVREAD	AckCmd
1080	tcp	Socks	WinHole
1081	tcp	PVUNIWIEN	WinHole
1082	tcp	AMT-ESD-PROT	WinHole
1083	tcp	Anasoft License Manager	WinHole
1090	tcp	FF Fieldbus Message Specification	Xtreme
1095	tcp	NICELink	Remote Administration Tool - RAT
1097	tcp	Sun Cluster Manager	Remote Administration Tool - RAT
1098	tcp	RMI Activation	Remote Administration Tool - RAT
1099	tcp	RMI Registry	Blood Fest Evolution, Remote Administration Tool - RAT
1200	udp	SCOL	NoBackO
1201	udp	Nucleus Sand	NoBackO
1207	tcp	MetaSage	SoftWAR
1212	tcp	lupa	Kaos
1234	tcp	Infoseek Search Agent	Ultors Trojan
1243	tcp	SerialGateway	BackDoor-G, SubSeven , SubSeven Apocalypse, Tiles
1245	tcp	isbconference2	VooDoo Doll
1255	tcp	de-cache-query	Scarab
1256	tcp	de-server	Project nEXT
1269	tcp	WATiLaPP	Matrix
1313	tcp	BMC_PATROLDB	NETrojan
1338	tcp	WMC-log-svr	Millenium Worm
1349	tcp	Registration Network Protocol	Bo dll
1349	udp	Registration Network Protocol	BackOrifice DLL Comm
1492	tcp	stone-design-1	FTP99CMP
1524	tcp	ingres	Trinoo
1600	tcp		Shivka-Burka
1777	tcp	powerguardian	Scarab
1807	tcp	Fujitsu Hot Standby Protocol	SpySender
1966	tcp	Slush	Fake FTP
1969	tcp	LIPSinc 1	OpC BO
1981	tcp	p2pQ	Bowl, Shockrave
1999	tcp	cisco identification port	Back Door, TransScout
2000	tcp	Cisco SCCP	Der Späher / Der Spaeher, Insane Network
2001	tcp		Der Späher / Der Spaeher, Trojan Cow
2023	tcp		Ripper Pro
2080	tcp	Autodesk NLM (FLEXlm)	WinHole
2115	tcp	Key Distribution Manager	Bugs
2140	tcp	IAS-REG	The Invasor
2140	udp	IAS-REG	Deep Throat, Foreplay or Reduced Foreplay
2300	tcp	CVMMON	Xplorer
2339	tcp	3Com WebView	Voice Spy - OBS!!! namnen har bytt plats
2339	udp	3Com WebView	Voice Spy - OBS!!! namnen har bytt plats
2345	tcp	dbm	Doly Trojan
2565	tcp	Coordinator Server	Striker trojan
2583	tcp	MON	WinCrash
2600	tcp	HPSTGMGR	Digital RootBeer
2716	tcp	Inova IP Disco	The Prayer
2773	tcp	RBackup Remote Backup	SubSeven , SubSeven 2.1 Gold
2801	tcp	IGCP	Phineas Phucker
2989	udp	ZARKOV	Remote Administration Tool - RAT
3000	tcp	HBCI	Remote Shut
3024	tcp	NDS_SSO	WinCrash
3128	tcp	Active API Server Port	RingZero
3129	tcp	NetPort Discovery Port	Masters Paradise
3150	tcp	NetMike Assessor Administrator	The Invasor
3150	udp	NetMike Assessor Administrator	Deep Throat, Foreplay or Reduced Foreplay
3456	tcp	VAT default data	Terror trojan, Backdoor.Fearic
3456	udp	VAT default data	Backdoor.Fearic
3459	tcp	TIP Integral	Eclipse 2000, Sanctuary
3700	tcp	LRS NetPage	Portal of Doom - POD, Horse
4000	tcp	Terabase	Skydance
4321	tcp	Remote Who Is	BoBo
4444	tcp	KRB524	Prosiak, Swift Remote
4567	tcp	TRAM	File Nail
5000	tcp		Back Door Setup, Blazer5, Bubbel, ICKiller, Sockets des Troie
5001	tcp		Back Door Setup, Sockets des Troie
5002	tcp	radio free ethernet	cd00r, Shaft
5010	tcp	TelepathStart	Solo
5011	tcp	TelepathAttack	One of the Last Trojans - OOTLT, One of the Last Trojans - OOTLT, modified
5025	tcp	SCPI-RAW	WM Remote KeyLogger
5152	tcp	ESRI SDE Instance Discovery	Backdoor.laphex.client
5400	tcp	Excerpt Search	Back Construction, Blade Runner
5401	tcp	Excerpt Search Secure	Back Construction, Blade Runner
5402	tcp	MFTP	Back Construction, Blade Runner
5503	udp	fcp-srvr-inst2	Remote Shell Trojan
5555	tcp	Personal Agent	ServeMe
5566	tcp	UDPPlus	BO Facil
5742	tcp	IDA Discover Port 2	5742 WinCrash
6112	tcp	dtspcd	Battle.net Game (not a trojan)
6112	udp	dtspcd	Battle.net Game (not a trojan)
7000	tcp	file server itself	Exploit Translation Server, Kazimas, Remote Grab, SubSeven 2.1 Gold
7001	tcp	callbacks to cache managers	Freak88
7777	tcp	cbt	Tini
8080	tcp	HTTP Alternate (see port 80)	Brown Orifice , RemoConChubo, RingZero
8888	tcp	NewsEDGE server TCP (TCP 1)	W32.Axatak
8889	tcp	Desktop Data TCP 1	W32.Axatak
9000	tcp	CSlistener	Netministrator
9875	tcp	Session Announcement v1	Portal of Doom - POD
9876	tcp	Session Director	Cyber Attacker, Rux
9999	tcp	distinct	The Prayer
10008	tcp	Octopus Multiplexer	Cheese worm
10101	tcp	eZmeeting	BrainSpy
11000	tcp	IRISA	Senna Spy Trojan Generator
12345	tcp	Italk Chat System	cron / crontab, Fat Bitch trojan, GabanBus, icmp_pipe.c, Mypic , NetBus , NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill
20000	tcp	DNP	Millenium
30001	tcp	Pago Services 1	ErrOr32
32770	tcp	Filenet NCH	Trinity

Tell a Friend

14-Day Free Trial

Evaluate SiteRecon website monitoring service and remote server monitoring by signing up for a 14 day free trial of our Premium Plan!

What's New

9/29/2007
Ability added for round-robin emails to be sent from Webmaster email address to comply with different organizational security policies.

5/29/2007
DNS server monitoring has now been added as a commercial SiteRecon service! Now you can verify all of your DNS servers are operational using service checks and reverse lookups.

5/28/2007
Performance statistics added for SMTP server monitoring.

Baseline Statistics

View baseline reports

Search

Free Tools

Port Assignments

Web2Pin (Blackberry PIN msg)

Resources

Link to Us • Site Map • Webmaster Resources
Copyright © 2002 - 2007 Information Solutions, Inc. • SiteRecon™, LifeguardEOC™, and Web2Pin™ are trademarks of Information Solutions, Inc.