Use Your Browser's   BACK   Button to Leave this Page

Other Sites with related tables (many were the source for this one):
Standard Port Usage list (any system):
http://www.isi.edu/in-notes/iana/assignments/port-numbers
http://www.thornberg.com/firewall/rfc1700.htm
List of Linux port/trojan attack points:
http://www.linux-firewall-tools.com/linux/ports.html
Trojan Port Lists and Information (Windows Oriented):
http://www.simovits.com/nyheter9902.html
http://www.sys-security.com/html/papers/trojan_list.html
http://www.commodon.com/threat/threat-ports.htm
http://www.robertgraham.com/pubs/firewall-seen.html
http://www.robertgraham.com/pubs/firewall-seen.html#1.4
http://www.robertgraham.com/pubs/firewall-seen.html#2.0
http://www.netice.com/Advice/Exploits/Ports/default.htm
Could this be a Hoax?
Virus and Trojan Myth Information
Hoax Busters Site
Kahl Site
Snopes Hoax Info Site
F-Secure Hoax Information
This list was built from several sources from various Internet Security oriented sites.  It is not a complete list, but does list over 400 ports that are known to be used by various Trojans.  The table is oriented toward attacks of Windows based systems.  Where a Transport entry is "???" it means that either the source did not specify the type of transport, or it could be either TCP or UDP.

If it is not in this list, try the "Less Suspect" List - Has Ports Used by Games, Utilities such as Napster, Gnutella, etc. Listed: Less Suspect Port List

Port Transport Potential Attack
0 ICMP Possible Click attack - If source was also port zero.
1 ??? Possible Bonk Attack, or Ping of Death.
2 TCP Possible Death Trojan use or Land Attack.
3 TCP Possible SynDrop attack.
5 ICMP Possible Incoming Routing Redirect Bomb.
7 UDP Possible fraggle attack attempt.
8 ICMP Possible Ping Attack - Incoming Ping.
9 UDP Possible Chargen Attack
19 UDP Possible Chargen Attack
20 TCP Possible Senna Spy FTP server seek.
21 TCP Seeking open anonymous FTP Port - No FTP server in use! Also Possible attack from: Back Construction, Blade Runner, Doly Trojan, Fore, Invisible FTP, Juggernaut 42 , Larva, MotIv FTP, Near Tear, Net Administrator, Senna Spy FTP server, Traitor 21, WebEx, WinCrash,FTP trojan,MBT
22 TCP Possible ssh exploitation - possibly accidental hit or SHAFT.
23 TCP Possibly looking for Unix Login, Possible TELNET service attack or Fire HacKer, Tiny Telnet Server - TTS, Truva Atl.
25 TCP Attack from any one of several Trojans: Ajan, Antigen, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy,Aji,Happy 99,Kuang 2,Shtrilitz
31 TCP Possible Agent 31 or Hackers Paradise Attack or Masters Paradise.
41 TCP Possible Deepthroat Trojan or Foreplay or Reduced Foreplay
48 TCP Possible DRAT attack.
50 TCP Possible DRAT attack.
53 TCP Possible DNS Spoof Attempt.
58 TCP Possible DM Setup attack.
59 TCP Possible DMSetup attack.
69 UDP Listening port for MS Blaster.
79 TCP Improper Finger port use. Firehotcker attack or Possible attack from CDK.
80 TCP Possible attack from any one of: AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero
81 TCP Possible attempt using RemoConChubo Trojan.
99 TCP Possible Hidden Port v2.0 attack.
110 TCP Possible ProMail Trojan attack
111 ??? Possibly Looking for Sun RPC PortMapper/RPCBIND.
113 TCP Possible Invisible Identd Deamon or Kazimas attack.
119 TCP Possible Happy99 Trojan attack.,Happy 99
121 TCP Possible JammerKillah Trojan attack.,BO jammerkillahV
123 TCP Possible Net Controller Trojan attack.
129 TCP Password Generator Protocol attack.
133 TCP Possible Farnaz Trojan attack.,146,Infector
135 ??? Possible DCOM/MSBlast exploitation attack; Netbios RPC attack.
137 ??? Possible Netbios name (DoS attacks).
139 ??? Possibly attempting to exploit Windows File and Print Sharing.
142 TCP Possible NetTaxi Trojan Attack.
146 TCP Possible Infector v1.3 attack.
170 TCP Possible A-trojan Trojan attack.
173 TCP Possible Nestea attack.
334 TCP Possible Backage Trojan attack.
420 TCP Possible Breach Trojan attack.
421 TCP Possible TCP Wrappers attack.
456 TCP Possible Hackers Paradise attack
512 Linux Possible Attempted Linux System Attack - Port for Intranet Use.
513 TCP Possible Grlogin Trojan attack.
514 TCP Possible RPC Backdoor Trojan attack.
515 Linux Possible Attempted Linux System Attack - Port for Intranet Use.
517 Linux Possible Attempted Linux System Attack - Port for Intranet Use.
518 Linux Possible Attempted Linux System Attack - Port for Intranet Use.
520 Linux Possible Attempted Linux System Attack - 'routed'
531 TCP Possible Rasmin attack.
540 Linux Possible Attempted Linux System Attack - 'famous' file transfer protocol uucp.
555 TCP Possible Stealth Spy or Ini-Killer , Net Administrator, Phase Zero, Phase-0 attack.,Phase0,NeTAdministrator
605 TCP Possible Secret Service Trojan attack.
606 ??? Secret Service
635 ??? Possible attack looking for Linux systems.
666 TCP Possible attack by any of: Attack FTP, Back Construction, Cain & Abel, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre.,Satanz Backdoor,ServeU
667 TCP Possible SniperNet Trojan attack.
669 TCP Possible DP trojan attack.
692 TCP Possible GayOL trojan attack.
777 TCP Possible attack by AimSpy trojan or the Undetected trojan.,Aim Spy
808 TCP Possible attack by WinHole trojan.
911 TCP Possible Dark Shadow attack
999 ??? Possible Deepthroat Trojan or Foreplay or Reduced Foreplay, WinSatan attack.
1000 TCP Possible Der Spaeher attack.,Der Spacher 3
1001 TCP Possible Sliencer or WebEx attack or Le Guardien or Der Spaeher attack.,Silencer,Der Spacher 3
1010 ??? Possible Doly Trojan
1011 ??? Possible Doly Trojan.
1012 ??? Possible Doly Trojan.
1015 TCP Possible Doly Trojan.
1016 TCP Possible Doly Trojan.
1020 TCP Possible Vampire trojan attack.
1024 TCP Possible NetSpy attack. Possible Attack on Voice Streaming Audio
1025 UDP Possible Mavericks Matrix attack.
1027 TCP Possible ICQ Trojan attack.
1029 TCP Possible ICQ Trojan attack.
1032 TCP Possible ICQ Trojan attack.
1033 TCP Possible ICQ Trojan attack.,Netspy
1042 TCP Possible Rasmin attack or BLA trojan attack.
1045 TCP Possible Rasmin attack
1049 ??? Possibly seeking a Linux system with known Trojan (/sbin/initd)
1050 TCP Possible MiniCommand attack.
1054 TCP Possible AckCmd attack.
1080 TCP Possible Attack on Socks/Wingate (WinHole trojan) or Seeking Win32:BugBear-B or MyDoom.F - popular port!
1081 TCP Possible Attack on Socks/Wingate (WinHole trojan)
1082 TCP Possible Attack on Socks/Wingate (WinHole trojan)
1083 TCP Possible Attack on Socks/Wingate (WinHole trojan)
1090 TCP Possible Xtreme attack
1095 TCP Possible Remote Administration Tool - RAT attack.
1097 TCP Possible Remote Administration Tool - RAT attack.
1098 TCP Possible Remote Administration Tool - RAT attack.
1099 TCP Possible Blood Fest Evolution or Remote Administration Tool - RAT attack,BFevolution
1114 Linux Possible Attempted Linux System Attack - part of an sscan signature
1170 TCP Possible Attack on Voice Streaming Audio,Psyber Stream Server,Streaming Audio Trojan
1200 UDP Possible NoBack0 attack.,NoBackO
1201 UDP Possible NoBack0 attack.,NoBackO
1207 TCP Possible SoftWar attack
1212 TCP Possible Kaos trojan attack.
1225 ??? Possible Scarab
1234 TCP Possible Ultors Trojan attack
1243 TCP Possible Sub-7 Trojan - default connection port. Also used by BackDoor-G, SubSeven , SubSeven Apocalypse, and Tiles
1245 TCP Possible VooDoo Doll attack,GabanBus,NetBus,Vodoo
1255 TCP Possible Scarab trojan attack.
1256 TCP Possible Project nEXT attempted attack.
1257 TCP Possible Sub Seven v2.1 attack
1269 TCP Possible Mavericks Matrix attack
1313 TCP Possible NETrojan trojan attack.
1338 TCP Possible Millenium Worm attack.
1349 UDP Possible BackOrifice used port,BO DLL
1394 TCP Possible Gofriller or BackDoor attack
1433 TCP Possible SQLsnake attempt to find unprotected MS SQL Server in operation.
1492 TCP Possible FTP99CMP Trojan attack
1509 TCP Possible Psyber Streaming Server
1524 ??? Possibly attempting an attack at a Sun system (Possible Trinoo trojan attack)
1525 ??? Prospero and Archie services run on this port.
1600 TCP Possible Shivka-Burka attack,Shiva Burka
1777 TCP Possible Scarab trojan attack.
1807 TCP Possible SpySender attack
1966 TCP Possible Fake FTP trojan attack.
1969 TCP Possible OpC BackOrifice attack.,OpC BO
1981 TCP Possible Bowl or Shockrave trojan attack.
1999 TCP Possible BackDoor Trojan or TransScout trojan attack.
2000 ??? Remote Explorer/CallBook or Der Spaeher or Insane Network trojans.,Der Spaeher 3,TransScout
2001 TCP Possible Der Spaeher or Insane Network trojans.,Trojan Cow,TrojanCow,Der Spaeher 3,TransScout
2002 ??? Possible TransScout
2003 ??? Possible TransScout
2004 ??? Possible TransScout
2005 TCP Possible Unspecified Trojan attack,TransScout
2023 TCP Possible attack by Dialup Ripper or Ripper Pro to obtain dial-up passwords.,Pass Ripper
2049 Linux Possible Attempted Linux System Attack - remote filesystem access
2080 TCP Possible Attack on Socks/Wingate (WinHole trojan)
2086 TCP Possible Netscape/Corba exploit attempt
2115 TCP Possible Bugs attack
2140 ??? Possible Deepthroat Trojan or The Invasor trojan.,Deep Throat,Deep Throat|The Invasor
2155 ??? Possible illusion Mailer attack.
2255 TCP Possible Nirvana trojan attack.
2283 TCP Possible Unknown Trojan attack or Hvl RAT.,HVL Rat5
2300 TCP Possible Xplorer trojan attack.
2339 ??? Possible Voice Spy - OBS!!! namnen har bytt plats attack.
2345 TCP Possible Doly Trojan attack.
2565 TCP Possible Striker Trojan attack!!
2583 ??? Possible Unknown Trojan attack/WinCrash,Wincrash2
2600 TCP Possible Digital RootBeer trojan attack.
2716 TCP Possible The Prayer v1.2 or v1.3
2721 TCP Possible Phase Zero attack
2745 TCP Possible Bagel Variant NAI: W32/Bagel.c@mm
2772 TCP Possible Sub-7 Trojan - Screen Capture Port.
2773 TCP Possible Sub-7 Trojan - Key Logger Port.,SubSeven
2801 TCP Possible Phineas Phucker attack
2989 UDP Possible Rat attack
3000 TCP Possible Remote Shut trojan attack.,Remote Shutdown
3024 TCP Possible WinCrash attack
3127 TCP Possible MyDoom.A Infection.
3128 ??? Possible squid HTTP Proxy server scan.,RingZero
3129 TCP Possible Masters Paradise attack
3150 TCP Possible Deepthroat Trojan or The Invasor or Foreplay or Reduced Foreplay attack.,Deep Throat
3456 TCP Possible Terror trojan attack.,Teror Trojan
3459 TCP Possible Eclipse 2000 or Sanctuary trojan attack.
3587 ??? Possible Sh*tHead Trojan attack
3700 TCP Possible Portal of Doom attack
3791 TCP Possible Total Solar Eclypse trojan attack.
3801 TCP Possible Total Solar Eclypse trojan attack.
4000 TCP Possible Skydance trojan attack. Possible Attack on Voice Streaming Audio
4092 TCP Possible WinCrash attack
4242 TCP Possible Virtual Hacking Machine (VHM) trojan attack.
4321 TCP Possible SchoolBus attack or BoBo attack.
4444 TCP Possible Prosiak or Swift Remote trojan attack. Listening port for MS Blast.
4567 TCP Possible File Nail attack or BackDoor-IW.
4590 TCP Possible ICQ Trojan attack,ICQTrojan
4950 TCP Possible Unknown trojan attack or ICQ trojan attack.,IcqTrojen,IcqTrojan
5000 TCP Possible attack from Sokets de Trois v1 or Back Door Setup, Blazer5, Bubbel, ICKiller.,Sockets de Troie
5001 TCP Possible attack from Sokets de Trois v1 or Back Door Setup,Sockets de Troie 1.x
5002 TCP Possible cd00r or Shaft trojan attack.
5010 ??? Possible attack by Team Asylum (DOS attack). Possible Solo attack.
5011 TCP Possible OOTLT attack,One of the Last Trojans (OOTLT)
5025 TCP Possible WM Remote KeyLogger trojan attack.
5031 TCP Possible Net Metropolitan attack
5032 TCP Possible Net Metropolitan attack
5321 TCP Possible Firehotcker attack
5343 ??? Possible wCrat
5400 TCP Possible Blade Runner - default port also Back Construction trojan use.,BladeRunner
5401 TCP Possible Blade Runner attack also Back Construction trojan use.,Blade Runner 1.x
5402 TCP Possible Blade Runner attack also Back Construction trojan use.,Blade Runner 2.x
5501 UDP suspected port for unanalyzed trojan
5512 TCP Possible Illusion Mailer trojan attack.
5521 TCP Possible Illusion Mailer attack
5550 TCP Possible X-TCP Trojan attack,Xtcp
5555 TCP Possible ServeMe attack
5556 TCP Possible BackOrifice used port,BO Facil
5557 TCP Possible BackOrifice used port,BO Facil
5569 TCP Possible Robo-Hack attack,RoboHack
5631 ??? Possible Attempted PCanywhere exploitation.
5632 ??? Possible Attempted PCanywhere exploitation.
5637 TCP Possible PC Crasher trojan attack.
5638 TCP Possible PC Crasher trojan attack.
5666 TCP Possible PC Crasher - default port
5742 TCP Possible WinCrash - default port
5760 TCP Trying to use Portmap Remote Root Linux Exploit trojan.
5882 UDP Possible Y3K RAT trojan attack.
5888 TCP Possible Y3K RAT trojan attack.
6000 TCP Possible The Thing trojan attack.
6006 ??? Possible The Thing
6272 TCP Possible Secret Service trojan attack.
6400 TCP Possible The Thing - default port
6666 TCP Possible Dark Connection Inside trojan or NetBus worm.
6667 TCP Possible Sub-7 v2.1 - new ICQ port also used by ScheduleAgent, Trinity, WinSatan.,Schedule Agent
6669 TCP Possible ScheduleAgent, Trinit or WinSatan trojan attack.,Host Control,Vampyre
6670 TCP Possible Deepthroat Trojan - a preferred port also used by BackWeb Server, Foreplay or Reduced Foreplay, WinNuke eXtreame
6671 ??? Possible Deepthroat Trojan
6711 TCP Possible Sub-7 Trojan or BackDoor-G, SubSeven , VP Killer.
6712 TCP Possible Sub-7 Trojan or Funny trojan.,SubSeven
6713 TCP Possible Sub-7 Trojan,SubSeven
6723 TCP Possible Mstream (attacker to handler) attack.
6771 TCP Possible Deep Throat attack or Foreplay or Reduced Foreplay attack.,DeepThroat
6776 TCP Possible Sub-7 Trojan or 2000 Cracks, BackDoor-G or VP Killer attack.,SubSeven
6838 UDP Possible Mstream (attacker to handler) attack.
6883 TCP Possible Delta Source DarkStar trojan attack.
6912 TCP Possible Shit Heep trojan attack.
6939 TCP Possible Indoctrination attack
6969 TCP Possible Gate Crasher or Priority attack or IRC 3 or Net Controller.,GateCrasher,NetController
6970 TCP Possible Gate Crasher attack,GateCrasher
7000 TCP Possible Remote Grab attack or Exploit Translation Server, Kazimas or SubSeven 2.1 Gold.
7001 ??? Possible Freak88
7028 ??? Possible Unknown Trojan
7215 ??? Possible Sub-7 Trojan - 'matrix' chat program.,SubSeven
7300 TCP Possible Net Monitor attack,NetMonitor
7301 TCP Possible Net Monitor attack,NetMonitor 1.x
7302 TCP Possible Net Monitor attack
7303 TCP Possible Net Monitor attack
7304 TCP Possible Net Monitor attack
7305 TCP Possible Net Monitor attack
7306 TCP Possible Net Monitor attack,NetMonitor 2.x
7307 TCP Possible Net Monitor attack,NetMonitor 3.x
7308 TCP Possible Net Monitor attack,NetMonitor 4.x
7309 TCP Possible Net Monitor attack
7323 ??? Possible Sygate Backdoor attack
7424 ??? Possible Host Control trojan attack.
7597 TCP Possible QaZ Trojan Communications attempt
7777 TCP Possible Tini trojan attack.
7789 TCP Possible ICKiller or Back Door Setup attack,ICQKiller
7983 UDP Possible Mstream (handler to Agent) attack.
8000 ??? Possible squid HTTP Proxy server scan.
8001 ??? Possible squid HTTP Proxy server scan.
8080 ??? Possible squid HTTP Proxy server scan or Brown Orifice , RemoConChubo, RingZero
8783 TCP Suspected but unanalyzed trojan used port
8787 TCP Possible Back Orifice 2000 attack.
8866 TCP Possible W32.Beagle.B@mm worm
8888 ??? Possible squid HTTP Proxy server scan.
8897 ??? Possible HackOffice
8961 TCP If open on your system, possible BackDoor AOK infection.
8988 TCP Possible BackHack 
8989 TCP Possible Rcon, Recon or Xcon trojan attack.
9000 TCP Possible Netministrator trojan attack.
9325 UDP Possible Mstream (handler to Agent) attack.
9400 TCP Possible In Command attack.,InCommand
9872 TCP Possible Portal of Doom trojan attack.,PortalOfDoom
9873 TCP Possible Portal of Doom trojan attack.,Portal of Doom 1.x
9874 TCP Possible Portal of Doom trojan attack.,Portal of Doom 2.x
9875 TCP Possible Portal of Doom trojan attack.,Portal of Doom 3.x
9876 TCP Possible Cyber Attacker or Rux trojan attack.,Cyber Attacker|RUX
9878 TCP Possible TransScout trojan attack.
9899 TCP Possible Ini-Killer trojan attack.
9989 TCP Possible IniKiller attack.,iNi-Killer
9999 TCP Possible The Prayer trojan attack.
10067 UDP Possible Portal of Doom trojan attack.,Portal of Doom 4.x
10085 TCP Possible Syphillis trojan attack.
10086 TCP Possible Syphillis trojan attack.
10101 TCP Possible BrainSpy trojan attack.
10167 UDP Possible Portal of Doom trojan attack.,Portal of Doom 5.x
10498 UDP Possible Mstream (handler to Agent) attack.
10520 TCP Possible Acid Shivers trojan attack.
10528 TCP Possible Host Control trojan attack.
10607 TCP Possible Coma attack
10666 UDP Possible Ambush attack
11000 TCP Possible Senna Spy Trojan attack.,Senna Spy Trojans
11050 TCP Possible Host Control trojan attack.
11051 TCP Possible Host Control trojan attack.
11223 TCP Possible Progenic or Secret Agent trojan attack.,Progenic trojan,ProgenicTrojan
12076 TCP Possible GJamer attack
12223 TCP Possible Hack 99 or KeyLogger attack,Hack?99 KeyLogger,Hack´99 KeyLogger
12345 TCP Possible attempted Ultors Trojan attack. Or any of: cron / crontab, Fat Bitch trojan, GabanBus, icmp_pipe.c, Mypic , NetBus , NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill.,My Pics
12346 TCP Possible attempted Fat Bitch trojan, GabanBus, NetBus, or X-bill attack.,NetBus 1.x
12349 TCP Possible BioNet trojan attack.
12361 TCP Possible TCP Whack-a-mole attack
12362 TCP Possible TCP Whack-a-mole attack,Whack-a-mole 1.x
12456 TCP Possible NetBus attack
12623 UDP Possible DUN Control attack.
12624 TCP Possible ButtMan trojan attack.
12631 TCP Possible WhackJob attack
12701 TCP Possible Eclipse 2000 attack
12754 TCP Possible Mstream (attacker to handler)
13000 TCP Possible Senna Spy Trojan attack.
13010 TCP Possible Hacker Brasil (HBR) trojan attack.,Hacker Brazil
13700 TCP Possible Unknown Trojan attack
14500 TCP Possible PC Invader trojan attack.
15092 TCP Possible Host Control trojan attack.
15104 TCP Possible Mstream (attacker to handler)
15858 TCP Possible CDK trojan attack.
16484 TCP Possible Mosucker trojan attack.
16660 TCP Possible Stracheldraht attack,Stacheldracht
16772 TCP Possible ICQ Revenge trojan attack.
16969 TCP Possible Priority Trojan attack (similar to Netbus).,Priotrity
17166 TCP Possible Mosaic trojan attack.
17300 TCP Possible Kuang2 the virus attack.
17449 TCP Possible Kid Terror trojan attack.
17499 TCP Possible CrazzyNet trojan attack.
17777 TCP Possible Nephron trojan attack.
18753 TCP Possible Shaft (handler to agent) attack.
19864 TCP Possible ICQ Revenge trojan attack.
20000 TCP Possible Millennium attack,Millenium
20001 TCP Possible Millennium attack
20002 TCP Possible AcidkoR trojan attack.
20023 TCP Possible VP Killer attack.
20034 TCP Possible NetBus 2 Pro attack or NetRex or WhackJob.,NetBus Pro,Whack Job
20203 TCP Possible Logged! Attack. Possible Chupacabra trojan attack.
20331 TCP Possible Unknown Trojan attack or BLA trojan attack.
20432 TCP Possible Shaft (client to handler)
20433 UDP Possible Shaft (agent to handler)
21544 TCP Possible GirlFriend, Kid Terror, Exploiter, Schwindler, Winsp00fer or Unknown Trojan attack,Kidterror
21554 ??? Possible GirlFriend
22222 TCP Possible Prosiak or Donald Dick attack,Prosiak 0.47
23005 TCP Possible NetTrash trojan attack.
23023 TCP Possible Logged trojan attack.
23032 TCP Possible Amanda trojan attack.
23432 TCP Possible Asylum trojan attack.
23456 TCP Possible Evil FTP, WhackJob or Ugly FTP attack.,UglyFtp,Whack Job
23476 UDP Possible Donald Dick trojan attack.
23477 TCP Possible Donald Dick trojan attack.
24680 ??? Suspected but unanalyzed trojan attack
26274 ??? Possible Delta Source attack
26681 TCP Possible Voice Spy - OBS!!! Namnen har bytt plats trojan attack.,Spy Voice
27374 TCP Possible Sub-7 Trojan - v2.0 default port. Or Bad Blood, SubSeven 2.1 Gold, SubSeven 2.1.4 DefCon 8.
27444 UDP Possible attempted Denial of Service attack (Trin00/TFN2K),Trinoo
27573 ??? Sub-7 v2.1 attack,SubSeven
27665 TCP Possible attempted Denial of Service attack (Trin00/TFN2K),Trinoo
29104 TCP Possible NetTrojan attack.,Host Control
29891 TCP The Unexplained attack
30001 TCP Possible ErrOr32 trojan attack.,TerrOr32
30003 TCP Possible Lamers Death trojan attack.
30029 TCP Possible AOL Admin Trojan attack.,AOL Trojan
30100 TCP Possible Netsphere attack - primary port.
30101 TCP Possible Netsphere attack.
30102 TCP Possible Netsphere attack.
30103 ??? Possible NetSphere
30129 ??? Possible Masters Paradise
30133 TCP Possible NetSphere trojan attack.
30303 TCP Possible attack from Sokets de Trois v1,Socket23,Sockets de Troie
30947 TCP Possible Intruse trojan attack.
30999 TCP Possible Kuang2 trojan attack.
31335 UDP Possible attempted Denial of Service attack (Trin00),Trinoo
31336 TCP Possible Bo Whack or Butt Funnel trojan attack.,ButtFunnel
31337 ??? Possible attack from any of:Back Fire, Back Orifice (Lm), Back Orifice russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron / crontab, Freak88, icmp_pipe.c, Sockdmini or Deep BO.,BackFire,DeepBO,Freak>
31338 ??? Possible Netspy attack, Back Orifice, Butt Funnel, NetSpy (DK) or Deep BackOrifice attack,DeepBO,NetSpy DK,ButtFunnel
31339 TCP Possible Netspy attack.,NetSpy DK
31666 TCP Possible BOWhack attack
31785 TCP Possible Hack-a-Tack attack,Hack´a´Tack
31787 ??? Possible Hack´a´Tack
31788 TCP Possible Hack-a-Tack attack,Hack´a´Tack
31789 UDP Possible Hack-a-Tack attack,Hack´a´Tack
31790 UDP Possible Hack-a-Tack attack
31791 UDP Possible Hack-a-Tack attack,Hack´a´Tack
31792 TCP Possible Hack-a-Tack attack,Hack´a´Tack
32100 ??? Possible Peanut Brittle,Project nEXT
32418 TCP Possible Acid Battery attack
33270 TCP Possible Trinity trojan attack.
33333 TCP Possible Prosiak or Blakharaz trojan attack
33390 UDP Possible Unknown Trojan attack
33577 TCP Possible PsychWard trojan attack.
33777 TCP Possible PsychWard trojan attack.
33911 UDP Possible Spirit 2000 or Spirit 2001 trojan attack.,Spirit 2001a
34324 TCP Possible BigGluck or TN attack,Tiny Telnet Server
34444 TCP Possible Donald Dick trojan attack.
34555 UDP Possible Trin00 ping/pong response attack.,Trinoo (Windows)
35555 UDP Possible Trinoo trojan attack.,Trinoo (Windows)
37651 TCP Possible Yet Another Trojan (YAT) trojan attack.
40412 TCP Possible The Spy attack,TheSpy
40421 TCP Possible Masters Paradise Trojan attack,Agent 40421
40422 TCP Possible Masters Paradise Trojan attack,Masters Paradise 1.x
40423 TCP Possible Masters Paradise Trojan attack,Masters Paradise 2.x,Master Paradise
40425 TCP Possible Masters Paradise Trojan attack
40426 TCP Possible Masters Paradise Trojan attack,Masters Paradise 3.x
41666 TCP Possible Remote Boot Tool trojan attack.
44444 TCP Possible Prosiak trojan attack.
47252 TCP Possible Delta Source attack
47262 UDP Possible Delta Source attack
49301 UDP Possible Online KeyLogger attack
50505 TCP Possible attack from Sokets de Trois v1, Sockets de Troie
50766 TCP Possible Fore 1.0 Trojan attack, Schwindler
50776 TCP Possible Fore attack
51966 TCP Possible Cafeini trojan attack.
51996 ??? Possible Cafeini trojan attack.
52317 TCP Possible Acid Battery 2000 trojan attack.
53001 TCP Possible Remote Windows Shutdown attack.
54283 TCP Possible Sub-7 Trojan - Spy Port. Used by SubSeven 2.1 Gold also.
54320 TCP Possible Back Orifice 2000 - default port!
54321 TCP Possible Delta Source attack or School Bus trojan attack.,Back Orifice 2000
57341 TCP Possible NetRaider trojan attack.
58339 TCP Possible Butt Funnel trojan attack.
60000 TCP Possible DeepThroat, Foreplay or Reduced Foreplay or Sockets des Troie trojan attack.
60068 TCP Possible Xzip 6000068 trojan attack.
60411 TCP Possible Connection trojan attack.
61348 TCP Possible Bunker-Hill trojan attack.
61466 TCP Possible TeleCommando trojan attack.
61603 TCP Possible Bunker-Hill trojan attack.
63485 TCP Possible Bunker-Hill trojan attack.
64101 TCP Possible Taskman / Task Manager trojan attack.
65000 TCP Possible Devli, Sockets des Troie or Stacheldraht trojan attack.,Devil,Devil 1.03,Stacheldracht
65432 TCP Possible 'The Traitor' (= th3tr41t0r) trojan attack
65506 TCP Possible PhatBot (Agobot variant) infection of your machine
65534 ??? Possibly seeking a Linux system with known Trojan. (/sbin/initd)
65535 TCP Possible RC or RC1 trojan attack.