hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Too Much Open Ports!
GovernmentSecurity.org > System Security > Beginners Section
Barvaz88
Dec 15 2003, 06:47 PM
CODE

80 :: 711 trojan (Seven Eleven) - AckCmd - Back End - Back Orifice 2000 Plug-Ins - Cafeini - CGI Backdoor - Executor - God Message - God Message Creator - Hooker - IISworm - MTX - NCX - Reverse WWW Tunnel Backdoor - RingZero - Seeker - WAN Remote - Web Server CT - WebDownloader
113 :: Normally Identd but could be Invisible Identd Deamon - Kazimas
123 :: Net Controller
135 :: Normally MS Netbios but could be Chode
137 :: Normally MS Netbios-NS but could be (UDP) - Msinit
138 :: Normally MS Netbios-DGM but could be Chode
139 :: Normally MS Netbios-SSN but could be Chode - God Message worm - Msinit - Netlog - Network - Qaz
1025 :: Remote Storm
1150 :: Orion
1151 :: Orion
1170 :: Psyber Stream Server - PSS - Streaming Audio Server - Voice
1200 :: (UDP) - NoBackO
1201 :: (UDP) - NoBackO
1207 :: SoftWAR
1208 :: Infector
1212 :: Kaos
1234 :: SubSeven Java client - Ultors Trojan
1243 :: BackDoor-G - SubSeven - SubSeven Apocalypse - Tiles
1245 :: VooDoo Doll
1255 :: Scarab
1256 :: Project nEXT
1269 :: Matrix
1272 :: The Matrix
1313 :: NETrojan
1338 :: Millenium Worm
1349 :: Bo dll
1394 :: GoFriller - Backdoor G-1
1441 :: Remote Storm
5000 :: Used by Windows UPnP usually found in XP and ME turned on by default but can also be seen on in Win2k. Also used by trojans (Blazer5 - Bubbel - ICKiller - Ra1d - Sockets des Troie)
6060 :: Invision 2.0 Default DCC Server Port

wtf is all this ports?????
realmasterX
Dec 15 2003, 06:52 PM
hi..

i would say its a box without any firewall and some trojans... wink.gif

But i havnt understand what u want...sad.gif
GSecur
Dec 15 2003, 06:53 PM
What exactly are you scanning, (your local machine?)
Barvaz88
Dec 15 2003, 07:20 PM
it's my box.. how can I delete all these trojans???
Deadlocked
Dec 15 2003, 07:54 PM
U r almost like gruyere cheese. =D
Firstly i'd recommend to install a firewall and block all incoming connections to that ports... Once then, remove them, (install any antivirii proggie) and check execution paths at boot time. I think you have win 9x/ME(rde), but correct me if i'm wrong, and next time give more info in your post.
I don't think any attacker is such stup*d to install that amount of backdoors/trojans, so i guess you had executed some proggie that spawned all those servers, be carefull when executing strange files.
GSecur
Dec 15 2003, 08:08 PM
Scanning yourself (localhost) with an application hosted on the local host, will give you so many false positives. If you want a true determination of what ports are open have a 2nd party scan you.
Hag4r
Dec 15 2003, 08:23 PM
Yeah, i think that is the 'port-scanner' of invision mirc script.I had it too, and it says there were ports open that werent really open. So i dont think u can rely on invision ports scanner.
mrBob
Dec 15 2003, 08:29 PM
uhh... format c:\ ? laugh.gif
and then install a firewall (sygate, norton, zonealarm or whatever)
realmasterX
Dec 15 2003, 08:40 PM
QUOTE (mrBob @ Dec 15 2003, 08:29 PM)
uhh... format c:\ ?

i think that would be the best way... wink.gif

And don't forgot to intall an Antivir-prog... (the kaspersky is really good!!!)
Axl
Dec 15 2003, 08:45 PM
wow man !!

first of all -if all of those port are really open-admin-teach the damn noobs not to open trojans!

i suggest by punishing him... smile.gif

and as for your small problem ....

hmmmm...

first of all install sygate firewall-my faivorite..

then as said block allllll incoming traffic on non system ports (135 5000 6666 139) and install an av and a special trojan remover...

search www.download.com

r.i.p
realmasterX
Dec 15 2003, 08:50 PM
yes,...R.I.P.. wink.gif

But i thing the Outpost Firewall is much better then the sygate..
Barvaz88
Dec 15 2003, 09:24 PM
tnx all

I have windows XP with SP1
and it from invision script for mirc port scanner.....
I have anti virus and it didn't alert me before

I will search for a fire wall

TNX ALL!!
gwon
Dec 15 2003, 10:00 PM
I can only assume this guy has scanned his machine and whatever scanner he has used has told him what the open ports *COULD* be used for. People seem to have got the wrong end of the stick, and think this guy is infected with every trojan under the sun.

Install a firewall (a free one would do): http://www.google.com/search?hl=en&ie=utf-...q=free+firewall

If you don't already, get some virus protection, once again, free would do. I recommend: http://www.free-av.com
KoStIsTR
Dec 15 2003, 10:34 PM
HEHEHEHE is it possible to test some trojan at your box by your own ???
Blast3rPL
Dec 16 2003, 02:35 PM
QUOTE
HEHEHEHE is it possible to test some trojan at your box by your own ???


If trojans contains null pass session and you know ports etc. it possible. But usually you must have a password.

I'm suggesting to format hard drives, install OS & AV with firewall and configure it to block some connections.
woodpecker_sjtu
Dec 16 2003, 02:42 PM
oh...a filler
gwon
Dec 16 2003, 04:21 PM
I suggest dumping windows and installing Slackware, or BSD
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.