The Trojan List

Ports used by trojans (2002-10-15)
The table shows examples of existing trojans and ports being used. The lower ports are often used by trojans that steals password and either mail the passwords to attackers or hide them in FTP-directories. The higher ports are often used by Remote Access trojans that can be reached over the network. If you find probes directed against ports normally not used, it may be someone trying to connect to a trojan inside your network. I hope this list will be of some help for you.

This list was updated 2002-10-15. Please observe that all ports are TCP ports unless so labled.The table have been compiled by Joakim von Braun (von Braun Consultants), who also answers any questions.

Trojan listing alternatives

Trojan list sorted on name
Trojan list sorted on filenames
Trojan list sorted on filesizes
Trojan list sorted on actions
Trojan list sorted on affected systems
Trojan list sorted on origin country
Trojan list sorted on programming language

Default ports used by some known trojan horses:

As the table has not been updated since 2002 it should be used with cation today.

Trojan list sorted on port

---

Please observe that the ports 34555 and 35555 concerns the Windows version of Trinoo, not the Sun version.

This page was last uploaded .

If you have any questions or information about actual trojan attacks or ports used by trojans not listed above, please contact Joakim von Braun at
<joakim.von.braun@risab.se>.

Copyright (c) von Braun Consultants and Simovits Consulting. The above text may be cited provided that the source of the information is acknowledged.


	Ports used by trojans (2002-10-15) The table shows examples of existing trojans and ports being used. The lower ports are often used by trojans that steals password and either mail the passwords to attackers or hide them in FTP-directories. The higher ports are often used by Remote Access trojans that can be reached over the network. If you find probes directed against ports normally not used, it may be someone trying to connect to a trojan inside your network. I hope this list will be of some help for you. This list was updated 2002-10-15. Please observe that all ports are TCP ports unless so labled.The table have been compiled by Joakim von Braun (von Braun Consultants), who also answers any questions. Trojan listing alternatives Trojan list sorted on name Trojan list sorted on filenames Trojan list sorted on filesizes Trojan list sorted on actions Trojan list sorted on affected systems Trojan list sorted on origin country Trojan list sorted on programming language Default ports used by some known trojan horses: As the table has not been updated since 2002 it should be used with cation today. Trojan list sorted on port --- Please observe that the ports 34555 and 35555 concerns the Windows version of Trinoo, not the Sun version. This page was last uploaded . If you have any questions or information about actual trojan attacks or ports used by trojans not listed above, please contact Joakim von Braun at <joakim.von.braun@risab.se>. Copyright (c) von Braun Consultants and Simovits Consulting. The above text may be cited provided that the source of the information is acknowledged.	Nyheter 1999-02 "Trojanlistan"

	Simovits Consulting Internet: <www.simovits.com>