IDS Archives: IDS: ODI/NDIS mapper 2.0
IDS: ODI/NDIS mapper 2.0
Amit Kaushal (akaushal
dttus.com)
26 Aug 1999 18:02:59 -0500
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
---
i am having problems when i bootup my windows 95. i have nt server
4.0 server (service pack 3) on the same machine. the boot message says
that LSL failed and ODI/NDIS Mapper initialization failed.
then it says 'press a key to continue' . can some one put some light
on this.
______________________________ Reply Separator _________________________________
Subject: Re: [NTSEC] Default trojan ports
Author: fredweembox2.singnet.com.sg at Internet-USA
Date: 8/26/1999 3:03 PM
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoiss.net
Contact ntsecurity-owneriss.net for help with any problems!
---------------------------------------------------------------------------
Hi,
I have found the information posted about trojan ports very informative and
useful. I am trying to detect and remove any such existing trojan horse
programs. But finding their hiding places to remove the trojan horse is very
tedious.
Wonder if anyone know of:
(i) Any place where I can get my hands on a compiled listing of these
trojan horse information, like the exe filenames, size, where they would
hide, etc..
(ii) Any IDS currently available or being developed with trojan horse
detection mechanisms.
Rgds ..... Fred
-----Original Message-----
From: Joakim von Braun <joakim.von.braunrisab.se>
To: ntsecurityiss.net <ntsecurityiss.net>
Cc: firewallslists.gnac.com <firewallslists.gnac.com>;
PacketStormgenocide2600.com <PacketStormgenocide2600.com>;
flashbackflashback.se <flashbackflashback.se>
Date: 13 May 1999 02:44
Subject: [NTSEC] Default trojan ports
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoiss.net
Contact ntsecurity-owneriss.net for help with any problems!
---------------------------------------------------------------------------
After seeing several questions about traffic directed at ports as 31337 and
12345 I've put together a list of all trojans known to me and the default
ports they are using. Of course several of them could use any port, but I
hope this list will maybe give you a clue of what might be going on.
port 21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx,
WinCrash
port 23 - Tiny Telnet Server
port 25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz
Stealth, Terminator, WinPC, WinSpy
port 31 - Hackers Paradise
port 80 - Executor
port 456 - Hackers Paradise
port 555 - Ini-Killer, Phase Zero, Stealth Spy
port 666 - Satanz Backdoor
port 1001 - Silencer, WebEx
port 1011 - Doly Trojan
port 1170 - Psyber Stream Server, Voice
port 1234 - Ultors Trojan
port 1245 - VooDoo Doll
port 1492 - FTP99CMP
port 1600 - Shivka-Burka
port 1807 - SpySender
port 1981 - Shockrave
port 1999 - BackDoor
port 2001 - Trojan Cow
port 2023 - Ripper
port 2115 - Bugs
port 2140 - Deep Throat, The Invasor
port 2801 - Phineas Phucker
port 3024 - WinCrash
port 3129 - Masters Paradise
port 3150 - Deep Throat, The Invasor
port 3700 - Portal of Doom
port 4092 - WinCrash
port 4590 - ICQTrojan
port 5000 - Sockets de Troie
port 5001 - Sockets de Troie
port 5321 - Firehotcker
port 5400 - Blade Runner
port 5401 - Blade Runner
port 5402 - Blade Runner
port 5569 - Robo-Hack
port 5742 - WinCrash
port 6670 - DeepThroat
port 6771 - DeepThroat
port 6969 - GateCrasher, Priority
port 7000 - Remote Grab
port 7300 - NetMonitor
port 7301 - NetMonitor
port 7306 - NetMonitor
port 7307 - NetMonitor
port 7308 - NetMonitor
port 7789 - ICKiller
port 9872 - Portal of Doom
port 9873 - Portal of Doom
port 9874 - Portal of Doom
port 9875 - Portal of Doom
port 9989 - iNi-Killer
port 10067 - Portal of Doom
port 10167 - Portal of Doom
port 11000 - Senna Spy
port 11223 - Progenic trojan
port 12223 - Hack´99 KeyLogger
port 12345 - GabanBus, NetBus
port 12346 - GabanBus, NetBus
port 12361 - Whack-a-mole
port 12362 - Whack-a-mole
port 16969 - Priority
port 20001 - Millennium
port 20034 - NetBus 2 Pro
port 21544 - GirlFriend
port 22222 - Prosiak
port 23456 - Evil FTP, Ugly FTP
port 26274 - Delta
port 31337 - Back Orifice
port 31338 - Back Orifice, DeepBO
port 31339 - NetSpy DK
port 31666 - BOWhack
port 33333 - Prosiak
port 34324 - BigGluck, TN
port 40412 - The Spy
port 40421 - Masters Paradise
port 40422 - Masters Paradise
port 40423 - Masters Paradise
port 40426 - Masters Paradise
port 47262 - Delta
port 50505 - Sockets de Troie
port 50766 - Fore
port 53001 - Remote Windows Shutdown
port 61466 - Telecommando
port 65000 - Devil
You'll find the list on the following address:
http://www.simovits.com/nyheter9902.html (still in Swedish but it will be
translated in the near future).
To help anyone to detect trojan attacks, I´m planning to add information
about the original names of the executables, their size, where they usually
are hiding, and the names of any helpfiles they may use. I will also add
tools or links to tools that may be of your assistance.
Feel free to get back to me with any comments or suggestions. If you find
new trojans I´ll love to get my hands on them, but please mail me first, as
I don´t need more than one copy. If you have live experiance of trojan
attacks I´m interested to read about your findings.
Joakim
joakim.von.braunrisab.se
This archive was generated by hypermail 2.0b3
on Fri Aug 27 1999 - 07:37:55 CDT
