hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Ports Exploited
GovernmentSecurity.org > The Archives > Exploit Articles
Buluemoon
Jan 12 2004, 06:02 AM
Below is a list of ports being exploited in the US on Jan. 11 2004 and the number ofattacks according to:
http://www.dshield.org/country_list.php?continent=NA
*The known service or Hack was added from info gathered during research with google.

Ports being hacked:



PORT----------# of Attacks-----KNOWN Service or Hack

25--------------43387 -----------SMTP (Send Mail Transfer Protocol)
53--------------128664-----------DNS (Domain Name Service)
80--------------137420-----------HTTP (HyperText Transfer Protocol)
81--------------15064
123------------31240-------------NTP (Network Time Protocol)
135------------2704749
137------------297933-----------NetBIOS-ns
139------------92696-------------NetBIOS
389------------37762-------------LDAP (Lightweight Directory Access Protocol)
445------------210449------------SMB (NetBIOS over TCP)
554------------12857-------------Real Time Stream Control Protocol (RTSP)
593------------122949
901------------91484
1024-----------14706
1214-----------13895
1433-----------266351-----------Microsoft SQL Server
1434-----------218249-----------Microsoft SQL Monitor
2503-----------43114
3531-----------34000
4000-----------41466-------------ICQ, port4000
4444-----------19433-------------Backdoor.Oracle
6129-----------202047------------Dameware
6346-----------16390
6667-----------13059
7000-----------12967-------------Andrew File System (AFS) file server
173000--------104596
27374----------41929
32780----------19546
41170----------691228


I would like to make this complete by finding out which Exploits are being
used on each of these ports. I believe this could be used as a good tool to
learn more about these exploits and security issues related to securingour computers. I will update this list as my research and your feedback
produce new info.

There were several other ports listed but I have only listed those with 10,000
or more attacks.

Thanks for any and all feedback and help.
Gargamel
Jan 12 2004, 10:01 AM
as i understand you search for what the ports are?!

search in google for portlist and you will find it...

e.g.: http://www.diabolo666.com/tools/ports.htm
PSR
Jan 12 2004, 12:16 PM
QUOTE (Gargamel @ Jan 12 2004, 10:01 AM)
as i understand you search for what the ports are?!

search in google for portlist and you will find it...

e.g.: http://www.diabolo666.com/tools/ports.htm

no that not what he wants to know . it's just a list with ports which exploits connect on and thats what the list is for. something like a reference guide.
andydis
Jan 12 2004, 02:25 PM
off top of my head, 6667 irc, 27374 backoriface i think 135 is netbios again (dcom exploit) 81 is also http,
SNOZZ
Jan 12 2004, 07:03 PM
Port 41170 is a p2p music sharing program called Piolet that apparently listens on port 41170 - www.piolet.com


Port 17300 is apparently the backdoor of Kuang2

Modified Files:
msrpc_dcom.nasl
Log Message:
check on port 593 if 135 is closed .

Thats just 3 chose at random, its easy to check on google "port 123" and the answers come flooding in.
hope that helps u complie the list faster.


pinky
Jan 12 2004, 09:35 PM
27374 was the default port for sub7 version 2.1 and lower but lower than version 1.7 was port 1243
version 2.2 changed to 6667

i think

Sub7, ahh them were the days smile.gif
pinky
Jan 12 2004, 10:01 PM
Found this site, thought it might be useful

http://www.bekkoame.ne.jp/~s_ita/port/
raif
Jan 16 2004, 04:43 AM
or....if you are in linux, just do this:

cat /etc/services

it will tell you what services normally go with what ports wink.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.