here is a list of ports and the programs that annoying little people use to do some "l33t h4ck1ng" (these arnt always the same and can be used by other programs but its jus a rough guide), you might find it usefull.

><><><><><><><><><><><><><><><><><><><><><><><

Usefull Port Info

Port 80 is the port for Http (web sites).
Port 21 is for Telnet
Port 23 is for FTP
port 139 is the netbios port

><><><><><><><><><><><><><><><><><><><><><><><

Trojan (remote administration) ports*

port 23 - Tiny Telnet Server (= TTS)
port 25 - Ajan, Antigen, Email Password Sender, Haebu Coceda (= Naebi), Happy 99, Kuang2,
ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpy
port 31 - Agent 31, Hackers Paradise, Masters Paradise
port 41 - DeepThroat
port 59 - DMSetup
port 79 - Firehotcker
port 80 - Executor, RingZero
port 99 - Hidden Port
port 110 - ProMail trojan
port 113 - Kazimas
port 119 - Happy 99
port 121 - JammerKillah
port 421 - TCP Wrappers
port 456 - Hackers Paradise
port 531 - Rasmin
port 555 - Ini-Killer, NeTAdmin, Phase Zero, Stealth Spy
port 666 - Attack FTP, Back Construction, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyre
port 911 - Dark Shadow
port 999 - DeepThroat, WinSatan
port 1001 - Silencer, WebEx
port 1024 - NetSpy
port 1042 - Bla
port 1045 - Rasmin
port 1090 - Xtreme
port 1170 - Psyber Stream Server, Streaming Audio trojan, Voice
port 1234 - Ultors Trojan
port 1243 - BackDoor-G, SubSeven, SubSeven Apocalypse
port 1245 - VooDoo Doll
port 1269 - Mavericks Matrix
port 1349 (UDP) - BO DLL
port 1492 - FTP99CMP
port 1509 - Psyber Streaming Server
port 1600 - Shivka-Burka
port 1807 - SpySender
port 1981 - Shockrave
port 1999 - BackDoor
port 1999 - TransScout
port 2000 - TransScout
port 2001 - TransScout
port 2001 - Trojan Cow
port 2002 - TransScout
port 2003 - TransScout
port 2004 - TransScout
port 2005 - TransScout
port 2023 - Ripper
port 2115 - Bugs
port 2140 - Deep Throat, The Invasor
port 2155 - Illusion Mailer
port 2283 - HVL Rat5
port 2565 - Striker
port 2583 - WinCrash
port 2600 - Digital RootBeer
port 2801 - Phineas Phucker
port 2989 (UDP) - RAT
port 3024 - WinCrash
port 3128 - RingZero
port 3129 - Masters Paradise
port 3150 - Deep Throat, The Invasor
port 3459 - Eclipse 2000
port 3700 - Portal of Doom
port 3791 - Eclypse
port 3801 (UDP) - Eclypse
port 4092 - WinCrash
port 4321 - BoBo
port 4567 - File Nail
port 4590 - ICQTrojan
port 5000 - Bubbel, Back Door Setup, Sockets de Troie
port 5001 - Back Door Setup, Sockets de Troie
port 5011 - One of the Last Trojans (OOTLT)
port 5031 - NetMetro
port 5321 - Firehotcker
port 5400 - Blade Runner, Back Construction
port 5401 - Blade Runner, Back Construction
port 5402 - Blade Runner, Back Construction
port 5550 - Xtcp
port 5512 - Illusion Mailer
port 5555 - ServeMe
port 5556 - BO Facil
port 5557 - BO Facil
port 5569 - Robo-Hack
port 5742 - WinCrash
port 6400 - The Thing
port 6669 - Vampyre
port 6670 - DeepThroat
port 6771 - DeepThroat
port 6776 - BackDoor-G, SubSeven
port 6912 - Shit Heep (not port 69123!)
port 6939 - Indoctrination
port 6969 - GateCrasher, Priority, IRC 3
port 6970 - GateCrasher
port 7000 - Remote Grab, Kazimas
port 7789 - Back Door Setup, ICKiller
port 8080 - RingZero
port 9400 - InCommand
port 9872 - Portal of Doom
port 9873 - Portal of Doom
port 9874 - Portal of Doom
port 9875 - Portal of Doom
port 9876 - Cyber Attacker
port 9878 - TransScout
port 9989 - iNi-Killer
port 10067 (UDP) - Portal of Doom
port 10101 - BrainSpy
port 10167 (UDP) - Portal of Doom
port 10520 - Acid Shivers
port 10607 - Coma
port 11000 - Senna Spy
port 11223 - Progenic trojan
port 12076 - Gjamer
port 12223 - Hack«99 KeyLogger
port 12345 - GabanBus, NetBus, Pie Bill Gates, X-bill
port 12346 - GabanBus, NetBus, X-bill
port 12361 - Whack-a-mole
port 12362 - Whack-a-mole
port 12631 - WhackJob
port 13000 - Senna Spy
port 16969 - Priority
port 17300 - Kuang2 The Virus
port 20000 - Millennium
port 20001 - Millennium
port 20034 - NetBus 2 Pro
port 20203 - Logged
port 21544 - GirlFriend
port 22222 - Prosiak
port 23456 - Evil FTP, Ugly FTP, Whack Job
port 23476 - Donald Dick
port 23477 - Donald Dick
port 26274 (UDP) - Delta Source
port 29891 (UDP) - The Unexplained
port 30029 - AOL Trojan
port 30100 - NetSphere
port 30101 - NetSphere
port 30102 - NetSphere
port 30303 - Sockets de Troi
port 30999 - Kuang2
port 31336 - Bo Whack
port 31337 - Baron Night, BO client, BO2, Bo Facil
port 31337 (UDP) - BackFire, Back Orifice, DeepBO
port 31338 - NetSpy DK
port 31338 (UDP) - Back Orifice, DeepBO
port 31339 - NetSpy DK
port 31666 - BOWhack
port 31785 - Hack«a«Tack
port 31787 - Hack«a«Tack
port 31788 - Hack«a«Tack
port 31789 (UDP) - Hack«a«Tack
port 31791 (UDP) - Hack«a«Tack
port 31792 - Hack«a«Tack
port 33333 - Prosiak
port 33911 - Spirit 2001a
port 34324 - BigGluck, TN
port 40412 - The Spy
port 40421 - Agent 40421, Masters Paradise
port 40422 - Masters Paradise
port 40423 - Masters Paradise
port 40426 - Masters Paradise
port 47262 (UDP) - Delta Source
port 50505 - Sockets de Troie
port 50766 - Fore, Schwindler
port 53001 - Remote Windows Shutdown
port 54320 - Back Orifice 2000
port 54321 - School Bus
port 54321 (UDP) - Back Orifice 2000
port 60000 - Deep Throat
port 61466 - Telecommando
port 65000 - Devil

THNX to AuzyBuild

* these are the ports most comonly used by these trojans, they are not always the same *

just for the record, you can configure a trojan to run on any specified port :p if you want a more complety list of trojan ports, go here: http://trojanports.tlsecurity.net/
But here is a list of more commonly used ports and services:

SMTP 25 TCP Simple Mail Tranfer Protocol
Ssh 22 TCP Secure Shell
DNS 53 TCP Domain Name Service
Finger 79 TCP Can obtain computer information
POP3 110 TCP Internet Mail
Netbios - Session 139 TCP/UDP Microsoft machines use this often
IMAP 143 TCP Internet Message Access Protocol.
SNMP 161 TCP Used for network mapping
IRC 6665 - 6669 TCP/UDP Internet Relay Chat
Printer 515 TCP Spooler
systat 11 TCP system/user information

the list goes on and on and on but for more ports and sevices go here: http://www.sans.org/y2k/ports.htm

latr,
Remote_Access_

Here's a decent quasi up-to-date listing that I use:

http://www.gpick.net/lists/portlist/portlist.htm

Cool post and replies.

If you run Linux, just have a look at /etc/services, it lists all the ports and services too.

Usefull Port Info

Port 80 is the port for Http (web sites).
Port 21 is for Telnet
Port 23 is for FTP
port 139 is the netbios port

Acutally.....

Port 21 is for FTP
Port 23 is for Telnet

Just wanted to clear that up. Probably just a typeo, but needed to be addressed. Good info, though.

Happy Hacking

Is there such a thing as a complete list of ports? I've got all the usual suspects covered but I'm getting hit by the same attackers (and I know who they are) on broad ranges of ports I can't get any info about on any lookup site--the ones I'm seeing on VisualZone right now happen to start at 1025 and go all the way up thru 1214, not necessarily in order, then more in in 49280-49350, a couple of 0 bootp's, etc. They're all spoofed; most seem to be coming from my other ISP, but they're clueless too. Several in the 1080's appear to have come from this site! How I got into this mess is a long ugly story I don't have time to tell, but last summer I pissed off some really scary ultra-elite types I used to work for when I was only a lame medical transcriptionist. Will upload logs to anyone interested ASAP!
SKByor

Anything over 1024 is dynamic. Post the logs, maybe we can make them go away....you never know.

Complete list of ports can be found here:

http://www.iana.org/assignments/port-numbers

The trojan list that I tend to refer to is:

http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html

This has been posted multiple times before, please search the forums before posting :)

http://www.antionline.com/showthread.php?s=&threadid=153219&highlight=port
http://hackerwhacker.com/nmap-services.txt

Have fun :D

Is there a way to close the netbios port in windows? I dont have a need for remote administration and this provides a nice port for people to direct packets at and thus crashing the servics and lagging the hell out of me.

I think you can close it by going to the Control Panel and opening up the Network icon.
File and Printer sharing is probley turned on. Sometimes there will acctually be a network component installed on the pc that you should remove.

Also if you cant do it like that you can get an admin tool that will allow you to close certain ports. 139 in this case.

there is a port list file in the windows dir:

c:\windows\service

Here you go an almost complete list of ports. Have a look.

I think maybe that there aren't a limit to ports and that trojans CAN run on any port you program it to. I also think that WHOA COW, there is too many ports and trojans that can run off of them. There are so many R.A.T ports and only one of them needs to be open to run a backdoor/ trojan.