NMAP (WIN/UNIX)

Este manual lo he sacado de recopilar unos cuantos que haba por la red. Los he ampliado escasamente porque no lo necesitaban demasiado, he corregido faltas ortogrficas (no todas como veris, ampliar algn tema, alguna investigacin por la redjuntar las cosas. (Vamos que no encontrareis ningn manual de NMAP mejor y ms completo que este, garantizado!) Se que el formato del texto es un poco cutre pero bueno la verdad es que me da pereza ponerlo todo igual, todo se debe a los diferentes manuales de los que he sacado informacin y tal Decir que este manual vale tanto como para Windows como para Unix (solo cambia la versin del Nmap, los comandos son los mismos para los dos S.O) Aqu Podis descargarlo: http://www.insecure.org/nmap. Es muy amplio pero ensea mucho, recomiendo que se lea y que cada uno saque un resumencillo con la mas interesante, con sus ejemplos y todo. Hay cosas difciles de entender debido a la amplitud tcnica del manual en cuanto a que se explica mucho de cada opcin. Te aseguro que con este manual vas a saber escanear de una manera efectiva aunque no tengas muchos conocimientos del tema. Para Windows hay varias versiones. El Nmap para poder sacarle todo el partido es mejor hacerlo por comandos que es como se explica aqu. (El de Windows no requiere instalacin solo accede a el mediante ms-dos y ya esta. (Ruta sin espacios) Decir que para un mejor escaneo podis utilizar mas escaneadotes (Que son menos potentes como Superscan, Portscan, scan, ) y comparar ya que siempre hay algo que se escapa en uno de ellos que otro puede captar, esto podris verlo en la seccin ejemplos. NOTAS DEL CREADOR Nmap (fyodor@insecure.org) Bugs? Por favor, enveme cualquier bug que descubra. Los parches tampoco estaran mal. Recuerde enviar tambin nuevas huellas de sistemas operativos para que podamos ampliar nuestra base de datos.

INDICE:

1- Tipos de escaneo * Ejemplos de los tipos 2- Opciones generales *Opcin idlscan

3- Ejemplos de comandos *Super ejemplo *Diferencias entre scaners 4- Puertos de inters SINOPSIS Nmap [Tipos(s)de escaneo] [Opciones] <servidor o red #1... [#N]> <servidor o red #1... [#N]> www.XXX.com IP lo que vas a escanear

*********************Tipos Escaneo************************
-sT (Deja ver tu IP) Escaneo TCP connect(): Es la forma mas basica de escaneo TCP. La llamada de sistema connect() proproporcionada por nuestro sistema operativo se usa para establecer una conexin con todos los puertos interesantes de la maquina. Si el puerto esta a la escucha, connect() tendr xito, de otro modo, el puerto resulta inalcanzable. Una ventaja importante de esta tcnica es que no resulta necesario tener privilegios especiales. Cualquier usuario en la mayora de los sistemas UNIX tiene permiso para usar esta llamada. Este tipo de escaneo resulta fcilmente detectable dado que los registros del servidor de destino muestran un montn de conexiones y mensajes de error para aquellos servicios que accept() (aceptan) la conexin para luego cerrarla inmediatamente. Si no se le suministra ningn tipo de scan se asume por defecto sT. -sS (Oculta un Poco la IP, nicamente root puede ejecutarlo) Escaneo TCP SYN: A menudo se denomina a esta tcnica escaneo "half open" (medio abierto), porque no se abre una conexin TCP completa. Se enva un paquete SYN, como si se fuese a abrir una conexin real y se espera que llegue una respuesta. Un SYN|ACK indica que el puerto esta a la escucha. Un RST es indicativo de que el puerto no esta a la

de

escucha. Si se recibe un SYN|ACK, se enva un RST inmediatamente para cortar la conexin (en realidad es el kernel de nuestro sistema operativo el que hace esto por nosotros). La ventaja principal de esta tcnica de escaneo es que ser registrada por muchos menos servidores que la anterior. Por desgracia se necesitan privilegios de root para construir estos paquetes SYN modificados. Puede que al escanear desde Windows a otro Windows, este comando funcione mejor que el -st -sF -sX -sN Xmas Si lo combinamos con la opcin -f mejora la clandestinidad (el flag -f para utilizar pequeos fragmentos en el scan para hacerlos menos detectables aun. ) (Mas clandestino que los anteriores) (-sN da buenos resultados, por lo menos en windows) Modos Stealth FIN, Xmas Tree o Nul scan: A veces ni siquiera el escaneo SYN resulta lo suficientemente clandestino. Algunas firewalls y filtros de paquetes vigilan el envi de paquetes SYN a puertos restringidos, y programas disponibles como Synlogger y Courtney detectan este tipo de escaneo. Estos tipos de escaneo avanzado, sin embargo, pueden cruzar estas barreras sin ser detectados. La idea es que se requiere que los puertos cerrados respondan a nuestro paquete de prueba con un RST, mientras que los puertos abiertos deben ignorar los paquetes en cuestin *El escaneo FIN utiliza un paquete FIN vacio (sorpresa) como prueba, mientras que el escaneo Xmas tree activa las flags FIN, URG y PUSH. *El escaneo NULL desactiva todas las flags. Por desgracia Microsoft (como de costumbre) decidi ignorar el estndar completamente y hacer las cosas a su manera. Debido a esto, este tipo de escaneo no funcionara con sistemas basados en Windows95/NT. En el lado positivo, esta es una buena manera de distinguir entre las dos plataformas. Si el escaneo encuentra puertos cerrados, probablemente se trate de una maquina UNIX, mientras que todos los puertos abiertos es indicativo de Windows. Excepcionalmente, Cisco, BSDI, HP/UX, MVS, y IRIX tambin envan RSTs en vez de desechar el paquete

-sU Escaneo Udp: Este mtodo se usa para saber que puertos UDP (Protocolo de Datagrama de Usuario, RFC 768) estn abiertos en un servidor. La tcnica consiste en enviar paquetes UCP de 0 bytes a cada puerto de la maquina objetivo. Si se recibe un mensaje ICMP de puerto no alcanzable, entonces el puerto esta cerrado. De lo contrario, asumimos que esta abierto. Alguna gente piensa que el escaneo UDP no tiene sentido. Normalmente les recuerdo el reciente agujero Solaris rcpbind. Puede encontrarse a rcpbind escondido en un puerto UDP no documentado en algn lugar por encima del 32770. Por lo tanto, no importa que el 111 este bloqueado por la firewall. Pero, cquien puede decir en cual de los mas de 30000 puertos altos se encuentra a la escucha el programa? iCon un escner UDP se puede! Tenemos tambin el programa de puerta trasera cDc Back Orifice que se oculta en un puerto UDP configurable en las maquinas Windows, por no mencionar los muchos servicios frecuentemente vulnerables que usan UDP como snmp, tftp, NFS, etc. Por desgracia, el escaneo UDP resulta a veces tremendamente lento debido a que la mayora de los servidores implementan una sugerencia recogida en el RFC 1812 (seccin 4.3.2.8) acerca de la limitacion de la frecuencia de mensajes de error ICMP. Por ejemplo, el kernel de Linux (en /ipv4/icmp.h) limita la generacin de mensajes de destino inalcanzable a 80 cada cuatro segundos, con una penalizacin de 1/4 de segundo si se rebasa dicha cantidad. Solaris tiene unos limites mucho mas estrictos (mas o menos 2 mensajes por segundo) y por lo tanto lleva mas tiempo hacerle un escaneo. nmap detecta este limite de frecuencia y se ralentiza en consecuencia, en vez de desbordar la red con paquetes intiles que la maquina destino ignorara. Como de costumbre, Microsoft ignoro esta sugerencia del RFC y no parece que haya previsto ningn tipo de limite de frecuencia para las maquinas Windows. Debido a esto resulta posible escanear los 65K puertos de una maquina Windows muy rapidamente. Toma!! ya tenemos manera de saber el SO al 80%...XD -b <ftp relay host> Ataque de rebote FTP: Una caracteristica "interesante" del protocolo FTP (FRC 959) es la posibili-

dad de realizar conexiones ftp tipo "proxy". En otras palabras, ime resultara posible conectarme desde malvado.com al servidor ftp de destino.com y pedirle a ese servidor que enviase un archivo a CUALQUIER PARTE de Internet! Aun asi, esto podra haber funcionado bien en 1985 cuando se escribio el RFC, pero en la Internet actual, no podemos permitir que la gente vaya por ahi asaltando servidores ftp y pidindoles que escupan sus datos a puntos arbitrarios de Internet. Tal y como escribi *Hobbit* en 1985, este defecto del protocolo "puede usarse para enviar mensajes de correo y noticias cuyo rastro ser virtualmente imposible de seguir, machacar servidores en varios sitios web, llenar discos, tratar de saltarse firewalls y , en general, resultar molesto y difcil de detectar al mismo tiempo." Nosotros explotaremos este defecto para (sorpresa, sorpresa) escanear puertos TCP desde un servidor ftp "proxy". De este modo nos podramos conectar a un servidor ftp tras una firewall, y luego escanear aquellos puertos que con mas probabilidad se encuentren bloqueados (el 139 es uno bueno). Si el servidor ftp permite la lectura y escritura en algn directorio (como por ejemplo /incoming), se pueden enviar datos arbitrarios a puertos que se encuentren abiertos (aunque nmap no realiza esta funcin por si mismo). El argumento que se pasa a la opcin 'b' es el host que se pretende usar como proxy, en notacin URL estandar. El formato es: nombre_de_usuario:password@servidor:puerto. Todo excepto servidor es opcional. Para determinar que servidores son vulnerables a este ataque, vease mi articulo en Phrack 51. Se encuentra disponible una versin actualizada en la URL de nmap (http://www.insecure.org/nmap). -d ip -------------->para mi la mejor. Te dice muchas cosas....

********** Ejemplos explicativos para un mayor entendimiento **************** Barrido utilizando el three way handshake del TCP (opcin -sT) La forma de barrido mas comn que posee es utilizando la opcin -sT . Este modo se basa en la metodologa de inicio de conexin que posee el

TCP , conocida como three way handshake. Describindolo resumidamente sucede la siguiente secuencia [1] a) El servidor tiene que estar preparado para recibir una conexin (en general utilizando las funciones socket , bind y listen) b) El cliente lanza una conexin activa - llama a connect() - Con esto enva un segmento SYN para informarle al server el numero inicial de secuencia para los datos que el cliente va a enviar en la conexin. El SYN normalmente contiene un IP Header - un TCP Header y puede ser algn opcin TCP c) El servidor debe dar por conocido el SYN enviando un ACK y a su vez enva un SYN con su nmero de secuencia (todo en un slo paquete TCP) d) El cliente debe dar por conocido el SYN enviado con un ACK Este modo de barrido posee dos ventajas: * es rpido (incluso el Nmap posee opciones para hacerlo aun mas rpido en conexiones lentas, que no analizaremos) * no se necesitan privilegios especiales para realizarlo en la mquina que lanza el barrido y posee la gran desventaja que es muy sencillo de detectar y es fcil de filtrar Se analiza a continuacin el proceso que general el nmap con la opcin -sT , corriendo el tcpdump en la mquina objetivo. Para ello se ejecuta el Nmap en la mquina 192.168.255.20 y se dirige hacia la mquina casa2.xxx.xxx.xxx, en una red ethernet 1) 08:24:18.393108 192.168.255.20.1024 > casa2.xxx.xxx.xxx.653: S 2632227152:2632227152(0) win 16060 <mss 1460,sackOK,timestamp 232602[|tcp]> (DF) 2) 08:24:18.393167 casa2.xxx.xxx.xxx.653 > 192.168.255.20.1024: R 0:0(0) ack 2632227153 win 0 3) 08:24:18.393227 192.168.255.20.1025 > casa2.xxx.xxx.xxx.6141: S 2644226118:2644226118(0) win 16060 <mss 1460,sackOK,timestamp 232602[|tcp]> (DF) 4) 08:24:18.393258 casa2.xxx.xxx.xxx.6141 > 192.168.255.20.1025: R 0:0(0) ack 2644226119 win 0 5) 08:24:18.453343 192.168.255.20.1298 > casa2.xxx.xxx.xxx.pop3: S 2640612362:2640612362(0) win 16060 <mss 1460,sackOK,timestamp 232608[|tcp]> (DF) 6) 08:24:18.453542 casa2.xxx.xxx.xxx.pop3 > 192.168.255.20.1298: S 1658259980:1658259980(0) ack 2640612363 win 16060 <mss 1460,sackOK,timestamp 243353[|tcp]> (DF) 7) 08:24:18.458667 192.168.255.20.1298 > casa2.xxx.xxx.xxx.pop3: . ack 1 win 16060 <nop,nop,timestamp 232609 243353> (DF) 8) 08:24:18.461280 192.168.255.20.1298 > casa2.xxx.xxx.xxx.pop3: F 1:1(0) ack 1 win 16060 <nop,nop,timestamp 232609 243353> (DF) La numeracin de lneas se ha agregado para una mejor explicacin:

en la lnea 1) la mquina "atacante" 192.168.255.20 lanza desde el puerto 1024 un segmento SYN hacia el puerto 653 de la mquina objetivo casa2.xxx.xxx.xxx . Se reconoce que se trata de un segmento SYN por la S que se observa despus del 653. Se estara hasta all en el punto b) del three way handshake explicado. en la lnea 2) la mquina objetivo responde con un paquete RESET ( ntese la R luego del 1024) indicando esto que no posee un proceso "escuchando" sobre el puerto 653 las lneas 3 y 4 son similares a las dos primeras , lo fundamental que varia es que se chequea si hay un proceso en el puerto 6141 de la mquina objetivo, como nuevamente no lo hay , se vuelve a responder con un RESET la lnea 5) muestra como la mquina 192.168.255.20 lanza un segmento SYN al puerto pop 3 de la mquina objetivo (puerto 110) , esta vez la mquina objetivo responde con un ACK dando por reconocido el SYN y el nmero de secuencia enviado ( se enva el numero de secuencia propio de la mquina objetivo , en este caso 1658259980 y el nro de secuencia enviado por la mquina 192.168.255.20 , + 1 es decir 2640612363) . Fjese que el paquete que responde casa2 posee los bits de control SYN y ACK activos . Esto se observa en la lnea 6) y se estara en el paso c) del three way handshake. La lnea 7) muestra el reconocimiento del ltimo paquete recibido en la mquina 192.168.255.20 con un segmento ACK , llegando as al punto d) del handshake . La lnea 8) es la finalizacin de la conexin por parte de 192.168.255.20 , cuestin que se realiza enviando un segmento FIN (ntese la F luego de pop3) Este proceso permiti al Nmap ejecutado detectar que el puerto 110 (pop3) de casa2 es un puerto activo en dicha mquina Se mencion que esta forma de barrido es fcilmente detectable , notese las huellas que dejaron en el archivo /var/log/messages ( esto depende de como est configurado el syslog.conf) la conexin vista en la lnea 5 , 6 , 7y8: May 6 08:24:01 root@192.168.255.20 casa2 in.pop3d[205]: connect from

*Barrido utilizando los segmentos SYN (medio abierto o half open , opcin -sS ) Este tipo de barrido se obtiene ejecutando al nmap con la opcin -sS . La tcnica que utiliza es abrir una "media conexin" , es decir enva un segmento SYN y si recibe un ACK es porque ha detectado un puerto activo en la mquina objetivo , despus de lo cual enva un RESET para cortar en forma abrupta la comunicacin. Si en vez de un ACK recibe un RST es porque el puerto de la mquina objetivo no se encuentra activo. Este modo de barrido posee la desventaja que se deben tener privilegios

de root para ejecutarlo . Pero posee la ventaja que es de difcil deteccin en la mquina que es barrida *Veamos ahora un anlisis similar de la tarea desarrollada por el Nmap con esta opcin, analizndola con el tcpdump (nuevamente las lneas se numeran por comodidad) 1) 22:25:45.856936 192.168.255.20.40175 > casa2.tau.org.ar.946: S 1292785825:1292785825(0) win 3072 2) 22:25:45.857078 casa2.tau.org.ar.946 > 192.168.255.20.40175: R 0:0(0) ack 1292785826 win 0 las lneas 1) y 2) son muy similares a las lneas 1) y 2) del apartado anterior , simplemente se ve el segmento SYN enviado por la mquina 192.168.255.20 al puerto 946 de la mquina casa2 y la respuesta de esta enviando un RESET por no ser ese un puerto activo de ella 3) 22:25:45.970365 192.168.255.20.40175 > casa2.tau.org.ar.pop3: S 1292785825:1292785825(0) win 3072 4) 22:25:45.976022 casa2.tau.org.ar.pop3 > 192.168.255.20.40175: S 185944428:185944428(0) ack 1292785826 win 16080 <mss 536> (DF) 5) 22:25:45.979578 192.168.255.20.40175 > casa2.tau.org.ar.pop3: R 1292785826:1292785826(0) win 0 las lneas 3) 4) y 5) son obtenidas por el hallazgo exitoso del puerto 110 ( pop3) en la mquina casa2 . Como se mencion , no se desarrolla completo el three way handshake sino que al recibir el Nmap el reconocimiento de su segmento SYN (mediante el segmento ACK enviado por casa2 , lnea 4 ), enva un segmento RESET que fuerza la interrupcin de la comunicacin. Este barrido sobre casa2 no dej huella en el archivo /var/log/messages , tal como se haba anticipado *Barrido utilizando los segmentos FIN La idea sobre la que se basa este tipo de barrido es que los puertos no activos de la mquina objetivo responden a un paquete FIN con un paquete RST. Los puertos activos, por otra parte ignoran dichos paquetes. Por lo tanto se obtiene la lista interesante de puertos observando cuales son los que no han "contestado". Las mquinas corriendo sistemas operativos Microsoft no son vulnerables a este tipo de barrido, ya que realizan una implementacin no Standard de lo que debera ser la forma correcta de operacin del TCP. Hay tres formas de operacin del Nmap utilizando tcnicas parecidas, ellas se obtienen con las opciones -sF , -sX y -sN. Analizamos en este articulo el comportamiento bajo la opcin -sF. Realizamos para ello un trabajo similar al hecho para las otras opciones

1) 06:50:45.643718 192.168.255.20.35600 > casa2.tau.org.ar.864: F 0:0(0) win 2048 2) 06:50:45.643865 casa2.tau.org.ar.864 > 192.168.255.20.35600: R 0:0(0) ack 0 win 0 en las lneas 1) y 2) se observa el envo del segmento FIN (ntese la F luego del 864 en la lnea 1) a la mquina objetivo y la respuesta de ella con un paquete RST (ntese la R en la lnea 2 luego del 35600). Nmap concluye entonces que el puerto 864 de casa2 no se encuentra activo. 3) 06:50:47.933227 192.168.255.20.35600 > casa2.tau.org.ar.pop3: F 0:0(0) win 2048 4) 06:50:48.251147 192.168.255.20.35601 > casa2.tau.org.ar.pop3: F 0:0(0) win 2048 Las lneas 3) y 4) vuelven a tomar como ejemplo al puerto pop3 de casa2 .En la lnea 3 se ve el envo del segmento FIN, segmento que no obtiene respuesta por parte de casa2 . La lnea 4) constituy una sorpresa y debe ser una seguridad que toma el Nmap para puertos que "no contestan", vuelve a enviarle un segmento FIN al cabo de un lapso para ver si realmente ese puerto no esta contestando. En ambos casos, casa2 ignor los paquetes, mostrndole as al Nmap que su puerto pop3 se encuentra activo.

**********************Opciones Generales*********************
No se requiere ninguna pero algunas de ellas pueden resultar de gran utilidad. -n -p0 No hace conversiones DNS para hacer el -sP mas rpido. No intenta hacer ping a un servidor antes de escanearlo. Esto permite el escaneo de redes que no permiten que pasen peticiones (o respuestas)de ecos ICMP a travs de su firewall. microsoft.com es un ejemplo de una red de este tipo, y, por lo tanto, debera usarse siempre -p0 o -PT80 al escanear microsoft.com.y otros con sistemas de deteccin de ataques sensibles asi como los .gov .mil etc. -PT Usa el ping TCP para determinar que servidores estn activos. En vez de enviar paquetes de peticion de ecos ICMP y esperar una respuesta, se lanzan paquetes TCP ACK a travs de la red de destino (o a una sola maquina) y luego se espera a que lleguen las respuestas. Los servidores activos

responden con un RST. Esta opcin mantiene la eficiencia de escanear nicamente aquellos servidores que se encuentran activos y la combina con la posibilidad de escanear redes/servidores que bloquean los paquetes ping. Para los usuarios no root se usa connect(). Para establecer el puerto de destino de los paquetes de prueba use -PT <numero de puerto). El puerto por defecto es el 80, dado que normalmente este puerto no es un puerto filtrado. Para el caso de -sT y -sP esta opcin aunque no es suministrada va implcita en el mtodo. -PS Esta opcin usa paquetes SYN (peticin de conexin) en vez de los paquetes ACK para usuarios root. Los servidores activos deberian responder con un RST (o, en raras ocasiones, un SYN|ACK).Utiliza el TCP SYN sweep en lugar de el valor por defecto que es el ack sweep utilizado en el Ping TCP. -PI Esta opcin usa un paquete ping (peticin de eco ICMP) verdadero. Encuentra servidores que estn activos y tambin busca direcciones de broadcast dirigidas a subredes en una red. Se trata de direcciones IP alcanzables desde el exterior que envian los paquetes IP entrantes a una subred de servidores. Estas direcciones deberan eliminarse, si se encontrase alguna, dado que suponen un riesgo elevado ante numerosos ataques de denegacin de servicio (el mas corriente es Smurf).PI Utiliza paquetes icmp para determinar que hosts estn conectados y es especial si deseas hacer un scan a travez de un firewall.

-PB Este es el tipo de ping por defecto. Usa los barridos ACK ( -PT ) e ICMP ( -PI ) en paralelo. De este modo se pueden alcanzar firewalls que filtren uno de los dos (pero no ambos).Hace la misma funcin que el barrido (scan) TCP y ICMP, se le puede especificar un puerto destino despus de la "B". -O Esta opcin activa la deteccin remota del sistema operativo por medio de la huella TCP/IP. En otras palabras, usa un punado de tecnicas para detectar sutilezas en la pila de red subyacente del sistema operativo de los servidores que se escanean. Usa esta informacin para crear una 'huella' que luego compara con una base de datos de huellas de sistemas operativos conocidas (el archivo Nmap-os-fin-

gerprints) para decidir que tipo de sistema se esta escaneando. Si encuentra una maquina diagnosticada errneamente que tenga por lo menos un puerto abierto, me seria de gran utilidad que me enviase los detalles en un e-mail (es decir, se encontr la version xxx de tal cosa y se detecto este u otro sistema operativo..). Si encuentra una maquina con al menos un puerto abierto de la cual Nmap le informe "sistema operativo desconocido",Si no da el SO puede que muestre la marca del router. le estara agradecido si me enviase la direccin IP junto con el nombre del sistema operativo y el numero de su versin. Si no me puede enviar la direccin IP, una alternativa seria ejecutar Nmap con la opcion -d y enviarme las tres huellas que obtendra como resultado junto con el nombre del sistema operativo y el numero de version. Al hacer esto, esta contribuyendo a aumentar el numero importante de sistemas operativos conocidos por Namp y de este modo el programa resultara mas exacto para todo el mundo. -R Intenta Convertir utilizando DNS(o sea del ip te muestra el hostname ejm: le das 127.0.0.1 y te muestra que s localhost.localdomain.

-I

Esta opcion activa el escaneo TCP de identificacin contraria. Tal y como comenta Dave Goldsmith en un correo Bugtrat de 1996, el protocolo ident (rfc 1413) permite la revelacin del nombre del usuario propietario de cualquier proceso conectado va TCP, incluso aunque ese proceso no haya iniciado la conexin. De este modo se puede, por ejemplo, conectar con el puerto http y luego usar identd para descubrir si el servidor esta ejecutndose como root. Esto solo se puede hacer con una conexion TCP completa con el puerto de destino (o sea, la opcin de escaneo -sT). Cuando se usa -I, se consulta al identd del servidor remoto sobre cada uno de los puertos abiertos encontrados en el sistema. Por supuesto, esto no funcionara si el servidor en cuestin no esta ejecutando identd. -f Esta opcin hace que el escaneo solicitado de tipo SYN, FIN, XMAS, o NULL use pequeos paquetes IP fragmentados. La idea consiste en dividir la

cabecera TCP en varios paquetes para ponrselo mas difcil a los filtros de paquetes, sistemas de deteccin de intrusin y otras inconveniencias por el estilo que tratan de saber lo uno esta haciendo. iTenga cuidado con esto! Algunos programas tienen problemas a la hora de manejar estos paquetes tan pequenos. Mi sniffer favorito produjo un error de segmentacin inmediatamente despus de recibir el primer fragmento de 36 bytes. iDespues de este viene uno de 24 bytes! Mientras que este mtodo no podra con filtros de paquetes y firewalls que ponen en cola todos los fragmentos IP (como en el caso de la opcin CONFIG_IP_ALWAYS_DEFRAG en la configuracin del kernel de Linux), tambin es verdad que algunas redes no pueden permitirse el efecto negativo que esta opcin causa sobre su rendimiento y por lo tanto la dejan desactivada. Ntese que no he conseguido que esta opcin funcione con todos los sistemas. Funciona bien con mis sistemas Linux, FreeBSD y OpenBSD y algunas personas han informado de xitos con otras variantes *NIX. -v Modo de informacin ampliada. Esta opcin resulta muy recomendable y proporciona gran cantidad de informacin sobre lo que esta sucediendo. Puede usarla dos veces para un efecto mayor. iUse -d un par veces si lo que quiere es volverse loco haciendo scroll en su pantalla! Esta opcin tan practica muestra una pantalla de referencia rpida sobre las opciones de uso de nmap. Quizas haya notado que esta pagina de manual no es precisamente una "referencia rpida" :)

-h

-o <nombre_de_archivo_de_registro> Esta opcin guarda los resultados de sus escaneos en forma humanamente inteligible en el archivo especificado como argumento. -m <nombre_de_archivo_de_registro> Esta opcion guarda los resultados de sus escaneos en un formato comprensible para una maquina en el archivo especificado como argumento. -i <nombre_de_archivo_de_entrada> Lee especificaciones de servidores o redes de destino a partir del archivo especificado en vez de hacerlo de la linea de comandos. El archivo debe contener una lista de expresiones de servidores o

redes separadas por espacios, tabuladores o nuevas lineas. Use un guion (-) como nombre_de_archivo_de_entrada si desea que nmap tome las expresiones de servidores de stdin. -p <rango de puertos> Esta opcin determina los puertos que se quieren especificar. Por ejemplo, '-p 23' probara solo el puerto 23 del servidor(es) objetivo. '-p 20-30,139,60000-' escanea los puertos del 20 al 30, el puerto 139 y todos los puertos por encima de 60000. Por defecto se escanean todos los puertos entre el 1 y el 1024 as como los que figuran en el archivo /etc/services que podemos mirar en modo txt. -F Modo de escaneo rpido. Implica que solo se desean escanear aquellos puertos que figuran en /etc/services. Obviamente esto resulta mucho mas rpido que escanear cada uno de los 65535 puertos de un servidor.

-D <senuelo1, seuelo2 dir_ip_a_escanear> (combinar con P0 para mejor resultado). Especifica que se desea efectuar un escaneo con senuelos, el cual hace que el servidor escaneado piense que la red destino del escaneo esta siendo escaneada tambien por el servidor(es) especificados como senuelos. Asi, sus IDs pueden informar de entre 5 y 10 escaneos procedentes de direcciones IP unicas, pero no sabrn que direccin IP les estaba escaneando realmente y cuales eran senuelos inocentes. Separe cada servidor senuelo con comas, y puede usar opcionalmente 'ME' como senuelo que representa la posicin que quiere que ocupe su direccin IP. Si coloca 'ME' en la sexta posicin o superior, es muy poco probable que algunos escneres de puertos comunes (como el excelente scanlogd de Solar Designer) lleguen incluso a mostrar su direccin IP. Si no se usa 'ME', Nmap le colocara a usted en una posicin aleatoria.! Ntese que aquellos servidores usados como senuelos deben encontrarse activos, o, de lo contrario podria provocar un desbordamiento (flood) SYN en su objetivo. Por otra parte, resultara bastante fcil saber que servidor esta escaneando si nicamente hay uno activo en la red.

Ntese tambin que algunos (estupidos) "detectores de escneres de puertos" opondrn una firewall o bien denegaran el rutaje a aquellos servidores que intenten escanear sus puertos. De este modo se podra provocar inadvertidamente que la maquina que se esta intentando escanear perdiese contacto con los servidores usados como senuelos. Esto podra causarles a los servidores escaneados verdaderos problemas si los servidores senuelo fuesen, por ejemplo, su gateway a internet o incluso "localhost". Debera usarse esta opcin con extremo cuidado. La verdadera moraleja de este asunto es que un detector de escaneos de puertos que aparenten tener intenciones poco amistosas no debera llevar a cabo accin alguna contra la maquina que aparentemente le esta escaneando. iPodria no ser mas que un senuelo! Los senuelos se usan tanto en el escaneo ping inicial (usando ICMP, SYN, ACK, o lo que sea) como en la fase de escaneo de puertos propiamente dicha. Tambin se usan los senuelos en la fase de deteccin remota del sistema operativo ( -O ). Vale la pena destacar que el uso de demasiados senuelos puede ralentizar el proceso de escaneo y, potencialmente, hacer que sea menos exacto. Por otra parte, algunos ISPs filtraran los paquetes manipulados y los desecharan, aunque muchos (actualmente la mayora) no ponen restricciones a este tipo de paquetes. -S <Direccion_IP> Se suele utilizar para ocultar un poco el scan, ideal para hacer "Scan Spoofing". En determinadas circunstancias, es posible que Nmap no sea capaz de determinar su (de usted) direccin IP de origen (nmap se lo har saber si este es el caso). En este caso, use -S con su direccin IP (del interfaz a travs del cual desea enviar los paquetes). Otro posible uso de esta opcin es el de manipular el escaneo para hacer creer a los servidores de destino que alguien mas les esta escaneando. iImaginese a una compaa escaneada repetidamente por una compaa rival! Esta no es la funcin para la que se ha diseado esta opcin (ni su proposito principal). Simplemente pienso que revela una posi-

bilidad que la gente debera tener en cuenta antes de acusar a los dems de escanear sus puertos. La opcin -e ser necesaria en general para este tipo de uso. -e <interfaz> Le dice a Nmap que interfaz ha de usar para enviar y recibir paquetes. El programa debera detectar esto por si mismo, pero le informara si no es asi. pueder ser eth0,ppp0,ppp1 etc.Viene bien si tenemos varias tarjetas de red. -g <numero_de_puerto> Establece el numero de puerto de origen a usar en los escaneos. Muchas instalaciones de firewalls y filtros de paquetes inocentes hacen una excepcin en sus reglas para permitir que las atraviesen y establezcan una conexin paquetes DNS (53) o FTPDATA (20). Evidentemente esto contraviene completamente las ventajas en materia de seguridad que comporta una firewall dado que los intrusos pueden enmascararse como DNS o FTP con una simple modificacion de su puerto de origen. Por supuesto, debera probarse primero con el puerto 53 para un escaneo UDP y los escaneos TCP deberan probar el 20 antes del 53. Ntese que el uso de esta opcin penaliza levemente el rendimiento del escaneo, porque a veces se almacena informacin util en el numero de puerto de origen. -M <max sockets> Establece el numero mximo de sockets que se usaran en paralelo para un escaneo TCP connect() (escaneo por defecto). Resulta util a la hora de ralentizar ligeramente el proceso de escaneo con el fin de evitar que la maquina de destino se cuelgue. Otra manera de hacerlo es usar -sS, que normalmente les resulta mas facil de asumir a las maquinas de destino. Especificacin de Objetivo Cualquier cosa que no es una opcin (o el argumento de una opcin) en Namp se trata como una especificacion de servidor de destino. El caso mas simple consiste en especificar servidores aislados o direcciones IP en la lnea de comandos. Si pretende escanear una subred de direcciones IP, entonces se

puede anadir '/mask' a la dileccin IP o al nombre del servidor. mask debe estar entre 0 (escanea toda Internet) y 32 (escanea nicamente el servidor especificado). Use /24 para escanear una direccin de clase 'C' y /16 para la clase 'B'. Nmap dispone tambin de una notacin mucho mas potente que permite la especificacin de direcciones IP usando listas/rangos para cada elemento. De este modo, se puede escanear la red de clase 'B' completa 128.210.*.* especificando '128.210.*.*' o '128.210.0-255.0-255' o incluso notacin de mascara: '128.210.0.0/16'. Todas ellas son equivalentes. Si se usan asteriscos ('*'), ha de tenerse en cuenta que la mayora de los shells requieren que se salga de ellos con caracteres / o que se les proteja con comillas. Otra posibilidad interesante consiste en dividir Internet en el otro sentido. En vez de escanear todos los servidores en una clase 'B', se puede escanear '*.*.5.6-7' para escanear todas las direcciones IP terminadas en .5.6 o .5.7 Escoja sus propios nmeros. Para mas informacin sobre la especifijacin de servidores a escanear, vase la seccin ejemplos a continuacin.

******************** OPCION: *********************

Tcnica

Idlscan

Aunque un `idle scanning' es bastante sofisticado en materia de mtodos de escaneo de puertos, uno no tiene que ser un experto en TCP/IP para comprenderlo. Slo se necesita comprender algunas cuestiones bsicas: La mayora de los servidores esuchan en puertos de TCP, de la manera en la que los servidores de web escuchan en el puerto 80 y los servidores de correo en el puerto 25. Un puerto es

considerado "abierto" si alguna aplicacin est escuchando en ese puerto, si no, est cerrado. Una manera de determinar si un puerto esta abierto es envia un paqueter con "SYN" (establecimiento de sesin) al puerto. La mquina destino enviar de vuelta un paquete con "SYN|ACK" (reconocimiento de pedido de sesin) si el puerto est abierto, y un paquete con "RST" si el puerto est cerrado. Una mquina que recibe un paquete con "SYN|ACK" no solicitado previamente responder con una "RST". Pero un "RST" no solicitado previamente es ignorado. Cada paquete de IP en Internet tiene un nmero de "identificacin de fragmento". Varios sistemas operativos simplemente incrementan este nmero por cada paquete que envan. Por lo tanto la observacin de este nmero puede decirle al atacante cuntos paquente han sido enviados desde la ltima observacin. Al combinar estas caractersticas, es posible escanear una red falsificando nuestra identidad para que parezca que una mquina "zombie" inocente realiz el escaneo. Es ms fcil describir esta tcnica por medio de un diagrama. En la imagen, debajo, un atacante, A, est escaneando una mquina destino, y a la vez culpando del escaneo a algn zombie, Z. Los cuadrados representan mquinas y las lneas representan paquetes. Breves descripciones en castellano de los paquetes estn impresas por encima de las lneas, mientras que las "flags" reales de TCP e informacin distintiva de los paquetes estn impresas debajo de ellas:

Como muestra el diagrama, el host destino responde de manera diferente al Zombie dependiendo del estado del puerto. Si el puerto probado est abierto, el destino enva un SYN|ACK al Zombie. El Zombie no esperaba este SYN|ACK, por lo tanto, enva de vuelta un RST. Al enviar este RST, el Zombie hace que se incremente su nmero de secuencia de IPID. El verdadero atacante detecta esto en el paso 3. Si el puerto est cerrado, el destino enva un RST al Zombie. Los Zombies ignoran este paquete RST no solicitado y no incrementan su nmero de secuencia de IPID.

Ventajas del Idlescan

Las tcnicas de Idlescan ofrecen al atacante muchas ventajas por sobre otros tipos de escaneo populares como los "SYN scans" o los "FIN scans". Es por esto, que recomendamos defensas importantes para ayudar a proteger la red de este ataque. Estas son algunas de las razones, por las cuales los atacantes podran usar este mtodo de escaneo: Porque es el ms sigiloso -- Hay muchas tcnicas que la gente puede utilizar para camuflar su identidad. Entre ellas, el uso de seuelos (Nmap -D) of escaneos medio-abiertos ("halfopen scans", nmap -sS). Pero incluso estas tcnicas requieren que el atacante enve algunos paquetes al destino desde su direccin de IP real. Por otra parte, un Idlescan es completamente invisible -- ningn paquete es enviado al destino desde la verdadera direccin de origen --.

Como conclusin, se tiene que los sistemas de deteccin de intrusin (IDS), generalmente, indicarn y enviarn alertas diciendo que la mquina Zombie ha lanzado un escaneo hacia ellos!. Vencer routers/firewalls que filtran paquetes -- El filtrado por direccin de IP de origen es un mecanismo de seguridad muy comn que sirve para limitar las mquinas que pueden conectarse a un host delicado. Por ejemplo, el servidor de base de datos de una compaa quizs admita conexiones slo desde el servidor pblico de web que accede a ella. Un usuario desde su casa quizs slo permita conexiones de `ssh' (login interactivo) desde sus mquinas del trabajo.

Un escenario ms perturbador ocurre cuando alguien de peso en alguna compaa demanda que los adminstradores de red abran un agujero en el firewall para que l puede acceder a los recursos de la red interna desde la direccin de IP de su casa. Esto puede pasar cuando los ejecutivos no pueden o no tienen ganas de contemplar una alternativa de VPN (red privada virtual) segura. El "idle scanning" puede ser utilizado con frecuencia para mapear esas relaciones de confianza. El factor clave es que los resultados de un Idlescan listan los puertos abiertos desde la perspectiva del host zombie. Por lo tanto un escaneo normal sobre el servidor de base de datos mencionado anteriormente podra mostrar que no hay puertos abiertos. Pero al realizar un Idlescan utilizando al servidor de web como zombie podra exponerse la relacin de confianza al mostrar abiertos los puertos de servicios relacionados a la base de datos. Mapear estas relaciones de confianza puede ser muy til para que los atacantes le den prioridad a algunos destinos. El servidor de web distutido anteriormente puede parece algo normal al atacante hasta que nota su acceso especial a la base de datos.

**********************Ejemplos Nmap******************

de

uso

de

El primer paso es encontrar un host zombie apropiado. El host no debera tener mucho trfico, (de ah el nombre Idle, inerte, inactivo ) y debera ofrecer valores de IPID predecibles. Impresoras, mquinas con Windows, hosts con versiones de Linux viejas, FreeBSD, y Mac OS son generalmente tiles. Las ltimas versiones de Linux, SOlaris Y OpenBSD son inmunes a ser tratadas como zombies, pero cualquier host puede ser objeto de el escaneo. Una manera de determinar la vulnerabilidad de un host es simplemente probar un Idlescan de Nmap. Nmap comprobar el zombie y reportar si es confiable. Efectuar estos escaneos es bastante fcil. Simplemente hay que proveer de el nombre del host zombie a la opcin -SI y Nmap hace el resto. Este es un ejemplo rpido:
# nmap -P0 -p- -sI kiosk.adobe.com www.riaa.com Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Idlescan using zombie kiosk.adobe.com (192.150.13.111:80); Class: Incremental Interesting ports on 208.225.90.120: (The 65522 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open http 111/tcp open sunrpc 135/tcp open loc-srv 443/tcp open https 1027/tcp open IIS 1030/tcp open iad1 2306/tcp open unknown 5631/tcp open pcanywheredata 7937/tcp open unknown 7938/tcp open unknown 36890/tcp open unknown Nmap run completed -- 1 IP address (1 host up) scanned in 2594.472 seconds

De este escaneo, aprendemos que la RiAA no es muy consciente de la seguridad (se pueden notar abiertos los puertos de "PC Anywhere", "portmapper, Y "Legato nsrexec"). Ya que aparentemente no tienen un firewall, es poco probable que s tengan un IDS. Pero si lo tienen, mostrar a 'kiosk.adobe.com' como el culpable del escaneo. La opcin -P0 previene que Nmap enve un ping incial a la Mquina de RIAA. Esto disminuye la velocidad del escaneo (hay menos informacin disponible sobre los tiempos), pero asegura que ningn paquete sea enviado al

destino desde nuestra verdadera direccin de IP. El escaneo tard un largo tiempo porque se escanearon los 65535 puertos -- hay que saltear la opcin "-p-" si slo se quieren escanear los puertos bastante conocidos ("well know ports") adems de los puertos 1-1024 --. Uno tiene que asegurarse de encontrar zombies propios -- Kiosk no es muy confiable y es probable que desaparezca o sea monitoreado de cerca --.

A continuacin se muestran algunos ejemplos del uso de Nmap que abarcan desde los usos mas normales y frecuentes a los mas complejos o incluso esotricos. Ntese que se han incluido direcciones IP y nombres de dominio reales para hacer las cosas mas concretas. Usted debera sustituirlos por nmeros y direcciones de su propia red. No creo que escanear otras redes sea ilegal; ni se deberan considerar los escaneos de puertos como ataques. He escaneado cientos de miles de maquinas y tan solo he recibido una queja. Pero no soy abogado y es posible que los intentos de Nmap lleguen a molestar a alguna gente. Obtenga primero el permiso para hacerlo o hagalo bajo su propia responsabilidad. Ejemplos (No puedo poner el real, no seria tico, por eso lo de XXX) Hagamos un anlisis de host www.XXX.ar usaremos un scan simple para ello. Este host tiene mas agujeros que un queso, una recomendacin para el administrador seria que dedique un tiempo a revisar su poltica de seguridad ya que es uno de los sitios mas propensos a ser atacados debido a la lamentable situacin del pas especialmente a la actitud del partido gobernante en cuanto a educacin. En el segundo ejemplo vamos usar las opciones -O para ver que sistema operativo usa y solo veremos los puertos 79,23,513,514 algunos de los mas interesantes para los hackers. Efectivamente en la Figura 3 vemos que todos estos puertos estn disponibles y que el sistema operativo usado es un Linux con Kernel 2.0.35 o 36 por lo que podemos deducir que bien puede usar Red Hat 5.2 o Debian 2.0 entre otros. Vamos finalmente un scan lo mas furtivo posible para evitar ser detectado, para ello usaremos las opciones -sS y -f ya que el sistema objetivo puede tener instalados logers o mtodos de deteccin de escaneos de puertos Estos ejemplos son solo introductorios obviamente que se pueden usar la otras opciones explicadas arriba y combinaciones de las misma, con lo

que podramos obtener mayor informacin sobre los servidores auscultados.

Si deseas ver puertos especificos del ip 200.34.66.78 para ver si estan disponibles solo haces esto: $nmap -p 21,23,110,139 200.34.66.78 y de esta manera estaremos haciendo el scan a los puertos que nos interesan ver, en este caso 21,23,110,139. Si quiero ver el S.0. del host victima que tiene la ip 200.24.56.76 solo tengo que hacer lo sgt: #nmap -sS -O 200.24.56.76. aca usamos la opcion -sS para que asi no los detecten en la maquina victima al momento de tratar de ver que S.O. corre. Para determinar si un host victima con el ip 200.11.34.67 es vulnerable al bounce attack tecleamos: $nmap -b 200.11.34.67 y si el sistema tiene mecanismos sensibles de deteccin de intrusos lo aremos de la siguiente forma: $nmap -P0 -b200.11.34.67. Asi evitamos dejar algn rastro de nuestro ip.

Mas ejemplos * nmap -v objetivo.ejemplo.com Esta opcin escanea todos los puertos TCP reservados en la maquina objetivo.ejemplo.com. La -v implica la activacin del modo de informacin ampliada. * nmap -sS -O objetivo.ejemplo.com/24 Lanza un escaneo SYN oculto contra cada una de las maquinas activas de las 255 maquinas de la classe 'C' donde se aloja objetivo.ejemplo.com. Tambin trata de determinar el sistema operativo usado en cada una de las maquinas activas. Este escaneo requiere privilegios de root a causa del escaneo SYN y la deteccin del sistema operativo. * nmap -sX -p 22,53,110,143 128.210.*.1-127

Enva un escaneo Xmas tree a la primera mitad de cada una de las 255 posibles subredes de 8 bits en el espacio de direcciones clase 'B' 128.210 . Se trata de comprobar si los sistemas ejecutan sshd, DNS, pop3d, imapd o el puerto 4564. Ntese que el escaneo Xmas no funciona contra servidores ejecutando cualquier sistema operativo de Microsoft debido a una pila TCP deficiente. Lo mismo se aplica a los sistemas CISCO, IRIX, HP/UX, y BSDI. * nmap -v -p 80 '*.*.2.3-5' En vez de centrarse en un rango especifico de direcciones IP, resulta a veces interesante dividir Internet en

porciones y escanear una pequea muestra de cada porcin. Este comando encuentra todos los servidores web en maquinas cuyas direcciones IP terminen en .2.3, .2.4, o .2.5 . Si usted es root podra aadir tambin -sS. Tambin encontrara maquinas mucho mas interesantes si empieza en 127. asi que es posible que desee usar '127-222' en vez de el primer asterisco dado que esa seccin tiene una densidad mucho mayor de maquinas interesantes (IMHO). host -l compania.com | cut '-d ' -f 4 | ./nmap -v -i Hace una transferencia de DNS de zona para descubrir los servidores en compania.com y luego pasar las direcciones IP a nmap. Los comandos arriba indicados son para mi sistema Linux. Es posible que se necesiten comandos/opciones diferentes para otros sistemas operativos. ***********************SUPER EJEMPLO********************* Microsoft Windows XP [Versin x.x.x] (C) Copyright 1985-2001 Microsoft Corp.
Vamos a ver si el Host existe o esta activo

C:\Documents and Settings\David>ping x.x.x.x Haciendo ping a x.x.x.x con 32 bytes de datos: Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta solicitud. Estadsticas de ping para x.x.x.x

Paquetes: enviados = 4, recibidos = 0, perdidos = 4 (100% perdidos), C:\Documents and Settings\David>ping x.x.x.x Haciendo ping a x.x.x.x con 32 bytes de datos: Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta solicitud. Tiempo de espera agotado para esta solicitud. Estadsticas de ping para x.x.x.x Paquetes: enviados = 4, recibidos = 0, perdidos = 4 (100% perdidos),
Bien por ahora parece que no existe verdad Pues mira lo que se puede hacer despues de leer este manual

C:\Documents and Settings\Busindre>cd.. C:\Documents and Settings>cd.. C:\>cd nmap-3.70

Vamos ya

C:\nmap-3.70>nmap -sS -f -O x.x.x.x Warning: Packet fragmentation selected on a host other than Linux, OpenBSD, Free BSD, or NetBSD. This may or may not work. Starting nmap 3.70 ( http://www.insecure.org/nmap ) at 2004-09-06 04:49 Hora est ndar romance Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Interesting ports on x.x.x.x.proxycache.rima-tde.net (x.x.x.x): (The 1657 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 80/tcp open http 8081/tcp open blackice-icecap 8082/tcp open blackice-alerts Device type: general purpose|media device|broadband router Running: Linux 2.4.X, Pace embedded, Panasonic embedded OS details: Linux 2.4.6 - 2.4.21, Pace digital cable TV receiver, Panasonic IP T echnology Broadband Networking Gateway, KX-HGW200 Uptime 6.308 days (since Mon Aug 30 22:11:44 2004)

Nmap run completed -- 1 IP address (1 host up) scanned in 2756.157 seconds C:\nmap-3.70>
Madre mia verdad Al final resulta que existe algo en esa IP Le hemos hecho el lio a la proteccin antiescaneo/ping/ gracias a la gran clandestinidad del NMAP (f)..XD

Diferencias entre un escaneo de una ip real X.X.X.X con 3 scaners DIFERENTES (No incluido Nmap, que es el mejor): 1-SUPERPUERTOS 125.Red-80-38-202.pooles.rima-tde.net/X.X.X.X smtp Simple Mail Transfer 21 220 331 23 80 110 ftp File Transfer [Control] PCJORGE FTP version 1.0 ready at Mon Jan 3 19:01:33 2000 Enter PASS command Telnet http World Wide Web HyperText Transfer Server: ZyXEL-RomPager/3.02 pop3 Post Office Protocol - Version 3

1755 ms-streaming, Windows Media .asf, MS NetShow 4662 2-PORT SCAN 0 :PORTSCAN READY. SCANNING HOST:X.X.X.X SCAN BEGUN ON PORT:1 IP:X.X.X.X SCAN HALTED ON PORT:65536 21 :CONNECT 220 PCJORGE FTP version 1.0 ready at Mon Jan 3 16:29:16 2000 CLOSED END PORT INFO 23 :CONNECT Password: CLOSED

END PORT INFO 25 :CONNECT CLOSED END PORT INFO 80 :CONNECT CLOSED END PORT INFO 110 :CONNECT CLOSED END PORT INFO 1755 :CONNECT CLOSED END PORT INFO 3-SUPERSCAN TCP Ports (6) 21 File Transfer [Control] 22 SSH Remote Login Protocol 53 Domain Name Server 80 World Wide Web HTTP 443 HTTP protocol over TLS/SSL 1755 **********************Puertos

de
Utilizado por FTP para la transmisin de datos en modo pasivo.

Interes********************
FTP Data

20

CERRADO

21

FTP

INVISIBLE

22

SSH

CERRADO

Los serv muchas v segurida servidor configura a un a ficheros, programa Secure S telnet en bien co permitir bruta a

23

Telnet

INVISIBLE

25

SMTP

CERRADO

53

DNS

CERRADO

59

DCC

CERRADO

79

Finger

CERRADO

80

HTTP

INVISIBLE

110

POP3

CERRADO

113

IDENT

CERRADO

administ sistema. Telnet ventana el contr sistema. que apa conexin duda l cualquier Los se (Simple Protocol) trayector vulnerab intruso detenidam en tu m Servicio nombres direccion Utilizado en comunic transferir El servic antigua informac usa frec un punto un ataq Finger proporcio nombres contrase Cada d nuevos f en los s no usas mquina lo desact Este pue servicio Como cu abierto s sobre to servidor Servicio

135

RPC

CERRADO

139

NetBIOS

CERRADO

143

IMAP

CERRADO

Identifica - Los ser como PO IRC con en respu de clien estar ab una fue escape d cortafueg mostrar ms nue son cap este puer aleatorio muestran peticione vlidos. Remote Este pue cerrar mayora Window muchos de Micr puerto, permane exterior. imposibl necesitar para bl accesos e NetBIOS comparti de tu en ests co con este probable comparti todo tu d el mund antes. El IMAP Access probable ms esca 139 (Ne un siste nuevo,

443

HTTPS

CERRADO

445

MSFT DS

CERRADO

1080

Socks

INVISIBLE

5000

UPnP

INVISIBLE

8080

WebProxy

CERRADO

servidore tiempo p puerto ab acapara los intrus La prese de web sistema sistema conexion navegado puerto abierto realment utilizand seguro v Server M Window aadi ejecutar sobre TC extra de Servicio El Unive un proto para per descubri automti rango Microsof protocolo (incluso necesita) expuesto vulnerab remotos. aconseja desactive Este pue permitir utilizar ocultar servidore

*************************Listado Puertos*************************************

de

Puerto Protocolo Keyword 1 1 1 2 2 2 3 3 5 5 7 7 9 9 11 11 13 13 15 15 17 17 18 18 19 19 20 20 20 21 21 21 21 21 21 21 21 21 21 21 21 21 21 21

Descripcion

tcp tcpmux TCP Port Service Multiplexer [rfc-1078] udp Socketsdes Troie [trojan] Sockets des Troie udp tcpmux TCP Port Service Multiplexer tcp compressnet Management Utility tcp Death [trojan] Death udp compressnet Management Utility tcp compressnet Compression Process udp compressnet Compression Process tcp rje Remote Job Entry udp rje Remote Job Entry tcp echo Echo udp echo Echo tcp discard Discard udp discard Discard tcp systat Active Users udp systat Active Users tcp daytime Daytime udp daytime Daytime tcp netstat Netstat tcp B2 [trojan] B2 tcp qotd Quote of the Day udp qotd Quote of the Day tcp msp Message Send Protocol udp msp Message Send Protocol tcp chargen Character Generator udp chargen Character Generator tcp ftp-data File Transfer [Default Data] udp ftp-data File Transfer [Default Data] tcp SennaSpyFTPserver [trojan] Senna Spy FTP server tcp ftp File Transfer [Control] udp ftp File Transfer [Control] tcp BackConstruction [trojan] Back Construction tcp BladeRunner [trojan] BladeRunner tcp CattivikFTPServer [trojan] Cattivik FTP Server tcp CCInvader [trojan] CC Invader tcp DarkFTP [trojan] Dark FTP tcp DolyTrojan [trojan] Doly Trojan tcp Fore [trojan] Fore tcp FreddyK [trojan] FreddyK tcp InvisibleFTP [trojan] Invisible FTP tcp Juggernaut42 [trojan] Juggernaut 42 tcp Larva [trojan] Larva tcp MotIvFTP [trojan] MotIv FTP tcp NetAdministrator [trojan] Net Administrator

21 tcp Ramen [trojan] Ramen 21 tcp RTB666 [trojan] RTB 666 21 tcp SennaSpyFTPserver [trojan] Senna Spy FTP server 21 tcp Traitor21 [trojan] Traitor 21 21 tcp [trojan]TheFlu [trojan] The Flu 21 tcp WebEx [trojan] WebEx 21 tcp WinCrash [trojan] WinCrash 21 tcp AudioGalaxy AudioGalaxy file sharing app 22 tcp Adoresshd [trojan] Adore sshd 22 tcp Shaft [trojan] Shaft 22 tcp ssh SSH Remote Login Protocol 22 udp pcanywhere PCAnywhere (deprecated) 22 udp ssh SSH Remote Login Protocol 23 tcp telnet Telnet 23 udp telnet Telnet 23 tcp ADMworm [trojan] ADM worm 23 tcp FireHacKer [trojan] Fire HacKer 23 tcp MyVeryOwntrojan [trojan] My Very Own trojan 23 tcp RTB666 [trojan] RTB 666 23 tcp TelnetPro [trojan] Telnet Pro 23 tcp TinyTelnetServer [trojan] Tiny Telnet Server - TTS 23 tcp TruvaAtl [trojan] Truva Atl 24 tcp BO2KControlPort [trojan] Back Orifice 2000 (BO2K) Control Port 24 tcp priv-mail any private mail system 24 udp priv-mail any private mail system 25 tcp smtp Simple Mail Transfer 25 udp smtp Simple Mail Transfer 25 tcp Ajan [trojan] Ajan 25 tcp Antigen [trojan] Antigen 25 tcp Barok [trojan] Barok 25 tcp BSE [trojan] BSE 25 tcp EmailPasswordSender [trojan] Email Password Sender - EPS 25 tcp EPSII [trojan] EPS II 25 tcp Gip [trojan] Gip 25 tcp Gris [trojan] Gris 25 tcp Happy99 [trojan] Happy99 25 tcp Hpteammail [trojan] Hpteam mail 25 tcp Hybris [trojan] Hybris 25 tcp Iloveyou [trojan] I love you 25 tcp Kuang2 [trojan] Kuang2 25 tcp MagicHorse [trojan] Magic Horse 25 tcp MBTMailBombingTrojan [trojan] MBT (Mail Bombing Trojan) 25 tcp MBT [trojan] MBT (Mail Bombing Trojan) 25 tcp MoscowEmailtrojan [trojan] Moscow Email trojan 25 tcp Naebi [trojan] Naebi 25 tcp NewAptworm [trojan] NewApt worm

25 25 25 25 25 25 25 25 26 27 27 27 28 29 29 29 30 31 31 31 31 31 31 33 33 35 35 37 37 38 38 39 39 39 41 41 41 41 41 42 42 43 43 44 44 44 45 45 46 46

tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp tcp tcp udp tcp tcp udp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp udp

ProMailtrojan [trojan] ProMail trojan Shtirlitz [trojan] Shtirlitz Stealth [trojan] Stealth Stukach [trojan] Stukach Tapiras [trojan] Tapiras Terminator [trojan] Terminator WinPC [trojan] WinPC WinSpy [trojan] WinSpy altavista-fw97 AltaVista Firewall97 altavista-fw97 AltaVista Firewall97 nsw-fe NSW User System FE nsw-fe NSW User System FE altavista-fw97 AltaVista Firewall97 altavista-fw97 AltaVista Firewall97 msg-icp MSG ICP msg-icp MSG ICP Agent40421 [trojan] Agent 40421 msg-auth MSG Authentication msg-auth MSG Authentication Agent31 [trojan] Agent 31 Agent31 [trojan] Agent 31 HackersParadise [trojan] Hackers Paradise MastersParadise [trojan] Masters Paradise dsp Display Support Protocol dsp Display Support Protocol priv-print any private printer server priv-print any private printer server time Time time Time rap Route Access Protocol rap Route Access Protocol rlp Resource Location Protocol rlp Resource Location Protocol SubSARI [trojan] SubSARI graphics Graphics graphics Graphics DeepThroat [trojan] DeepThroat DeepThroat [trojan] Deep Throat Foreplay [trojan] Foreplay name Host Name Server name Host Name Server whois nicname whois nicname mpm-flags MPM FLAGS Protocol mpm-flags MPM FLAGS Protocol Arctic [trojan] Arctic mpm Message Processing Module [recv] mpm Message Processing Module [recv] mpm-snd MPM [default send] mpm-snd MPM [default send]

47 47 48 48 48 48 49 49 50 50 50 50 51 51 52 52 53 53 53 53 54 54 55 55 56 56 57 57 57 58 58 58 59 59 59 59 61 61 62 62 63 63 63 63 64 64 65 65 66 66

tcp udp tcp udp tcp tcp tcp udp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

ni-ftp NI FTP ni-ftp NI FTP auditd Digital Audit Daemon auditd Digital Audit Daemon DRAT [trojan] DRAT DRAT [trojan] DRAT tacacs Login Host Protocol (TACACS) tacacs Login Host Protocol (TACACS) re-mail-ck Remote Mail Checking Protocol re-mail-ck Remote Mail Checking Protocol DRAT [trojan] DRAT DRAT [trojan] DRAT la-maint IMP Logical Address Maintenance la-maint IMP Logical Address Maintenance xns-time XNS Time Protocol xns-time XNS Time Protocol domain Domain Name Server domain Domain Name Server ADMworm [trojan] ADM worm Lion [trojan] Lion xns-ch XNS Clearinghouse xns-ch XNS Clearinghouse isi-gl ISI Graphics Language isi-gl ISI Graphics Language xns-auth XNS Authentication xns-auth XNS Authentication priv-term any private terminal access priv-term any private terminal access mtp Mail Transfer Protocol xns-mail XNS Mail xns-mail XNS Mail DMSetup [trojan] DMSetup priv-file any private file service priv-file any private file service DMSetup [trojan] DMSetup DMSetup [trojan] DMSetup ni-mail NI MAIL ni-mail NI MAIL acas ACA Services acas ACA Services whois++ whois++ whois++ whois++ via-ftp VIA Systems - FTP & whois++ via-ftp VIA Systems - FTP & whois++ covia Communications Integrator (CI) covia Communications Integrator (CI) tacacs-ds TACACS-Database Service tacacs-ds TACACS-Database Service sql*net Oracle SQL*NET sql*net Oracle SQL*NET

67 tcp 67 udp 68 tcp 68 udp 69 tcp 69 udp 69 tcp 70 tcp 70 udp 71 tcp 71 udp 72 tcp 72 udp 73 tcp 73 udp 74 tcp 74 udp 75 tcp 75 udp 76 tcp 76 udp 77 tcp 77 udp 78 tcp 78 udp 79 tcp 79 udp 79 tcp Data Port 79 tcp 79 tcp 80 tcp 80 udp 80 tcp 80 tcp 80 tcp 80 tcp 80 tcp Plug-Ins 80 tcp 80 tcp 80 tcp 80 tcp Creator 80 tcp 80 tcp 80 tcp 80 tcp 80 tcp 80 tcp

bootps Bootstrap Protocol Server bootps Bootstrap Protocol Server bootpc Bootstrap Protocol Client bootpc Bootstrap Protocol Client tftp Trivial File Transfer tftp Trivial File Transfer BackGate [trojan] BackGate gopher Gopher gopher Gopher netrjs-1 Remote Job Service netrjs-1 Remote Job Service netrjs-2 Remote Job Service netrjs-2 Remote Job Service netrjs-3 Remote Job Service netrjs-3 Remote Job Service netrjs-4 Remote Job Service netrjs-4 Remote Job Service priv-dial any private dial out service priv-dial any private dial out service deos Distributed External Object Store deos Distributed External Object Store priv-rje any private RJE service netrjs priv-rje any private RJE service netjrs vettcp vettcp vettcp vettcp finger Finger finger Finger BO2KDataPort [trojan] Back Orifice 2000 (BO2K) CDK [trojan] CDK Firehotcker [trojan] Firehotcker http World Wide Web HTTP http World Wide Web HTTP 711trojan [trojan] 711 trojan (Seven Eleven) AckCmd [trojan] AckCmd AckCmd [trojan] AckCmd BackEnd [trojan] Back End BO2000Plug-Ins [trojan] Back Orifice 2000 Cafeini [trojan] Cafeini CGIBackdoor [trojan] CGI Backdoor Executor [trojan] Executor GodMessage4Creator [trojan] God Message 4 GodMessage Hooker IISworm MTX NCX Noob [trojan] God Message [trojan] Hooker [trojan] IISworm [trojan] MTX [trojan] NCX [trojan] Noob

80 tcp Ramen [trojan] Ramen 80 tcp ReverseWWWTunnel [trojan] Reverse WWW Tunnel Backdoor 80 tcp RingZero [trojan] RingZero 80 tcp RTB666 [trojan] RTB 666 80 tcp Seeker [trojan] Seeker 80 tcp WANRemote [trojan] WAN Remote 80 tcp WebDownloader [trojan] WebDownloader 80 tcp WebServerCT [trojan] Web Server CT 81 tcp hosts2-ns HOSTS2 Name Server 81 udp hosts2-ns HOSTS2 Name Server 81 tcp RemoConChubo [trojan] RemoConChubo 81 tcp RemoConChubo [trojan] RemoConChubo 82 tcp xfer XFER Utility 82 udp xfer XFER Utility 83 tcp mit-ml-dev MIT ML Device 83 udp mit-ml-dev MIT ML Device 84 tcp ctf Common Trace Facility 84 udp ctf Common Trace Facility 85 tcp mit-ml-dev MIT ML Device 85 udp mit-ml-dev MIT ML Device 86 tcp mfcobol Micro Focus Cobol 86 udp mfcobol Micro Focus Cobol 87 tcp priv-term-l any private terminal link ttylink 88 tcp kerberos Kerberos 88 udp kerberos Kerberos 89 tcp su-mit-tg SU MIT Telnet Gateway 89 udp su-mit-tg SU MIT Telnet Gateway 90 tcp dnsix DNSIX Securit Attribute Token Map 90 udp dnsix DNSIX Securit Attribute Token Map 91 tcp mit-dov MIT Dover Spooler 91 udp mit-dov MIT Dover Spooler 92 tcp npp Network Printing Protocol 92 udp npp Network Printing Protocol 93 tcp dcp Device Control Protocol 93 udp dcp Device Control Protocol 94 tcp objcall Tivoli Object Dispatcher 94 udp objcall Tivoli Object Dispatcher 95 tcp supdup BSD supdupd(8) 95 udp supdup BSD supdupd(8) 96 tcp dixie DIXIE Protocol Specification 96 udp dixie DIXIE Protocol Specification 97 tcp swift-rvf Swift Remote Virtural File Protocol 97 udp swift-rvf Swift Remote Virtural File Protocol 98 tcp linuxconf linuxconf 98 tcp tacnews TAC News 98 udp tacnews TAC News 99 tcp metagram Metagram Relay 99 udp metagram Metagram Relay 99 tcp HiddenPort [trojan] Hidden Port

99 tcp 99 tcp 99 tcp 100 tcp 101 tcp 101 udp 102 tcp 102 udp 103 tcp 103 udp 104 tcp 300 104 udp 300 105 tcp 105 udp 106 tcp 106 udp 106 tcp 107 tcp 107 udp 108 tcp 108 udp 109 tcp 109 udp 110 tcp 110 udp 110 tcp 110 tcp 111 tcp 111 udp 112 tcp 112 udp 113 tcp 113 udp 113 tcp 113 tcp Deamon 113 tcp 114 tcp 114 udp 115 tcp 115 udp 116 tcp 116 udp 117 tcp 117 udp 118 tcp 118 udp 119 tcp

Hidden Mandragore NCX newacct hostname hostname iso-tsap iso-tsap gppitnp gppitnp acr-nema acr-nema

[trojan] Hidden [trojan] Mandragore [trojan] NCX [unauthorized use] NIC Host Name Server NIC Host Name Server ISO Transport Service Access Point ISO Transport Service Access Point Genesis Point-to-Point Trans Net Genesis Point-to-Point Trans Net ACR-NEMA Digital Imag. & Comm. ACR-NEMA Digital Imag. & Comm.

csnet-ns Mailbox Name Nameserver csnet-ns Mailbox Name Nameserver 3com-tsmux 3COM-TSMUX 3com-tsmux 3COM-TSMUX pop3pw Eudora compatible PW changer rtelnet Remote Telnet rtelnet Remote Telnet Service snagas SNA Gateway Access Server snagas SNA Gateway Access Server pop2 PostOffice V.2 pop2 PostOffice V.2 pop3 PostOffice V.3 pop3 PostOffice V.3 ProMailtrojan [trojan] ProMail trojan ProMailtrojan [trojan] ProMail trojan sunrpc portmapper rpcbind sunrpc portmapper rpcbind mcidas McIDAS Data Transmission Protocol mcidas McIDAS Data Transmission Protocol auth ident Authentication Service auth ident Authentication Service InvisibleIdentdDaemon [trojan] Invisible Identd Daemon InvisibleIdentdDeamon [trojan] Invisible Identd Kazimas audionews audionews sftp sftp ansanotify ansanotify uucp-path uucp-path sqlserv sqlserv nntp [trojan] Kazimas Audio News Multicast Audio News Multicast Simple File Transfer Protocol Simple File Transfer Protocol ANSA REX Notify ANSA REX Notify UUCP Path Service UUCP Path Service SQL Services SQL Services Network News Transfer Protocol

119 119 120 120 121 121 121 121 121 121 122 122 123 123 123 123 124 124 125 125 126 126 126 126 127 127 128 128 129 129 130 130 131 131 132 132 133 133 133 134 134 135 135 135 135 136 136 137 137 137

udp tcp tcp udp tcp udp tcp tcp tcp tcp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

nntp Network News Transfer Protocol Happy99 [trojan] Happy99 (a.k.a. Ska trojan) cfdptkt CFDPTKT cfdptkt CFDPTKT erpc Encore Expedited Remote Pro.Call erpc Encore Expedited Remote Pro.Call AttackBot [trojan] Attack Bot GodMessage [trojan] God Message JammerKillah [trojan] JammerKillah JammerKillah [trojan] Jammer Killah smakynet SMAKYNET smakynet SMAKYNET NetController [trojan] Net Controller NetController [trojan] Net Controller ntp Network Time Protocol ntp Network Time Protocol ansatrader ANSA REX Trader ansatrader ANSA REX Trader locus-map Locus PC-Interface Net Map Ser locus-map Locus PC-Interface Net Map Ser nxedit NXEdit nxedit NXEdit unitary Unisys Unitary Login unitary Unisys Unitary Login locus-con Locus PC-Interface Conn Server locus-con Locus PC-Interface Conn Server gss-xlicen GSS X License Verification gss-xlicen GSS X License Verification pwdgen Password Generator Protocol pwdgen Password Generator Protocol cisco-fna cisco FNATIVE cisco-fna cisco FNATIVE cisco-tna cisco TNATIVE cisco-tna cisco TNATIVE cisco-sys cisco SYSMAINT cisco-sys cisco SYSMAINT statsrv Statistics Service statsrv Statistics Service Farnaz [trojan] Farnaz ingres-net INGRES-NET Service ingres-net INGRES-NET Service epmap DCE endpoint resolution epmap DCE endpoint resolution loc-srv NCS Location Service loc-srv NCS Location Service profile PROFILE Naming System profile PROFILE Naming System netbios-ns NETBIOS Name Service netbios-ns NETBIOS Name Service Chode [trojan] Chode

137 137 138 138 138 139 139 139 139 139 139 139 139 139 139 140 140 141 141 142 142 142 143 143 144 144 144 144 145 145 146 146 146 146 147 147 148 148 148 148 149 149 150 150 151 151 152 152 153 153

tcp udp tcp udp tcp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp udp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

Qaz [trojan] Qaz Msinit [trojan] Msinit netbios-dgm NETBIOS Datagram Service netbios-dgm NETBIOS Datagram Service Chode [trojan] Chode netbios-ssn NETBIOS Session Service netbios-ssn NETBIOS Session Service Chode [trojan] Chode GodMessageworm [trojan] God Message worm Msinit [trojan] Msinit Netlog [trojan] Netlog Network [trojan] Network Qaz [trojan] Qaz Sadmind [trojan] Sadmind SMBRelay [trojan] SMB Relay emfis-data EMFIS Data Service emfis-data EMFIS Data Service emfis-cntl EMFIS Control Service emfis-cntl EMFIS Control Service bl-idm Britton-Lee IDM bl-idm Britton-Lee IDM NetTaxi [trojan] NetTaxi imap Internet Message Access Protocol imap Internet Message Access Protocol uma Universal Management Architecture uma Universal Management Architecture news NewS window system news NewS window system uaac UAAC Protocol uaac UAAC Protocol iso-tp0 ISO-IP0 iso-tp0 ISO-IP0 Infector [trojan] Infector Infector [trojan] Infector iso-ip ISO-IP iso-ip ISO-IP jargon Jargon jargon Jargon cronus CRONUS-SUPPORT cronus CRONUS-SUPPORT aed-512 AED 512 Emulation Service aed-512 AED 512 Emulation Service sql-net SQL-NET sql-net SQL-NET hems HEMS hems HEMS bftp Background File Transfer Program bftp Background File Transfer Program sgmp SGMP sgmp SGMP

154 tcp 154 udp 155 tcp 155 udp 156 tcp 156 udp 157 tcp Protocol 157 udp Protocol 158 tcp 158 udp 159 tcp 159 udp 160 tcp 160 udp 161 tcp 161 udp 162 tcp 162 udp 163 tcp 163 udp 164 tcp 164 udp 165 tcp 165 udp 166 tcp 166 udp 166 tcp 167 tcp 167 udp 168 tcp 168 udp 169 tcp 169 udp 170 tcp 170 udp 170 tcp 171 tcp 171 udp 172 tcp 172 udp 173 tcp 173 udp 174 tcp 174 udp 175 tcp 175 udp 176 tcp 176 udp

netsc-prod netsc-prod netsc-dev netsc-dev sqlsrv sqlsrv knet-cmp knet-cmp pcmail-srv pcmail-srv nss-routing nss-routing sgmp-traps sgmp-traps snmp snmp snmptrap snmptrap cmip-man cmip-man cmip-agent smip-agent xns-courier xns-courier s-net s-net NokNok namp namp rsvd rsvd send send print-srv print-srv A-trojan multiplex multiplex cl-1 cl-1 xyplex-mux xyplex-mux mailq mailq vmnet vmnet genrad-mux genrad-mux

NETSC NETSC NETSC NETSC SQL Service SQL Service KNET VM Command Message KNET VM Command Message PCMail Server PCMail Server NSS-Routing NSS-Routing SGMP-TRAPS SGMP-TRAPS SNMP SNMP SNMPTRAP SNMPTRAP CMIP TCP Manager CMIP TCP Manager CMIP TCP Agent CMIP TCP Agent Xerox Xerox Sirius Systems Sirius Systems [trojan] NokNok NAMP NAMP RSVD RSVD SEND SEND Network PostScript Network PostScript [trojan] A-trojan Network Innovations Multiplex Network Innovations Multiplex Network Innovations CL 1 Network Innovations CL 1 Xyplex Xyplex MAILQ MAILQ VMNET VMNET GENRAD-MUX GENRAD-MUX

177 177 178 178 179 179 180 180 181 181 182 182 183 183 184 184 185 185 186 186 187 187 188 188 189 189 190 190 191 191 192 192 193 193 194 194 195 195 196 Redir 196 Redir 197 197 198 198 199 199 200 200

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

xdmcp xdmcp nextstep nextstep bgp bgp ris ris unify unify audit audit ocbinder ocbinder ocserver ocserver remote-kis remote-kis kis kis aci aci mumps mumps qft qft gacp gacp prospero prospero osu-nms osu-nms srmp srmp irc irc dn6-nlm-aud dn6-nlm-aud dn6-smm-red dn6-smm-red dls dls dls-mon dls-mon smux smux src src

X Display Manager Control Protocol X Display Manager Control Protocol NextStep Window Server NextStep Window Server Border Gateway Protocol Border Gateway Protocol Intergraph Intergraph Unify Unify Unisys Audit SITP Unisys Audit SITP OCBinder OCBinder OCServer OCServer Remote-KIS Remote-KIS KIS Protocol KIS Protocol Application Communication Interface Application Communication Interface Plus Five's MUMPS Plus Five's MUMPS Queued File Transport Queued File Transport Gateway Access Control Protocol Gateway Access Control Protocol Prospero Directory Service Prospero Directory Service OSU Network Monitoring System OSU Network Monitoring System Spider Remote Monitoring Protocol Spider Remote Monitoring Protocol Internet Relay Chat Protocol Internet Relay Chat Protocol DNSIX Network Level Module Audit DNSIX Network Level Module Audit DNSIX Session Mgt Module Audit DNSIX Session Mgt Module Audit Directory Location Service Directory Location Service Directory Location Service Monitor Directory Location Service Monitor SMUX SMUX IBM System Resource Controller IBM System Resource Controller

201 201 202 202 203 203 204 204 205 205 206 206 207 207 208 208 209 209 209 209 210 210 211 211 212 212 213 213 214 214 215 215 216 216 216 216 217 217 218 218 219 219 220 220 221 221 222 222 223 223

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

at-rtmp at-rtmp at-nbp at-nbp at-3 at-3 at-echo at-echo at-5 at-5 at-zis at-zis at-7 at-7 at-8 at-8 qmtp qmtp tam tam z39.50 z39.50 914c 914c anet anet ipx ipx vmpwscs vmpwscs softpc softpc CAIlic CAIlic atls atls dbase dbase mpp mpp uarps uarps imap3 imap3 fln-spx fln-spx rsh-spx rsh-spx cdc cdc

AppleTalk Routing Maintenance AppleTalk Routing Maintenance AppleTalk Name Binding AppleTalk Name Binding AppleTalk Unused AppleTalk Unused AppleTalk Echo AppleTalk Echo AppleTalk Unused AppleTalk Unused AppleTalk Zone Information AppleTalk Zone Information AppleTalk Unused AppleTalk Unused AppleTalk Unused AppleTalk Unused The Quick Mail Transfer Protocol The Quick Mail Transfer Protocol Trivial Authenticated Mail Protocol Trivial Authenticated Mail Protocol ANSI Z39.50 ANSI Z39.50 Texas Instruments 914C/G Terminal Texas Instruments 914C/G Terminal ATEXSSTR ATEXSSTR IPX IPX VM PWSCS VM PWSCS Insignia Solutions Insignia Solutions Computer Associates Int'l License Server Computer Associates Int'l License Server Access Technology License Server Access Technology License Server dBASE Unix dBASE Unix Netix Message Posting Protocol Netix Message Posting Protocol Unisys ARPs Unisys ARPs Interactive Mail Access Protocol v3 Interactive Mail Access Protocol v3 Berkeley rlogind with SPX auth Berkeley rlogind with SPX auth Berkeley rshd with SPX auth Berkeley rshd with SPX auth Certificate Distribution Center Certificate Distribution Center

224 tcp masqdialer 224 udp masqdialer 242 tcp direct 242 udp direct 243 tcp sur-meas 243 udp sur-meas 244 tcp inbusiness 244 udp inbusiness 244 tcp dayna 244 udp dayna 245 tcp link 245 udp link 246 tcp dsp3270 246 udp dsp3270 247 tcp subntbcst_tftp 247 udp subntbcst_tftp 248 tcp bhfhs 248 udp bhfhs 256 tcp rap 256 udp rap 256 tcp fw1-sync sync 257 tcp set 257 udp set 257 tcp fw1-log log transfer 258 tcp yak-chat 258 udp yak-chat 258 tcp fw1-mgmt management 259 tcp esro-gen 259 udp esro-gen 259 tcp fw1-clntauth auth 259 udp fw1-rdp key negotiations over RDP 260 tcp openport 260 udp openport 260 udp fw1-snmp agent 261 tcp nsiiops 261 udp nsiiops 261 tcp fw1-mgmt Management 261 tcp fw-snauth auth 262 tcp arcisdms 262 udp arcisdms 263 tcp hdap 263 udp hdap

masqdialer masqdialer Direct Direct Survey Measurement Survey Measurement inbusiness inbusiness Dayna Dayna LINK LINK Display Systems Protocol Display Systems Protocol SUBNTBCST_TFTP SUBNTBCST_TFTP bhfhs bhfhs RAP RAP Checkpoint Firewall-1 state table Secure Electronic Transaction Secure Electronic Transaction Check Point FW-1/VPN-1 Yak Winsock Personal Chat Yak Winsock Personal Chat Check Point FW-1/VPN-1 Efficient Short Remote Operations Efficient Short Remote Operations Check Point FW-1/VPN-1 client Check Point FW-1/VPN-1 Openport Openport Check Point FW-1/VPN-1 SNMP IIOP Name Service over TLS SSL IIOP Name Service over TLS SSL Check Point FW-1/VPN-1 Check Point FW-1/VPN-1 session Arcisdms Arcisdms HDAP HDAP

264 tcp bgmp Border Gateway Multicast Protocol 264 udp bgmp Border Gateway Multicast Protocol 264 tcp fw1-topo Check Point VPN-1 topology download 265 tcp x-bone-ctl X-Bone CTL 265 udp x-bone-ctl X-Bone CTL 265 tcp fw1-key Check Point VPN-1 public key transfer protocol 266 tcp sst SCSI on ST 266 udp sst SCSI on ST 267 tcp td-service Tobit David Service Layer 267 udp td-service Tobit David Service Layer 268 tcp td-replica Tobit David Replica 268 udp td-replica Tobit David Replica 280 tcp http-mgmt http-mgmt 280 udp http-mgmt http-mgmt 281 tcp personal-link Personal Link 281 udp personal-link Personal Link 282 tcp cableport-ax Cable Port A X 282 udp cableport-ax Cable Port A X 283 tcp rescap rescap 283 udp rescap rescap 284 tcp corerjd corerjd 284 udp corerjd corerjd 286 tcp fxp-1 FXP-1 286 udp fxp-1 FXP-1 287 tcp k-block K-BLOCK 287 udp k-block K-BLOCK 308 tcp novastorbakcup Novastor Backup 308 udp novastorbakcup Novastor Backup 309 tcp entrusttime EntrustTime 309 udp entrusttime EntrustTime 310 tcp bhmds bhmds 310 udp bhmds bhmds 311 tcp asip-webadmin AppleShare IP WebAdmin 311 udp asip-webadmin AppleShare IP WebAdmin 312 tcp vslmp VSLMP 312 udp vslmp VSLMP 313 tcp magenta-logic Magenta Logic 313 udp magenta-logic Magenta Logic 314 tcp opalis-robot Opalis Robot 314 udp opalis-robot Opalis Robot 315 tcp dpsi DPSI 315 udp dpsi DPSI 316 tcp decauth decAuth 316 udp decauth decAuth 317 tcp zannet Zannet 317 udp zannet Zannet 318 tcp pkix-timestamp PKIX TimeStamp 318 udp pkix-timestamp PKIX TimeStamp

319 tcp 319 udp 320 tcp 320 udp 321 tcp 321 udp 322 tcp 322 udp 333 tcp 333 udp 334 tcp 344 tcp 344 udp 345 tcp 345 udp 346 tcp 346 udp 347 tcp 347 udp 348 tcp 348 udp 349 tcp 349 udp 350 tcp 350 udp 351 tcp 351 udp 351 tcp 351 udp 352 tcp 352 udp 352 udp 352 tcp 353 tcp 353 udp 354 tcp 354 udp 355 tcp 355 udp 356 tcp 356 udp 357 tcp 357 udp 358 tcp 358 udp 359 tcp Protocol 359 udp Protocol 359 tcp

ptp-event PTP Event ptp-event PTP Event ptp-general PTP General ptp-general PTP General pip PIP pip PIP rtsps RTSPS rtsps RTSPS texar Texar Security Port texar Texar Security Port Backage [trojan] Backage pdap Prospero Data Access Protocol pdap Prospero Data Access Protocol pawserv Perf Analysis Workbench pawserv Perf Analysis Workbench zserv Zebra server zserv Zebra server fatserv Fatmen Server fatserv Fatmen Server csi-sgwp Cabletron Management Protocol csi-sgwp Cabletron Management Protocol mftp mftp mftp mftp matip-type-a MATIP Type A matip-type-a MATIP Type A matip-type-b MATIP Type B matip-type-b MATIP Type B bhoetty bhoetty bhoetty bhoetty dtag-ste-sb DTAG dtag-ste-sb DTAG bhoedap4 bhoedap4 bhoedap4 bhoedap4 ndsauth NDSAUTH ndsauth NDSAUTH bh611 bh611 bh611 bh611 datex-asn DATEX-ASN datex-asn DATEX-ASN cloanto-net-1 Cloanto Net 1 cloanto-net-1 Cloanto Net 1 bhevent bhevent bhevent bhevent shrinkwrap Shrinkwrap shrinkwrap Shrinkwrap nsrmp Network Security Risk Management nsrmp tenebris_nts Network Security Risk Management Tenebris Network Trace Service

359 360 360 361 361 362 362 363 363 364 364 365 365 366 366 367 367 368 368 369 369 370 370 371 371 372 372 373 373 374 374 375 375 376 376 377 377 378 378 379 379 380 380 381 381 382 382 383 383 384

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

tenebris_nts Tenebris Network Trace Service scoi2odialog scoi2odialog scoi2odialog scoi2odialog semantix Semantix semantix Semantix srssend SRS Send srssend SRS Send rsvp_tunnel RSVP Tunnel rsvp_tunnel RSVP Tunnel aurora-cmgr Aurora CMGR aurora-cmgr Aurora CMGR dtk DTK dtk DTK odmr ODMR odmr ODMR mortgageware MortgageWare mortgageware MortgageWare qbikgdp QbikGDP qbikgdp QbikGDP rpc2portmap rpc2portmap rpc2portmap rpc2portmap codaauth2 codaauth2 codaauth2 codaauth2 clearcase Clearcase clearcase Clearcase ulistproc ListProcessor ulistproc ListProcessor legent-1 Legent Corporation legent-1 Legent Corporation legent-2 Legent Corporation legent-2 Legent Corporation hassle Hassle hassle Hassle nip Amiga Envoy Network Inquiry Proto nip Amiga Envoy Network Inquiry Proto tnETOS NEC Corporation tnETOS NEC Corporation dsETOS NEC Corporation dsETOS NEC Corporation is99c TIA EIA IS-99 modem client is99c TIA EIA IS-99 modem client is99s TIA EIA IS-99 modem server is99s TIA EIA IS-99 modem server hp-collector hp performance data collector hp-collector hp performance data collector hp-managed-node hp performance data managed node hp-managed-node hp performance data managed node hp-alarm-mgr hp performance data alarm manager hp-alarm-mgr hp performance data alarm manager arns A Remote Network Server System

384 udp arns A Remote Network Server System 385 tcp ibm-app IBM Application 385 udp ibm-app IBM Application 386 tcp asa ASA Message Router Object Def. 386 udp asa ASA Message Router Object Def. 387 tcp aurp Appletalk Update-Based Routing Pro. 387 udp aurp Appletalk Update-Based Routing Pro. 388 tcp unidata-ldm Unidata LDM 388 udp unidata-ldm Unidata LDM 389 tcp ldap Lightweight Directory Access Protocol 389 udp ldap Lightweight Directory Access Protocol 389 tcp ms-ils Microsoft NetMeeting ILS server default port (for versions older than w2k) 390 tcp uis UIS 390 udp uis UIS 391 tcp synotics-relay SynOptics SNMP Relay Port 391 udp synotics-relay SynOptics SNMP Relay Port 392 tcp synotics-broker SynOptics Port Broker Port 392 udp synotics-broker SynOptics Port Broker Port 393 tcp meta5 Meta5 393 udp meta5 Meta5 393 tcp dis Data Interpretation System 393 udp dis Data Interpretation System 394 tcp embl-ndt EMBL Nucleic Data Transfer 394 udp embl-ndt EMBL Nucleic Data Transfer 395 tcp netcp NETscout Control Protocol 395 udp netcp NETscout Control Protocol 396 tcp netware-ip Novell Netware over IP 396 udp netware-ip Novell Netware over IP 397 tcp mptn Multi Protocol Trans. Net. 397 udp mptn Multi Protocol Trans. Net. 398 tcp kryptolan Kryptolan 398 udp kryptolan Kryptolan 399 tcp iso-tsap-c2 ISO Transport Class 2 Non-Control over TCP 399 udp iso-tsap-c2 ISO Transport Class 2 Non-Control over TCP 400 tcp work-sol Workstation Solutions 400 udp work-sol Workstation Solutions 401 tcp ups Uninterruptible Power Supply 401 udp ups Uninterruptible Power Supply 402 tcp genie Genie Protocol 402 udp genie Genie Protocol 403 tcp decap decap 403 udp decap decap 404 tcp nced nced 404 udp nced nced 405 tcp ncld ncld 405 udp ncld ncld 406 tcp imsp Interactive Mail Support Protocol

406 407 407 408 408 409 409 Man. 410 410 411 411 411 412 412 413 413 414 414 415 415 416 416 417 417 418 418 419 419 420 420 420 420 421 421 421 421 422 422 423 Start 423 Start 424 Track 424 Track 425 425 426

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp tcp tcp udp tcp udp tcp udp

imsp timbuktu timbuktu prm-sm prm-sm prm-nm prm-nm

Interactive Mail Support Protocol Timbuktu Timbuktu Prospero Resource Manager Sys. Man. Prospero Resource Manager Sys. Man. Prospero Resource Manager Node Man. Prospero Resource Manager Node

decladebug DECLadebug Remote Debug Protocol decladebug DECLadebug Remote Debug Protocol rmt Remote MT Protocol rmt Remote MT Protocol Backage [trojan] Backage synoptics-trap Trap Convention Port synoptics-trap Trap Convention Port smsp Storage Management Services Protocol smsp Storage Management Services Protocol infoseek InfoSeek infoseek InfoSeek bnet BNet bnet BNet silverplatter Silverplatter silverplatter Silverplatter onmux Onmux onmux Onmux hyper-g Hyper-G hyper-g Hyper-G ariel1 Ariel ariel1 Ariel smpte SMPTE smpte SMPTE Breach [trojan] Breach Incognito [trojan] Incognito ariel2 Ariel ariel2 Ariel TCPWrappers [trojan] TCP Wrappers TCPWrapperstrojan [trojan] TCP Wrappers trojan ariel3 Ariel ariel3 Ariel opc-job-start IBM Operations Planning and Control opc-job-start opc-job-track opc-job-track IBM Operations Planning and Control IBM Operations Planning and Control IBM Operations Planning and Control ICAD ICAD smartsdp

tcp icad-el udp icad-el tcp smartsdp

426 udp smartsdp smartsdp 427 tcp svrloc Server Location 427 udp svrloc Server Location 428 tcp ocs_cmu OCS_CMU 428 udp ocs_cmu OCS_CMU 429 tcp ocs_amu OCS_AMU 429 udp ocs_amu OCS_AMU 430 tcp utmpsd UTMPSD 430 udp utmpsd UTMPSD 431 tcp utmpcd UTMPSD 431 udp utmpcd UTMPSD 432 tcp iasd IASD 432 udp iasd IASD 433 tcp nnsp Usenet Network News Transfer 433 udp nnsp Usenet Network News Transfer 434 tcp mobileip-agent MobileIP-Agent 434 udp mobileip-agent MobileIP-Agent 435 tcp mobilip-mn MobileIP-MN 435 udp mobilip-mn MobileIP-MN 436 tcp dna-cml DNA-CML 436 udp dna-cml DNA-CML 437 tcp comscm comscm 437 udp comscm comscm 438 tcp dsfgw dsfgw 438 udp dsfgw dsfgw 439 tcp dasp dasp 439 udp dasp dasp 440 tcp sgcp sgcp 440 udp sgcp sgcp 441 tcp decvms-sysmgt decvms-sysmgt 441 udp decvms-sysmgt decvms-sysmgt 442 tcp cvc_hostd cvc_hostd 442 udp cvc_hostd cvc_hostd 443 tcp https HTTP protocol over TLS/SSL 443 udp https HTTP protocol over TLS/SSL 444 tcp snpp Simple Network Paging Protocol 444 udp snpp Simple Network Paging Protocol 445 tcp microsoft-ds Win2k+ Server Message Block 445 udp microsoft-ds Win2k+ Server Message Block 446 tcp ddm-rdb DDM-RDB 446 udp ddm-rdb DDM-RDB 447 tcp ddm-dfm DDM-RFM 447 udp ddm-dfm DDM-RFM 448 tcp ddm-ssl DDM-SSL 448 udp ddm-ssl DDM-SSL 449 tcp as-servermap AS Server Mapper 449 udp as-servermap AS Server Mapper 450 tcp tserver Computer Supported Telecommunication Applications

450 udp tserver Computer Supported Telecommunication Applications 451 tcp sfs-smp-net Cray Network Semaphore server 451 udp sfs-smp-net Cray Network Semaphore server 452 tcp sfs-config Cray SFS config server 452 udp sfs-config Cray SFS config server 453 tcp creativeserver CreativeServer 453 udp creativeserver CreativeServer 454 tcp contentserver ContentServer 454 udp contentserver ContentServer 455 tcp creativepartnr CreativePartnr 455 udp creativepartnr CreativePartnr 455 tcp FatalConnections [trojan] Fatal Connections 456 tcp macon-tcp macon-tcp 456 udp macon-udp macon-tcp 456 tcp HackersParadise [trojan] Hackers Paradise 457 tcp scohelp scohelp 457 udp scohelp scohelp 458 tcp appleqtc apple quick time 458 udp appleqtc apple quick time 459 tcp ampr-rcmd ampr-rcmd 459 udp ampr-rcmd ampr-rcmd 460 tcp skronk skronk 460 udp skronk skronk 461 tcp datasurfsrv DataRampSrv 461 udp datasurfsrv DataRampSrv 462 tcp datasurfsrvsec DataRampSrvSec 462 udp datasurfsrvsec DataRampSrvSec 463 tcp alpes alpes 463 udp alpes alpes 464 tcp kpasswd kpasswd 464 udp kpasswd kpasswd 465 tcp urd URL Rendesvous Directory for SSM 465 udp igmpv3lite IGMP over UDP for SSM 465 tcp smtps smtp protocol over TLS/SSL (was ssmtp) 465 udp smtps smtp protocol over TLS/SSL (was ssmtp) 466 tcp digital-vrc digital-vrc 466 udp digital-vrc digital-vrc 467 tcp mylex-mapd mylex-mapd 467 udp mylex-mapd mylex-mapd 468 tcp photuris Photuris Key Management 468 udp photuris Photuris Key Management 469 tcp rcp Radio Control Protocol 469 udp rcp Radio Control Protocol 470 tcp scx-proxy scx-proxy 470 udp scx-proxy scx-proxy 471 tcp mondex Mondex 471 udp mondex Mondex 472 tcp ljk-login ljk-login

472 udp ljk-login ljk-login 473 tcp hybrid-pop hybrid-pop 473 udp hybrid-pop hybrid-pop 474 tcp tn-tl-w1 tn-t1-w1 474 udp tn-tl-w2 tn-t1-w2 475 tcp tcpnethaspsrv tcpnethaspsrv 475 udp tcpnethaspsrv tcpnethaspsrv 476 tcp tn-tl-fd1 tn-t1-fd1 476 udp tn-tl-fd1 tn-t1-fd1 477 tcp ss7ns ss7ns 477 udp ss7ns ss7ns 478 tcp spsc spsc 478 udp spsc spsc 479 tcp iafserver iafserver 479 udp iafserver iafserver 480 tcp iafdbase iafdbase 480 udp iafdbase iafdbase 480 tcp loadsrv loadsrv 481 tcp ph Ph service 481 udp ph Ph service 481 tcp dvs dvs 482 tcp bgs-nsi bgs-nsi 482 udp bgs-nsi bgs-nsi 482 udp xlog xlog 483 tcp ulpnet ulpnet 483 udp ulpnet ulpnet 484 tcp integra-sme Integra Software Management Environment 484 udp integra-sme Integra Software Management Environment 485 tcp powerburst Air Soft Power Burst 485 udp powerburst Air Soft Power Burst 486 tcp avian avian 486 udp avian avian 486 tcp sstats sstats 487 tcp saft saft Simple Asynchronous File Transfer 487 udp saft saft Simple Asynchronous File Transfer 488 tcp gss-http gss-http 488 udp gss-http gss-http 489 tcp nest-protocol nest-protocol 489 udp nest-protocol nest-protocol 490 tcp micom-pfs micom-pfs 490 udp micom-pfs micom-pfs 491 tcp go-login go-login 491 udp go-login go-login 492 tcp ticf-1 Transport Independent Convergence for FNA 492 udp ticf-1 Transport Independent Convergence for FNA

493 FNA 493 FNA 494 494 495 495 496 496 497 497 498 498 499 499 500 500 501 501 502 502 503 503 504 504 505 505 506 506 507 507 508 508 509 509 510 510 510 511 511 511 512 512 512 513 513 513 514 514

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp udp udp tcp udp tcp tcp udp

ticf-2 ticf-2 pov-ray pov-ray intecourier intecourier pim-rp-disc pim-rp-disc dantz dantz siam siam iso-ill iso-ill isakmp isakmp stmf stmf asa-appl-proto asa-appl-proto intrinsa intrinsa citadel citadel mailbox-lm mailbox-lm ohimsrv ohimsrv crs crs xvttp xvttp snare snare fcp fcp t0rnkit-sshd passgo passgo T0rnRootkit exec biff comsat login who Grlogin shell syslog

Transport Independent Convergence for Transport Independent Convergence for POV-Ray POV-Ray intecourier intecourier PIM-RP-DISC PIM-RP-DISC dantz dantz siam siam ISO ILL Protocol ISO ILL Protocol isakmp isakmp STMF STMF asa-appl-proto asa-appl-proto Intrinsa Intrinsa citadel citadel mailbox-lm mailbox-lm ohimsrv ohimsrv crs crs xvttp xvttp snare snare FirstClass Protocol FirstClass Protocol [trojan] t0rnkit sshd backdoor PassGo PassGo [trojan] T0rn Rootkit BSD rexecd(8) biff comsat BSD rlogind(8) BSD rwhod(8) [trojan] Grlogin BSD rshd(8) syslog

514 515 515 515 515 516 516 517 517 518 518 519 519 520 520 521 521 522 522 523 523 524 524 525 525 526 526 527 527 528 528 529 529 530 530 531 531 531 531 532 532 532 533 533 534 534 535 535 536 536

tcp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp tcp udp tcp udp tcp udp tcp udp

RPCBackdoor [trojan] RPC Backdoor printer spooler printer spooler lpdw0rm [trojan] lpdw0rm Ramen [trojan] Ramen videotex videotex videotex videotex talk talk talk talk ntalk ntalk ntalk ntalk utime unixtime utime unixtime efs extended file name server route router routed -- RIP ripng ripng ripng ripng ulp ULP ulp ULP ibm-db2 IBM-DB2 ibm-db2 IBM-DB2 ncp NCP ncp NCP timed timeserver timed timeserver tempo newdate tempo newdate stx Stock IXChange stx Stock IXChange custix Customer IXChange custix Customer IXChange irc-serv IRC-SERV irc-serv IRC-SERV courier rpc courier rpc conference chat conference chat Net666 [trojan] Net666 Rasmin [trojan] Rasmin netnews readnews netnews readnews ibm-db2 IBM DB2 admin listener netwall netwall for emergency broadcasts netwall netwall for emergency broadcasts mm-admin MegaMedia Admin mm-admin MegaMedia Admin iiop iiop iiop iiop opalis-rdv opalis-rdv opalis-rdv opalis-rdv

537 tcp nmsp Networked Media Streaming Protocol 537 udp nmsp Networked Media Streaming Protocol 538 tcp gdomap gdomap 538 udp gdomap gdomap 539 tcp apertus-ldp Apertus Technologies Load Determination 539 udp apertus-ldp Apertus Technologies Load Determination 540 tcp uucp uucpd 540 udp uucp uucpd 541 tcp uucp-rlogin uucp-rlogin 541 udp uucp-rlogin uucp-rlogin 542 tcp commerce commerce 542 udp commerce commerce 543 tcp klogin klogin 543 udp klogin klogin 544 tcp kshell krcmd 544 udp kshell krcmd 545 tcp appleqtcsrvr appleqtcsrvr 545 udp appleqtcsrvr appleqtcsrvr 545 tcp ekshell Kerberos encrypted remote shell #NAME? 546 tcp dhcpv6-client DHCPv6 Client 546 udp dhcpv6-client DHCPv6 Client 547 tcp dhcpv6-server DHCPv6 Server 547 udp dhcpv6-server DHCPv6 Server 548 tcp afpovertcp AFP over TCP 548 udp afpovertcp AFP over TCP 549 tcp idfp IDFP 549 udp idfp IDFP 550 tcp new-rwho new-who 550 udp new-rwho new-who 551 tcp cybercash cybercash 551 udp cybercash cybercash 552 tcp deviceshare deviceshare 552 udp deviceshare deviceshare 553 tcp pirp pirp 553 udp pirp pirp 554 tcp rtsp Real Time Stream Control Protocol 554 udp rtsp Real Time Stream Control Protocol 555 tcp dsf dsf 555 udp dsf dsf 555 tcp 711trojan [trojan] 711 trojan (Seven Eleven) 555 tcp IniKiller [trojan] Ini-Killer 555 tcp NetAdministrator [trojan] Net Administrator 555 tcp Phase-0 [trojan] Phase-0 555 tcp PhaseZero [trojan] Phase Zero 555 tcp StealthSpy [trojan] Stealth Spy 556 tcp remotefs rfs server Brunhoff remote filesystem 556 udp remotefs rfs server Brunhoff remote filesystem

557 557 558 558 559 559 560 560 561 561 562 562 563 563 563 563 564 564 565 565 566 566 567 567 568 568 569 569 570 570 571 571 572 572 573 573 574 574 575 575 576 576 577 577 578 578 579 579 580 580

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

openvms-sysipc openvms-sysipc openvms-sysipc openvms-sysipc sdnskmp SDNSKMP sdnskmp SDNSKMP teedtap TEEDTAP teedtap TEEDTAP rmonitor rmonitord rmonitor rmonitord monitor monitor monitor monitor chshell chcmd chshell chcmd nntps nntp protocol over TLS SSL (was snntp) nntps nntp protocol over TLS SSL (was snntp) snews snews snews snews 9pfs plan 9 file service 9pfs plan 9 file service whoami whoami whoami whoami streettalk streettalk streettalk streettalk banyan-rpc banyan-rpc banyan-rpc banyan-rpc ms-shuttle Microsoft shuttle ms-shuttle Microsoft shuttle ms-rome Microsoft rome ms-rome Microsoft rome meter demon meter demon meter udemon meter udemon sonar sonar sonar sonar banyan-vip banyan-vip banyan-vip banyan-vip ftp-agent FTP Software Agent System ftp-agent FTP Software Agent System vemmi vemmi vemmi vemmi ipcd ipcd ipcd ipcd vnas vnas vnas vnas ipdd ipdd ipdd ipdd decbsrv decbsrv decbsrv decbsrv sntp-heartbeat SNTP HEARTBEAT sntp-heartbeat SNTP HEARTBEAT

581 tcp 581 udp 582 tcp 582 udp 583 tcp 583 udp 584 tcp 584 udp 585 tcp 585 udp 586 tcp 586 udp 587 tcp 587 udp 588 tcp 588 udp 589 tcp 589 udp 590 tcp 590 udp 591 tcp Port 80) 591 udp Port 80) 592 tcp 592 udp 593 tcp 593 udp 594 tcp 594 udp 595 tcp 595 udp 596 tcp 596 udp 597 tcp 597 udp 598 tcp 598 udp 599 tcp 599 udp 600 tcp 600 udp 600 tcp 605 tcp 605 udp 605 tcp 606 tcp 606 udp 607 tcp 607 udp

bdp Bundle Discovery Protocol bdp Bundle Discovery Protocol scc-security SCC Security scc-security SCC Security philips-vc Philips Video-Conferencing philips-vc Philips Video-Conferencing keyserver Key Server keyserver Key Server imap4-ssl IMAP4+SSL imap4-ssl IMAP4+SSL password-chg Password Change password-chg Password Change submission Submission submission Submission cal CAL cal CAL eyelink EyeLink eyelink EyeLink tns-cml TNS CML tns-cml TNS CML http-alt FileMaker Inc. - HTTP Alternate (see http-alt FileMaker Inc. - HTTP Alternate (see

eudora-set Eudora Set eudora-set Eudora Set http-rpc-epmap HTTP RPC Ep Map http-rpc-epmap HTTP RPC Ep Map tpip TPIP tpip TPIP cab-protocol CAB Protocol cab-protocol CAB Protocol smsd SMSD smsd SMSD ptcnameservice PTC Name Service ptcnameservice PTC Name Service sco-websrvrmg3 SCO Web Server Manager 3 sco-websrvrmg3 SCO Web Server Manager 3 acp Aeolon Core Protocol acp Aeolon Core Protocol ipcserver Sun IPC server ipcserver Sun IPC server Sadmind [trojan] Sadmind soap-beep SOAP over BEEP soap-beep SOAP over BEEP SecretService [trojan] Secret Service urm Cray Unified Resource Manager urm Cray Unified Resource Manager nqs nqs nqs nqs

608 tcp sift-uft Sender-Initiated/Unsolicited File Transfer 608 udp sift-uft Sender-Initiated/Unsolicited File Transfer 609 tcp npmp-trap npmp-trap 609 udp npmp-trap npmp-trap 610 tcp npmp-local npmp-local 610 udp npmp-local npmp-local 611 tcp npmp-gui npmp-gui 611 udp npmp-gui npmp-gui 612 tcp hmmp-ind HMMP Indication 612 udp hmmp-ind HMMP Indication 613 tcp hmmp-op HMMP Operation 613 udp hmmp-op HMMP Operation 614 tcp sshell SSLshell 614 udp sshell SSLshell 615 tcp sco-inetmgr Internet Configuration Manager 615 udp sco-inetmgr Internet Configuration Manager 616 tcp sco-sysmgr SCO System Administration Server 616 udp sco-sysmgr SCO System Administration Server 617 tcp sco-dtmgr SCO Desktop Administration Server 617 udp sco-dtmgr SCO Desktop Administration Server 618 tcp dei-icda DEI-ICDA 618 udp dei-icda DEI-ICDA 619 tcp compaq-evm Compaq EVM 619 udp compaq-evm Compaq EVM 620 tcp sco-websrvrmgr SCO WebServer Manager 620 udp sco-websrvrmgr SCO WebServer Manager 621 tcp escp-ip ESCP 621 udp escp-ip ESCP 622 tcp collaborator Collaborator 622 udp collaborator Collaborator 623 tcp asf-rmcp ASF Remote Management and Control Protocol 623 udp asf-rmcp ASF Remote Management and Control Protocol 623 tcp aux_bus_shunt Aux Bus Shunt 623 udp aux_bus_shunt Aux Bus Shunt 624 tcp cryptoadmin Crypto Admin 624 udp cryptoadmin Crypto Admin 625 tcp dec_dlm DEC DLM 625 udp dec_dlm DEC DLM 626 tcp asia ASIA 626 udp asia ASIA 627 tcp passgo-tivoli PassGo Tivoli 627 udp passgo-tivoli PassGo Tivoli 628 tcp qmqp QMQP (qmail) 628 udp qmqp QMQP (qmail) 629 tcp 3com-amp3 3Com AMP3 629 udp 3com-amp3 3Com AMP3 630 tcp rda RDA 630 udp rda RDA

631 tcp ipp Internet Printing Protocol 631 udp ipp Internet Printing Protocol 632 tcp bmpp bmpp 632 udp bmpp bmpp 633 tcp servstat Service Status update (Sterling Software) 633 udp servstat Service Status update (Sterling Software) 634 tcp ginad ginad 634 udp ginad ginad 635 tcp rlzdbase RLZ DBase 635 udp rlzdbase RLZ DBase 635 udp mount NFS Mount Service 636 tcp ldaps ldap protocol over TLS/SSL (was sldap) 636 udp ldaps ldap protocol over TLS/SSL (was sldap) 637 tcp lanserver lanserver 637 udp lanserver lanserver 638 tcp mcns-sec mcns-sec 638 udp mcns-sec mcns-sec 639 tcp msdp MSDP 639 udp msdp MSDP 640 tcp entrust-sps entrust-sps 640 udp entrust-sps entrust-sps 640 udp pcnfs PC-NFS DOS Authentication 641 tcp repcmd repcmd 641 udp repcmd repcmd 642 tcp esro-emsdp ESRO-EMSDP V1.3 642 udp esro-emsdp ESRO-EMSDP V1.3 643 tcp sanity SANity 643 udp sanity SANity 644 tcp dwr dwr 644 udp dwr dwr 645 tcp pssc PSSC 645 udp pssc PSSC 646 tcp ldp LDP 646 udp ldp LDP 647 tcp dhcp-failover DHCP Failover 647 udp dhcp-failover DHCP Failover 648 tcp rrp Registry Registrar Protocol (RRP) 648 udp rrp Registry Registrar Protocol (RRP) 649 tcp cadview-3d Cadview-3d - streaming 3d models over the internet 649 udp cadview-3d Cadview-3d - streaming 3d models over the internet 649 tcp aminet Aminet 649 udp aminet Aminet 650 tcp obex OBEX 650 udp obex OBEX 650 udp bwnfs BW-NFS DOS Authentication 651 tcp ieee-mms IEEE MMS 651 udp ieee-mms IEEE MMS 652 tcp hello-port HELLO_PORT

652 udp hello-port HELLO_PORT 653 tcp repscmd RepCmd 653 udp repscmd RepCmd 654 tcp aodv AODV 654 udp aodv AODV 655 tcp tinc TINC 655 udp tinc TINC 656 tcp spmp SPMP 656 udp spmp SPMP 657 tcp rmc RMC 657 udp rmc RMC 658 tcp tenfold TenFold 658 udp tenfold TenFold 659 tcp url-rendezvous URL Rendezvous 659 udp url-rendezvous URL Rendezvous 660 tcp mac-srvr-admin MacOS Server Admin 660 udp mac-srvr-admin MacOS Server Admin 661 tcp hap HAP 661 udp hap HAP 661 tcp NokNok [trojan] NokNok 662 tcp pftp PFTP 662 udp pftp PFTP 663 tcp purenoise PureNoise 663 udp purenoise PureNoise 664 tcp asf-secure-rcmp ASF Secure Remote Management and Control Protocol 664 udp asf-secure-rcmp ASF Secure Remote Management and Control Protocol 664 tcp secure-aux-bus Secure Aux Bus 664 udp secure-aux-bus Secure Aux Bus 665 tcp sun-dr Sun DR 665 udp sun-dr Sun DR 666 tcp mdqs mdqs 666 udp mdqs mdqs 666 tcp doom doom Id Software 666 udp doom doom Id Software 666 tcp AttackFTP [trojan] Attack FTP 666 tcp BackConstruction [trojan] Back Construction 666 tcp BLAtrojan [trojan] BLA trojan 666 tcp Cain&Abel [trojan] Cain & Abel 666 tcp lpdw0rm [trojan] lpdw0rm 666 tcp NokNok [trojan] NokNok 666 tcp SatansBackDoor [trojan] Satans Back Door SBD 666 tcp ServU [trojan] ServU 666 tcp ShadowPhyre [trojan] Shadow Phyre 666 tcp th3r1pp3rz [trojan] th3r1pp3rz (= Therippers) 667 tcp disclose campaign contribution disclosures - SDR Technologies

667 udp disclose campaign contribution disclosures - SDR Technologies 667 tcp SniperNet [trojan] SniperNet 668 tcp mecomm MeComm 668 udp mecomm MeComm 668 tcp th3r1pp3rz [trojan] th3r1pp3rz (= Therippers) 669 tcp meregister MeRegister 669 udp meregister MeRegister 669 tcp DPtrojan [trojan] DP trojan 670 tcp vacdsm-sws VACDSM-SWS 670 udp vacdsm-sws VACDSM-SWS 671 tcp vacdsm-app VACDSM-APP 671 udp vacdsm-app VACDSM-APP 672 tcp vpps-qua VPPS-QUA 672 udp vpps-qua VPPS-QUA 673 tcp cimplex CIMPLEX 673 udp cimplex CIMPLEX 674 tcp acap ACAP 674 udp acap ACAP 675 tcp dctp DCTP 675 udp dctp DCTP 676 tcp vpps-via VPPS Via 676 udp vpps-via VPPS Via 677 tcp vpp Virtual Presence Protocol 677 udp vpp Virtual Presence Protocol 678 tcp ggf-ncp GNU Gereration Foundation NCP 678 udp ggf-ncp GNU Generation Foundation NCP 679 tcp mrm MRM 679 udp mrm MRM 680 tcp entrust-aaas entrust-aaas 680 udp entrust-aaas entrust-aaas 681 tcp entrust-aams entrust-aams 681 udp entrust-aams entrust-aams 682 tcp xfr XFR 682 udp xfr XFR 683 tcp corba-iiop CORBA IIOP 683 udp corba-iiop CORBA IIOP 684 tcp corba-iiop-ssl CORBA IIOP SSL 684 udp corba-iiop-ssl CORBA IIOP SSL 685 tcp mdc-portmapper MDC Port Mapper 685 udp mdc-portmapper MDC Port Mapper 686 tcp hcp-wismar Hardware Control Protocol Wismar 686 udp hcp-wismar Hardware Control Protocol Wismar 687 tcp asipregistry asipregistry 687 udp asipregistry asipregistry 688 tcp realm-rusd REALM-RUSD 688 udp realm-rusd REALM-RUSD 689 tcp nmap NMAP 689 udp nmap NMAP 689 tcp SLDAP LDAP over SSL

690 tcp vatp VATP 690 udp vatp VATP 691 tcp msexch-routing MS Exchange Routing 691 udp msexch-routing MS Exchange Routing 692 tcp hyperwave-isp Hyperwave-ISP 692 udp hyperwave-isp Hyperwave-ISP 692 tcp GayOL [trojan] GayOL 693 tcp connendp connendp 693 udp connendp connendp 694 tcp ha-cluster ha-cluster 694 udp ha-cluster ha-cluster 695 tcp ieee-mms-ssl IEEE-MMS-SSL 695 udp ieee-mms-ssl IEEE-MMS-SSL 696 tcp rushd RUSHD 696 udp rushd RUSHD 697 tcp uuidgen UUIDGEN 697 udp uuidgen UUIDGEN 698 tcp olsr OLSR 698 udp olsr OLSR 699 tcp accessnetwork Access Network 699 udp accessnetwork Access Network 704 tcp elcsd errlog copy server daemon 704 udp elcsd errlog copy server daemon 705 tcp agentx AgentX 705 udp agentx AgentX 706 tcp silc SILC 706 udp silc SILC 707 tcp borland-dsj Borland DSJ 707 udp borland-dsj Borland DSJ 709 tcp entrust-kmsh Entrust Key Management Service Handler 709 udp entrust-kmsh Entrust Key Management Service Handler 710 tcp entrust-ash Entrust Administration Service Handler 710 udp entrust-ash Entrust Administration Service Handler 711 tcp cisco-tdp Cisco TDP 711 udp cisco-tdp Cisco TDP 729 tcp netviewdm1 IBM NetView DM 6000 Server/Client 729 udp netviewdm1 IBM NetView DM 6000 Server/Client 730 tcp netviewdm2 IBM NetView DM 6000 send/tcp 730 udp netviewdm2 IBM NetView DM 6000 send/tcp 731 tcp netviewdm3 IBM NetView DM 6000 receive/tcp 731 udp netviewdm3 IBM NetView DM 6000 receive/tcp 737 udp sometimes-rpc2 Rusersd on my OpenBSD box 740 tcp netcp NETscout Control Protocol 740 udp netcp NETscout Control Protocol 741 tcp netgw netGW 741 udp netgw netGW 742 tcp netrcs Network based Rev. Cont. Sys.

742 744 744 747 747 748 748 749 749 750 750 750 750 751 751 751 751 752 752 753 753 754 754 754 758 758 759 759 760 760 760 761 761 761 762 762 763 763 764 764 765 765 767 767 769 769 770 770 771 771

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

netrcs Network based Rev. Cont. Sys. flexlm Flexible License Manager flexlm Flexible License Manager fujitsu-dev Fujitsu Device Control fujitsu-dev Fujitsu Device Control ris-cm Russell Info Sci Calendar Manager ris-cm Russell Info Sci Calendar Manager kerberos-adm Kerberos administration kerberos-adm Kerberos administration kerberos-iv Kerberos v4 kerberos-iv Kerberos v4 rfile rfile loadav loadav pump pump pump pump kerberos_master Kerberos `kadmin' (v4) kerberos_master Kerberos `kadmin' (v4) qrh qrh qrh qrh rrh rrh rrh rrh tell send tell send krb_prop kerberos v5 server propagation nlogin nlogin nlogin nlogin con con con con ns ns ns ns krbupdate kreg Kerberos (v4) registration rxe rxe rxe rxe kpasswd kpwd Kerberos (v4) passwd quotad quotad quotad quotad cycleserv cycleserv cycleserv cycleserv omserv omserv omserv omserv webster webster webster webster phonebook phonebook phonebook phonebook vid vid vid vid cadlock cadlock cadlock cadlock rtip rtip rtip rtip

772 772 773 773 774 774 775 775 776 776 777 777 777 777 780 780 781 781 782 782 783 783 786 786 787 787 799 800 800 801 801 808 810 810 828 828 829 829 847 847 871 873 873 886 886 887 887 888 888 888

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp

cycleserv2 cycleserv2 cycleserv2 cycleserv2 submit submit notify notify rpasswd rpasswd acmaint_dbd acmaint_dbd entomb entomb acmaint_transd acmaint_transd wpages wpages wpages wpages multiling-http Multiling HTTP multiling-http Multiling HTTP AimSpy [trojan] AimSpy Undetected [trojan] Undetected wpgs wpgs wpgs wpgs hp-collector hp performance data collector hp-collector hp performance data collector hp-managed-node hp performance data managed node hp-managed-node hp performance data managed node hp-alarm-mgr hp performance data alarm manager hp-alarm-mgr hp performance data alarm manager concert concert concert concert qsc QSC qsc QSC controlit controlit mdbs_daemon mdbs_daemon mdbs_daemon mdbs_daemon device device device device WinHole [trojan] WinHole fcp-udp FCP fcp-udp FCP Datagram itm-mcell-s itm-mcell-s itm-mcell-s itm-mcell-s pkix-3-ca-ra PKIX-3 CA RA pkix-3-ca-ra PKIX-3 CA RA dhcp-failover2 dhcp-failover 2 dhcp-failover2 dhcp-failover 2 supfilesrv SUP server rsync rsync rsync rsync iclcnet-locate ICL coNETion locate server iclcnet-locate ICL coNETion locate server iclcnet_svinfo ICL coNETion server info iclcnet_svinfo ICL coNETion server info accessbuilder AccessBuilder accessbuilder AccessBuilder cddbp CD Database Protocol

900 tcp omginitialrefs OMG Initial Refs 900 udp omginitialrefs OMG Initial Refs 900 tcp fw1-clntauth-http Check Point FW-1/VPN-1 client auth (http) 901 tcp samba-swat Samba SWAT tool 901 tcp realsecure RealSecure sensor 901 tcp smpnameres SMPNAMERES 901 udp smpnameres SMPNAMERES 902 tcp ideafarm-chat IDEAFARM-CHAT 902 udp ideafarm-chat IDEAFARM-CHAT 903 tcp ideafarm-catch IDEAFARM-CATCH 903 udp ideafarm-catch IDEAFARM-CATCH 911 tcp xact-backup xact-backup 911 udp xact-backup xact-backup 911 tcp DarkShadow [trojan] Dark Shadow 912 tcp apex-mesh APEX relay-relay service 912 udp apex-mesh APEX relay-relay service 913 tcp apex-edge APEX endpoint-relay service 913 udp apex-edge APEX endpoint-relay service 953 tcp rndc BIND 9 rndc control socket 953 udp rndc BIND 9 rndc control socket (NOTUSED) 974 tcp securenetpro SecureNet Pro secure comm to console 975 tcp securenetpro SecureNet Pro sensor 989 tcp ftps-data ftp data over TLS/SSL 989 udp ftps-data ftp data over TLS/SSL 990 tcp ftps ftp data over TLS/SSL 990 udp ftps ftp data over TLS/SSL 991 tcp nas Netnews Administration System 991 udp nas Netnews Administration System 992 tcp telnets telnet protocol over TLS/SSL 992 udp telnets telnet protocol over TLS/SSL 993 tcp imaps imap4 protocol over TLS/SSL 993 udp imaps imap4 protocol over TLS/SSL 994 tcp ircs irc protocol over TLS/SSL 994 udp ircs irc protocol over TLS/SSL 995 tcp pop3s POP3 protocol over TLS/SSL 995 udp pop3s pop3 protocol over TLS/SSL (was spop3) 996 tcp vsinet vsinet 996 udp vsinet vsinet 996 tcp xtreelic XTREE License Server 997 tcp maitrd maitrd 997 udp maitrd maitrd 998 tcp busboy busboy 998 udp puparp puparp 999 tcp garcon garcon 999 udp applix Applix ac 999 tcp puprouter puprouter

999 udp puprouter puprouter 999 tcp Chatpower [trojan] Chat power 999 tcp DeepThroat [trojan] DeepThroat 999 tcp Foreplay [trojan] Foreplay 999 tcp WinSatan [trojan] WinSatan 1000 tcp cadlock2 cadlock2 1000 udp cadlock2 cadlock2 1000 tcp Connecter [trojan] Connecter 1000 tcp DerSpher [trojan] Der Spher / Der Spaeher 1000 tcp DerSpherDerSpaeher [trojan] Der Spher / Der Spaeher 1000 tcp DirectConnection [trojan] Direct Connection 1000 tcp InsaneNetwork [trojan] Insane Network 1001 tcp sabserv Sabre Desktop Reservation Software for Windows 1001 tcp DerSpher [trojan] Der Spher / Der Spaeher 1001 tcp LeGuardien [trojan] Le Guardien 1001 tcp Silencer [trojan] Silencer 1001 tcp Theef [trojan] Theef 1001 tcp WebEx [trojan] WebEx 1002 tcp win2k-ils Microsoft NetMeeting ILS server default port (win2k) 1005 tcp Theef [trojan] Theef 1008 tcp Lion [trojan] Lion 1008 tcp ufsd ufsd UFS-aware server 1008 udp ufsd ufsd UFS-aware server 1010 tcp surf surf 1010 udp surf surf 1010 tcp DolyTrojan [trojan] Doly Trojan 1011 tcp DolyTrojan [trojan] Doly Trojan 1012 udp sometimes-rpc1 This is rstatd on my openBSD box box 1012 tcp DolyTrojan [trojan] Doly Trojan 1015 tcp DolyTrojan [trojan] Doly Trojan 1016 tcp DolyTrojan [trojan] Doly Trojan 1020 tcp Vampire [trojan] Vampire 1023 tcp gs400-nas Linux backend of Gateway GS-400 NAS 1024 tcp kdm K Display Manager (KDE version of xdm) xdm) 1024 tcp Jade [trojan] Jade 1024 tcp Latinus [trojan] Latinus 1024 tcp NetSpy [trojan] NetSpy 1024 tcp RAT [trojan] Remote Administration Tool - RAT [no 2] 1025 tcp blackjack network blackjack 1025 udp blackjack network blackjack 1025 tcp listen listener RFS remote_file_sharing 1025 tcp shoppro ShopPro accounting software 1025 tcp FraggleRock [trojan] Fraggle Rock

1025 1025 1025 1025 1026 1027 1029 1029 1030 1030 1031 1031 1031 1032 1032 1035 1040 1040 1042 1042 1045 1047 1047 1048 1048 1049 1049 1049 1050 1050 1050 1051 1051 1052 1052 1053 1053 1053 1054 1054 1054 1055 1055 1056 1056 1057 1057 1058 1058 1059

tcp tcp tcp udp tcp tcp tcp tcp tcp udp tcp udp tcp tcp udp tcp tcp udp tcp udp tcp tcp udp tcp udp tcp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp

md5Backdoor [trojan] md5 Backdoor NetSpy [trojan] NetSpy RemoteStorm [trojan] Remote Storm RemoteStorm [trojan] Remote Storm nterm remote_login network_terminal ICKiller [trojan] ICKiller ICQNuke98 [trojan] ICQ Nuke 98 InCommand [trojan] InCommand iad1 BBN IAD iad1 BBN IAD iad2 BBN IAD iad2 BBN IAD Xanadu [trojan] Xanadu iad3 BBN IAD iad3 BBN IAD Multidropper [trojan] Multidropper netarx Netarx netarx Netarx BLAtrojan [trojan] BLA trojan BLAtrojan [trojan] BLA trojan Rasmin [trojan] Rasmin neod1 Sun's NEO Object Request Broker neod1 Sun's NEO Object Request Broker neod2 Sun's NEO Object Request Broker neod2 Sun's NEO Object Request Broker sbininitd [trojan] /sbin/initd td-postman Tobit David Postman VPMN td-postman Tobit David Postman VPMN cma CORBA Management Agent cma CORBA Management Agent MiniCommand [trojan] MiniCommand optima-vnet Optima VNET optima-vnet Optima VNET ddt Dynamic DNS Tools ddt Dynamic DNS Tools remote-as Remote Assistant (RA) remote-as Remote Assistant (RA) TheThief [trojan] The Thief brvread BRVREAD brvread BRVREAD AckCmd [trojan] AckCmd ansyslmd ANSYS - License Manager ansyslmd ANSYS - License Manager vfo VFO vfo VFO startron STARTRON startron STARTRON nim nim nim nim nimreg nimreg

1059 udp 1060 tcp 1060 udp 1061 tcp 1061 udp 1062 tcp 1062 udp 1063 tcp 1063 udp 1064 tcp 1064 udp 1065 tcp 1065 udp 1066 tcp 1066 udp 1067 tcp 1067 udp 1068 tcp 1068 udp 1069 tcp 1069 udp 1070 tcp 1070 udp 1071 tcp 1071 udp 1072 tcp 1072 udp 1073 tcp 1073 udp 1074 tcp 1074 udp 1075 tcp 1075 udp 1076 tcp 1076 udp 1077 tcp 1077 udp 1078 tcp 1078 udp 1079 tcp 1079 udp 1080 tcp 1080 udp 1080 tcp 1080 tcp 1081 tcp 1081 udp 1081 tcp 1082 tcp 1082 udp

nimreg nimreg polestar POLESTAR polestar POLESTAR kiosk KIOSK kiosk KIOSK veracity Veracity veracity Veracity kyoceranetdev KyoceraNetDev kyoceranetdev KyoceraNetDev jstel JSTEL jstel JSTEL syscomlan SYSCOMLAN syscomlan SYSCOMLAN fpo-fns FPO-FNS fpo-fns FPO-FNS instl_boots Installation Bootstrap Proto. Serv. instl_boots Installation Bootstrap Proto. Serv. instl_bootc Installation Bootstrap Proto. Cli. instl_bootc Installation Bootstrap Proto. Cli. cognex-insight COGNEX-INSIGHT cognex-insight COGNEX-INSIGHT gmrupdateserv GMRUpdateSERV gmrupdateserv GMRUpdateSERV bsquare-voip BSQUARE-VOIP bsquare-voip BSQUARE-VOIP cardax CARDAX cardax CARDAX bridgecontrol BridgeControl bridgecontrol BridgeControl fastechnologlm FASTechnologies License Manager fastechnologlm FASTechnologies License Manager rdrmshc RDRMSHC rdrmshc RDRMSHC dab-sti-c DAB STI-C dab-sti-c DAB STI-C imgames IMGames imgames IMGames emanagecstp eManageCstp emanagecstp eManageCstp asprovatalk ASPROVATalk asprovatalk ASPROVATalk socks socks socks socks SubSeven2.2 [trojan] SubSeven 2.2 WinHole [trojan] WinHole pvuniwien PVUNIWIEN pvuniwien PVUNIWIEN WinHole [trojan] WinHole amt-esd-prot AMT-ESD-PROT amt-esd-prot AMT-ESD-PROT

1082 tcp 1083 tcp 1083 udp 1083 tcp 1084 tcp 1084 udp 1085 tcp 1085 udp 1086 tcp 1086 udp 1087 tcp 1087 udp 1088 tcp 1088 udp 1089 tcp 1089 udp 1090 tcp 1090 udp 1090 tcp 1091 tcp 1091 udp 1092 tcp 1092 udp 1093 tcp 1093 udp 1094 tcp 1094 udp 1095 tcp 1095 udp 1095 tcp Tool - RAT 1096 tcp 1096 udp 1097 tcp Tool - RAT 1097 tcp 1097 udp 1098 tcp Tool - RAT 1098 tcp 1098 udp 1099 tcp 1099 udp 1099 tcp 1099 tcp Tool - RAT 1100 tcp 1100 udp 1101 tcp 1101 udp

WinHole ansoft-lm-1 ansoft-lm-1 WinHole ansoft-lm-2 ansoft-lm-2 webobjects webobjects cplscrambler-lg cplscrambler-lg cplscrambler-in cplscrambler-in cplscrambler-al cplscrambler-al ff-annunc ff-annunc ff-fms ff-fms Xtreme ff-sm ff-sm obrpd obrpd proofd proofd rootd rootd nicelink nicelink RAT cnrprotocol cnrprotocol RAT sunclustermgr sunclustermgr RAT

[trojan] WinHole Anasoft License Manager Anasoft License Manager [trojan] WinHole Anasoft License Manager Anasoft License Manager Web Objects Web Objects CPL Scrambler Logging CPL Scrambler Logging CPL Scrambler Internal CPL Scrambler Internal CPL Scrambler Alarm Log CPL Scrambler Alarm Log FF Annunciation FF Annunciation FF Fieldbus Message Specification FF Fieldbus Message Specification [trojan] Xtreme FF System Management FF System Management OBRPD OBRPD PROOFD PROOFD ROOTD ROOTD NICELink NICELink [trojan] Remote Administration Common Name Resolution Protocol Common Name Resolution Protocol [trojan] Remote Administration Sun Cluster Manager Sun Cluster Manager [trojan] Remote Administration

rmiactivation RMI Activation rmiactivation RMI Activation rmiregistry RMI Registry rmiregistry RMI Registry BloodFestEvolution [trojan] Blood Fest Evolution RAT [trojan] Remote Administration mctp mctp pt2-discover pt2-discover MCTP MCTP PT2-DISCOVER PT2-DISCOVER

1102 1102 1103 1103 1103 1104 1104 1104 1105 1105 1106 1106 1107 1107 1108 1108 1109 1110 1110 1111 1111 1112 1112 1112 1114 1114 1115 1115 1116 1116 1117 1117 1122 1122 1123 1123 1127 1150 1151 1155 1155 1161 1161 1162 1162 1167 1169 1169 1170

tcp udp tcp udp tcp tcp udp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp udp tcp udp tcp udp udp tcp udp tcp

adobeserver-1 ADOBE SERVER 1 adobeserver-1 ADOBE SERVER 1 adobeserver-2 ADOBE SERVER 2 adobeserver-2 ADOBE SERVER 2 xaudio Xaserver X Audio Server xrl XRL xrl XRL RexxRave [trojan] RexxRave ftranhc FTRANHC ftranhc FTRANHC isoipsigport-1 ISOIPSIGPORT-1 isoipsigport-1 ISOIPSIGPORT-1 isoipsigport-2 ISOIPSIGPORT-2 isoipsigport-2 ISOIPSIGPORT-2 ratio-adp ratio-adp ratio-adp ratio-adp kpop Pop with Kerberos nfsd-status Cluster status info nfsd-keepalive Client status info lmsocialserver LM Social Server lmsocialserver LM Social Server icp Intelligent Communication Protocol icp Intelligent Communication Protocol msql mini-sql server mini-sql Mini SQL mini-sql Mini SQL ardus-trns ARDUS Transfer ardus-trns ARDUS Transfer ardus-cntl ARDUS Control ardus-cntl ARDUS Control ardus-mtrns ARDUS Multicast Transfer ardus-mtrns ARDUS Multicast Transfer availant-mgr availant-mgr availant-mgr availant-mgr murray Murray murray Murray supfiledbg SUP debugging Orion [trojan] Orion Orion [trojan] Orion nfa Network File Access nfa Network File Access health-polling Health Polling health-polling Health Polling health-trap Health Trap health-trap Health Trap phone conference calling tripwire TRIPWIRE tripwire TRIPWIRE PsyberStreamServer [trojan] Psyber Stream Server - PSS

1170 Server 1170 1174 1178 1180 1180 1180 1183 1184 1185 1185 1188 1188 1199 1199 1200 1200 1200 1201 1201 1201 1202 1202 1203 1203 1204 1204 1205 1205 1206 1206 1207 1207 1207 1208 1208 1208 1209 1209 1210 1210 1211 1211 1212 1212 1212 1213 1213 1214

tcp tcp tcp tcp tcp udp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp udp tcp udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp

StreamingAudioServer

[trojan]

Streaming

Audio

Voice [trojan] Voice DaCryptic [trojan] DaCryptic skkserv SKK (kanji input) mc-client Millicent Client Proxy mc-client Millicent Client Proxy Unin68 [trojan] Unin68 laplink-ssl LapLink Surf-up SSL laplink LapLink Surf-up catchpole Catchpole port catchpole Catchpole port hp-webadmin HP Web Admin hp-webadmin HP Web Admin dmidi DMIDI dmidi DMIDI scol SCOL scol SCOL NoBackO [trojan] NoBackO nucleus-sand Nucleus Sand nucleus-sand Nucleus Sand NoBackO [trojan] NoBackO caiccipc caiccipc caiccipc caiccipc ssslic-mgr License Validation ssslic-mgr License Validation ssslog-mgr Log Request Listener ssslog-mgr Log Request Listener accord-mgc Accord-MGC accord-mgc Accord-MGC anthony-data Anthony Data anthony-data Anthony Data metasage MetaSage metasage MetaSage SoftWAR [trojan] SoftWAR seagull-ais SEAGULL AIS seagull-ais SEAGULL AIS Infector [trojan] Infector ipcd3 IPCD3 ipcd3 IPCD3 eoss EOSS eoss EOSS groove-dpp Groove DPP groove-dpp Groove DPP lupa lupa Kaos [trojan] Kaos mpc-lifenet MPC LIFENET mpc-lifenet MPC LIFENET kazaa KAZAA file sharing app

1214 1214 1214 1214 1214 1215 1215 1216 1216 1217 1217 1218 1218 1219 1219 1220 1220 1221 1221 1222 1222 1223 1223 1224 1224 1225 1225 1226 1226 1227 1227 1228 1228 1229 1229 1230 1230 1231 1231 1233 1233 1234 1234 1234 1234 1234 1235 1235 1236 1236

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp udp tcp udp

kazaa KAZAA file sharing app Morpheous Morpheous file sharing app Morpheous Morpheous file sharing app Grokster Grokster file sharing app Grokster Grokster file sharing app scanstat-1 scanSTAT 1.0 scanstat-1 scanSTAT 1.0 etebac5 ETEBAC 5 etebac5 ETEBAC 5 hpss-ndapi HPSS-NDAPI hpss-ndapi HPSS-NDAPI aeroflight-ads AeroFlight-ADs aeroflight-ads AeroFlight-ADs aeroflight-ret AeroFlight-Ret aeroflight-ret AeroFlight-Ret qt-serveradmin QT SERVER ADMIN qt-serveradmin QT SERVER ADMIN sweetware-apps SweetWARE Apps sweetware-apps SweetWARE Apps nerv SNI R&D network nerv SNI R&D network tgp TGP tgp TGP vpnz VPNz vpnz VPNz slinkysearch SLINKYSEARCH slinkysearch SLINKYSEARCH stgxfws STGXFWS stgxfws STGXFWS dns2go DNS2Go dns2go DNS2Go florence FLORENCE florence FLORENCE novell-zfs Novell ZFS novell-zfs Novell ZFS periscope Periscope periscope Periscope menandmice-lpm menandmice-lpm menandmice-lpm menandmice-lpm univ-appserver Universal App Server univ-appserver Universal App Server search-agent Infoseek Search Agent search-agent Infoseek Search Agent hotline HotLine SubSevenJavaclient [trojan] SubSeven Java client UltorsTrojan [trojan] Ultors Trojan mosaicsyssvc1 mosaicsyssvc1 mosaicsyssvc1 mosaicsyssvc1 bvcontrol bvcontrol bvcontrol bvcontrol

1237 tcp 1237 udp 1238 tcp 1238 udp 1239 tcp 1239 udp 1240 tcp 1240 udp 1241 tcp 1241 tcp 1241 udp 1242 tcp 1242 udp 1243 tcp 1243 tcp 1243 udp 1243 tcp Apocalypse 1243 tcp 1243 tcp 1244 tcp 1244 udp 1245 tcp 1245 udp 1245 tcp 1246 tcp 1246 udp 1247 tcp 1247 udp 1248 tcp 1248 udp 1249 tcp 1249 udp 1250 tcp 1250 udp 1251 tcp 1251 udp 1252 tcp 1252 udp 1253 tcp 1253 udp 1254 tcp 1254 udp 1255 tcp 1255 udp 1255 tcp 1256 tcp 1256 udp 1256 tcp 1256 tcp

tsdos390 tsdos390 tsdos390 tsdos390 hacl-qs hacl-qs hacl-qs hacl-qs nmsd NMSD nmsd NMSD instantia Instantia instantia Instantia msg remote message server nessus nessus nessus nessus nmasoverip NMAS over IP nmasoverip NMAS over IP BackDoor-G [trojan] BackDoor-G serialgateway SerialGateway serialgateway SerialGateway SubSevenApocalypse [trojan] SubSeven [trojan] SubSeven Tiles [trojan] Tiles isbconference1 isbconference1 isbconference1 isbconference1 isbconference2 isbconference2 isbconference2 isbconference2 VooDooDoll [trojan] VooDoo Doll payrouter payrouter payrouter payrouter visionpyramid VisionPyramid visionpyramid VisionPyramid hermes hermes hermes hermes mesavistaco Mesa Vista Co mesavistaco Mesa Vista Co swldy-sias swldy-sias swldy-sias swldy-sias servergraph servergraph servergraph servergraph bspne-pcc bspne-pcc bspne-pcc bspne-pcc q55-pcc q55-pcc q55-pcc q55-pcc de-noc de-noc de-noc de-noc de-cache-query de-cache-query de-cache-query de-cache-query Scarab [trojan] Scarab de-server de-server de-server de-server ProjectnEXT [trojan] Project nEXT RexxRave [trojan] RexxRave

SubSeven

1257 tcp 1257 udp 1258 tcp 1258 udp 1259 tcp 1259 udp 1260 tcp 1260 udp 1261 tcp 1261 udp 1262 tcp 1262 udp 1263 tcp 1263 udp 1264 tcp 1264 udp 1265 tcp 1265 udp 1266 tcp 1266 udp 1267 tcp 1267 udp 1268 tcp 1268 udp 1269 tcp 1269 udp 1269 tcp 1270 tcp 1270 udp 1271 tcp 1271 udp 1272 tcp 1272 udp 1272 tcp 1273 tcp 1273 udp 1274 tcp 1274 udp 1275 tcp 1275 udp 1276 tcp 1276 udp 1277 tcp 1277 udp 1278 tcp 1278 udp 1279 tcp 1279 udp 1280 tcp 1280 udp

shockwave2 Shockwave 2 shockwave2 Shockwave 2 opennl Open Network Library opennl Open Network Library opennl-voice Open Network Library Voice opennl-voice Open Network Library Voice ibm-ssd ibm-ssd ibm-ssd ibm-ssd mpshrsv mpshrsv mpshrsv mpshrsv qnts-orb QNTS-ORB qnts-orb QNTS-ORB dka dka dka dka prat PRAT prat PRAT dssiapi DSSIAPI dssiapi DSSIAPI dellpwrappks DELLPWRAPPKS dellpwrappks DELLPWRAPPKS pcmlinux pcmlinux pcmlinux pcmlinux propel-msgsys PROPEL-MSGSYS propel-msgsys PROPEL-MSGSYS watilapp WATiLaPP watilapp WATiLaPP Matrix [trojan] Matrix opsman opsman opsman opsman dabew Dabew dabew Dabew cspmlockmgr CSPMLockMgr cspmlockmgr CSPMLockMgr TheMatrix [trojan] The Matrix emc-gateway EMC-Gateway emc-gateway EMC-Gateway t1distproc t1distproc t1distproc t1distproc ivcollector ivcollector ivcollector ivcollector ivmanager ivmanager ivmanager ivmanager miva-mqs mqs miva-mqs mqs dellwebadmin-1 Dell Web Admin 1 dellwebadmin-1 Dell Web Admin 1 dellwebadmin-2 Dell Web Admin 2 dellwebadmin-2 Dell Web Admin 2 pictrography Pictrography pictrography Pictrography

1281 1281 1282 1282 1283 1283 1284 1284 1285 1285 1286 1286 1288 1288 1289 1289 1290 1290 1291 1291 1292 1292 1293 1293 1294 1294 1295 1295 1296 1296 1297 1297 1298 1298 1299 1299 1300 1300 1301 1301 1302 1302 1303 1303 1304 1304 1305 1305 1306 1306

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

healthd healthd emperion emperion productinfo productinfo iee-qfx iee-qfx neoiface neoiface netuitive netuitive navbuddy navbuddy jwalkserver jwalkserver winjaserver winjaserver seagulllms seagulllms dsdn dsdn pkt-krb-ipsec pkt-krb-ipsec cmmdriver cmmdriver ehtp ehtp dproxy dproxy sdproxy sdproxy lpcp lpcp hp-sci hp-sci h323hostcallsc h323hostcallsc ci3-software-1 ci3-software-1 ci3-software-2 ci3-software-2 sftsrv sftsrv boomerang boomerang pe-mike pe-mike re-conn-proto re-conn-proto

healthd healthd Emperion Emperion ProductInfo ProductInfo IEE-QFX IEE-QFX neoiface neoiface netuitive netuitive NavBuddy NavBuddy JWalkServer JWalkServer WinJaServer WinJaServer SEAGULLLMS SEAGULLLMS dsdn dsdn PKT-KRB-IPSec PKT-KRB-IPSec CMMdriver CMMdriver End-by-Hop Transmission Protocol End-by-Hop Transmission Protocol dproxy dproxy sdproxy sdproxy lpcp lpcp hp-sci hp-sci H323 Host Call Secure H323 Host Call Secure CI3-Software-1 CI3-Software-1 CI3-Software-2 CI3-Software-2 sftsrv sftsrv Boomerang Boomerang pe-mike pe-mike RE-Conn-Proto RE-Conn-Proto

1307 tcp 1307 udp 1308 tcp (ODSI) 1308 udp (ODSI) 1309 tcp 1309 udp 1310 tcp 1310 udp 1311 tcp 1311 udp 1312 tcp 1312 udp 1313 tcp 1313 udp 1313 tcp 1314 tcp 1314 udp 1315 tcp 1315 udp 1316 tcp 1316 udp 1317 tcp 1317 udp 1318 tcp 1318 udp 1319 tcp 1319 udp 1320 tcp 1320 udp 1321 tcp 1321 udp 1322 tcp 1322 udp 1323 tcp 1323 udp 1324 tcp 1324 udp 1325 tcp 1325 udp 1326 tcp 1326 udp 1327 tcp 1327 udp 1328 tcp 1328 udp 1329 tcp 1329 udp 1330 tcp

pacmand pacmand odsi odsi

Pacmand Pacmand Optical Domain Service Interconnect Optical Domain Service Interconnect

jtag-server JTAG server jtag-server JTAG server husky Husky husky Husky rxmon RxMon rxmon RxMon sti-envision STI Envision sti-envision STI Envision bmc_patroldb BMC_PATROLDB bmc_patroldb BMC_PATROLDB NETrojan [trojan] NETrojan pdps Photoscript Distributed Printing System pdps Photoscript Distributed Printing System els els els els exbit-escp Exbit-ESCP exbit-escp Exbit-ESCP vrts-ipcserver vrts-ipcserver vrts-ipcserver vrts-ipcserver krb5gatekeeper krb5gatekeeper krb5gatekeeper krb5gatekeeper panja-icsp Panja-ICSP panja-icsp Panja-ICSP panja-axbnet Panja-AXBNET panja-axbnet Panja-AXBNET pip PIP pip PIP novation Novation novation Novation brcd brcd brcd brcd delta-mcp delta-mcp delta-mcp delta-mcp dx-instrument DX-Instrument dx-instrument DX-Instrument wimsic WIMSIC wimsic WIMSIC ultrex Ultrex ultrex Ultrex ewall EWALL ewall EWALL netdb-export netdb-export netdb-export netdb-export streetperfect StreetPerfect

1330 1331 1331 1332 1332 1333 1333 1334 1334 1335 1335 1336 1336 1337 1337 1337 1338 1338 1338 1339 1339 1340 1340 1341 1341 1342 1342 1343 1343 1344 1344 1345 1345 1345 1346 1346 1346 1347 1347 1348 1348 1349 1349 1349 1349 1350 1350 1351 1351 1352

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp udp tcp udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

streetperfect StreetPerfect intersan intersan intersan intersan pcia-rxp-b PCIA RXP-B pcia-rxp-b PCIA RXP-B passwrd-policy Password Policy passwrd-policy Password Policy writesrv writesrv writesrv writesrv digital-notary Digital Notary Protocol digital-notary Digital Notary Protocol ischat Instant Service Chat ischat Instant Service Chat menandmice-dns menandmice DNS Shadyshell [trojan] Shadyshell menandmice-dns menandmice DNS wmc-log-svc WMC-log-svr wmc-log-svc WMC-log-svr MillenniumWorm [trojan] Millennium Worm kjtsiteserver kjtsiteserver kjtsiteserver kjtsiteserver naap NAAP naap NAAP qubes QuBES qubes QuBES esbroker ESBroker esbroker ESBroker re101 re101 re101 re101 icap ICAP icap ICAP vpjp VPJP vpjp VPJP ghost-server Symantec Ghost multicast (server) alta-ana-lm Alta Analytics License Manager alta-ana-lm Alta Analytics License Manager ghost-client Symantec Ghost multicast (client) bbn-mmc multi media conferencing bbn-mmc multi media conferencing bbn-mmx multi media conferencing bbn-mmx multi media conferencing sbook Registration Network Protocol sbook Registration Network Protocol BODLL [trojan] BO DLL BODLL [trojan] BO DLL editbench Registration Network Protocol editbench Registration Network Protocol equationbuilder Digital Tool Works (MIT) equationbuilder Digital Tool Works (MIT) lotusnote Lotus Note

1352 udp 1353 tcp 1353 udp 1354 tcp 1354 udp 1355 tcp 1355 udp 1356 tcp 1356 udp 1357 tcp 1357 udp 1358 tcp 1358 udp 1359 tcp 1359 udp 1360 tcp 1360 udp 1361 tcp 1361 udp 1362 tcp 1362 udp 1363 tcp 1363 udp 1364 tcp 1364 udp 1365 tcp 1365 udp 1366 tcp Platform 1366 udp Platform 1367 tcp 1367 udp 1368 tcp 1368 udp 1369 tcp 1369 udp 1370 tcp 1370 udp 1371 tcp 1371 udp 1372 tcp 1372 udp 1373 tcp 1373 udp 1374 tcp 1374 udp 1375 tcp 1375 udp 1376 tcp

lotusnote relief relief rightbrain rightbrain intuitive-edge intuitive-edge cuillamartin cuillamartin pegboard pegboard connlcli connlcli ftsrv ftsrv mimer mimer linx linx timeflies timeflies ndm-requester ndm-requester ndm-server ndm-server adapt-sna adapt-sna netware-csp netware-csp dcs dcs screencast screencast gv-us gv-us us-gv us-gv fc-cli fc-cli fc-ser fc-ser chromagrafx chromagrafx molly molly bytex bytex ibm-pps

Lotus Note Relief Consulting Relief Consulting RightBrain Software RightBrain Software Intuitive Edge Intuitive Edge CuillaMartin Company CuillaMartin Company Electronic PegBoard Electronic PegBoard CONNLCLI CONNLCLI FTSRV FTSRV MIMER MIMER LinX LinX TimeFlies TimeFlies Network DataMover Requester Network DataMover Requester Network DataMover Server Network DataMover Server Network Software Associates Network Software Associates Novell NetWare Comm Service Novell NetWare Comm Service DCS DCS ScreenCast ScreenCast GlobalView to Unix Shell GlobalView to Unix Shell Unix Shell to GlobalView Unix Shell to GlobalView Fujitsu Config Protocol Fujitsu Config Protocol Fujitsu Config Protocol Fujitsu Config Protocol Chromagrafx Chromagrafx EPI Software Systems EPI Software Systems Bytex Bytex IBM Person to Person Software

1376 udp 1377 tcp 1377 udp 1378 tcp 1378 udp 1379 tcp 1379 udp 1380 tcp 1380 udp 1381 tcp 1381 udp 1382 tcp 1382 udp 1383 tcp Manager 1383 udp Manager 1384 tcp 1384 udp 1385 tcp 1385 udp 1386 tcp 1386 tcp 1386 udp 1387 tcp LM 1387 udp LM 1388 tcp 1388 udp 1389 tcp 1389 udp 1390 tcp 1390 udp 1391 tcp 1391 udp 1392 tcp 1392 udp 1393 tcp 1393 udp 1394 tcp 1394 udp 1394 tcp 1395 tcp 1395 udp 1396 tcp 1396 udp 1397 tcp 1397 udp 1398 tcp

ibm-pps IBM Person to Person Software cichlid Cichlid License Manager cichlid Cichlid License Manager elan Elan License Manager elan Elan License Manager dbreporter Integrity Solutions dbreporter Integrity Solutions telesis-licman Telesis Network License Manager telesis-licman Telesis Network License Manager apple-licman Apple Network License Manager apple-licman Apple Network License Manager udt_os udt_os udt_os udt_os gwha GW Hannaway Network License gwha os-licman os-licman atex_elmd atex_elmd checksum Dagger checksum cadsi-lm cadsi-lm objective-dbc objective-dbc iclpv-dm iclpv-dm iclpv-sc iclpv-sc iclpv-sas iclpv-sas iclpv-pm iclpv-pm iclpv-nls iclpv-nls iclpv-nlc iclpv-nlc GoFriller iclpv-wsm iclpv-wsm dvl-activemail dvl-activemail audio-activmail audio-activmail video-activmail GW Hannaway Network License Objective Solutions License Manager Objective Solutions License Manager Atex Publishing License Manager Atex Publishing License Manager CheckSum License Manager [trojan] Dagger CheckSum License Manager Computer Aided Design Software Inc Computer Aided Design Software Inc Objective Solutions DataBase Cache Objective Solutions DataBase Cache Document Manager Document Manager Storage Controller Storage Controller Storage Access Server Storage Access Server Print Manager Print Manager Network Log Server Network Log Server Network Log Client Network Log Client [trojan] GoFriller PC Workstation Manager software PC Workstation Manager software DVL Active Mail DVL Active Mail Audio Active Mail Audio Active Mail Video Active Mail

1398 1399 1399 1400 1400 1401 1401 1402 1402 1403 1403 1404 1404 1405 1405 1406 1406 1407 1407 1408 1408 1409 1409 1410 1410 1411 1411 1412 1412 1413 1413 1414 1414 1415 1415 1416 1416 1417 1417 1418 1418 1419 1419 1420 1420 1421 1421 1422 1422 1423

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

video-activmail Video Active Mail cadkey-licman Cadkey License Manager cadkey-licman Cadkey License Manager cadkey-tablet Cadkey Tablet Daemon cadkey-tablet Cadkey Tablet Daemon goldleaf-licman Goldleaf License Manager goldleaf-licman Goldleaf License Manager prm-sm-np Prospero Resource Manager prm-sm-np Prospero Resource Manager prm-nm-np Prospero Resource Manager prm-nm-np Prospero Resource Manager igi-lm Infinite Graphics License Manager igi-lm Infinite Graphics License Manager ibm-res IBM Remote Execution Starter ibm-res IBM Remote Execution Starter netlabs-lm NetLabs License Manager netlabs-lm NetLabs License Manager dbsa-lm DBSA License Manager dbsa-lm DBSA License Manager sophia-lm Sophia License Manager sophia-lm Sophia License Manager here-lm Here License Manager here-lm Here License Manager hiq HiQ License Manager hiq HiQ License Manager af AudioFile af AudioFile innosys InnoSys innosys InnoSys innosys-acl InnoSys-ACL innosys-acl InnoSys-ACL ibm-mqseries IBM MQSeries ibm-mqseries IBM MQSeries dbstar DBStar dbstar DBStar novell-lu6.2 Novell LU6.2 novell-lu6.2 Novell LU6.2 timbuktu-srv1 Timbuktu Service 1 Port timbuktu-srv1 Timbuktu Service 1 Port timbuktu-srv2 Timbuktu Service 2 Port timbuktu-srv2 Timbuktu Service 2 Port timbuktu-srv3 Timbuktu Service 3 Port timbuktu-srv3 Timbuktu Service 3 Port timbuktu-srv4 Timbuktu Service 4 Port timbuktu-srv4 Timbuktu Service 4 Port gandalf-lm Gandalf License Manager gandalf-lm Gandalf License Manager autodesk-lm Autodesk License Manager autodesk-lm Autodesk License Manager essbase Essbase Arbor Software

1423 udp 1424 tcp 1424 udp 1425 tcp 1425 udp 1426 tcp 1426 udp 1427 tcp 1427 udp 1428 tcp 1428 udp 1429 tcp 1429 udp 1430 tcp 1430 udp 1431 tcp 1431 udp 1432 tcp 1432 udp 1433 tcp 1433 udp 1434 tcp 1434 udp 1435 tcp 1435 udp 1436 tcp 1436 udp 1437 tcp 1437 udp 1438 tcp 1438 udp 1439 tcp 1439 udp 1440 tcp 1440 udp 1441 tcp 1441 udp 1441 tcp 1442 tcp 1442 udp 1443 tcp 1443 udp 1444 tcp 1444 udp 1445 tcp 1445 udp 1446 tcp Manager 1446 udp Manager

essbase hybrid hybrid zion-lm zion-lm sais sais mloadd mloadd informatik-lm informatik-lm nms nms tpdu tpdu rgtp rgtp blueberry-lm blueberry-lm ms-sql-s ms-sql-s ms-sql-m ms-sql-m ibm-cics ibm-cics saism saism tabula tabula eicon-server eicon-server eicon-x25 eicon-x25 eicon-slp eicon-slp cadis-1 cadis-1 RemoteStorm cadis-2 cadis-2 ies-lm ies-lm marcam-lm marcam-lm proxima-lm proxima-lm ora-lm ora-lm

Essbase Arbor Software Hybrid Encryption Protocol Hybrid Encryption Protocol Zion Software License Manager Zion Software License Manager Satellite-data Acquisition System 1 Satellite-data Acquisition System 1 mloadd monitoring tool mloadd monitoring tool Informatik License Manager Informatik License Manager Hypercom NMS Hypercom NMS Hypercom TPDU Hypercom TPDU Reverse Gossip Transport Reverse Gossip Transport Blueberry Software License Manager Blueberry Software License Manager Microsoft-SQL-Server Microsoft-SQL-Server Microsoft-SQL-Monitor Microsoft-SQL-Monitor IBM CICS IBM CICS Satellite-data Acquisition System 2 Satellite-data Acquisition System 2 Tabula Tabula Eicon Security Agent Server Eicon Security Agent Server Eicon X25 SNA Gateway Eicon X25 SNA Gateway Eicon Service Location Protocol Eicon Service Location Protocol Cadis License Management Cadis License Management [trojan] Remote Storm Cadis License Management Cadis License Management Integrated Engineering Software Integrated Engineering Software Marcam License Management Marcam License Management Proxima License Manager Proxima License Manager Optical Research Associates License Optical Research Associates License

1447 tcp 1447 udp 1448 tcp 1448 udp 1449 tcp 1449 udp 1450 tcp 1450 udp 1451 tcp 1451 udp 1452 tcp Man 1452 udp Man 1453 tcp 1453 udp 1454 tcp 1454 udp 1455 tcp 1455 udp 1456 tcp 1456 udp 1457 tcp 1457 udp 1458 tcp 1458 udp 1459 tcp 1459 udp 1460 tcp 1460 udp 1461 tcp 1461 udp 1462 tcp 1462 udp 1463 tcp 1463 udp 1464 tcp 1464 udp 1465 tcp 1465 udp 1466 tcp 1466 udp 1467 tcp 1467 udp 1468 tcp 1468 udp 1469 tcp Manager 1469 udp Manager

apri-lm apri-lm oc-lm oc-lm peport peport dwf dwf infoman infoman gtegsc-lm gtegsc-lm

Applied Parallel Research LM Applied Parallel Research LM OpenConnect License Manager OpenConnect License Manager PEport PEport Tandem Distributed Workbench Facility Tandem Distributed Workbench Facility IBM Information Management IBM Information Management GTE Government Systems License GTE Government Systems License

genie-lm Genie License Manager genie-lm Genie License Manager interhdl_elmd interHDL License Manager interhdl_elmd interHDL License Manager esl-lm ESL License Manager esl-lm ESL License Manager dca DCA dca DCA valisys-lm Valisys License Manager valisys-lm Valisys License Manager nrcabq-lm Nichols Research Corp. nrcabq-lm Nichols Research Corp. proshare1 Proshare Notebook Application proshare1 Proshare Notebook Application proshare2 Proshare Notebook Application proshare2 Proshare Notebook Application ibm_wrless_lan IBM Wireless LAN ibm_wrless_lan IBM Wireless LAN world-lm World License Manager world-lm World License Manager nucleus Nucleus nucleus Nucleus msl_lmd MSL License Manager msl_lmd MSL License Manager pipes Pipes Platform pipes Pipes Platform oceansoft-lm Ocean Software License Manager oceansoft-lm Ocean Software License Manager csdmbase CSDMBASE csdmbase CSDMBASE csdm CSDM csdm CSDM aal-lm Active Analysis Limited License aal-lm Active Analysis Limited License

1470 tcp 1470 udp 1471 tcp 1471 udp 1472 tcp 1472 udp 1473 tcp 1473 udp 1474 tcp 1474 udp 1475 tcp 1475 udp 1476 tcp 1476 udp 1477 tcp 1477 udp 1478 tcp 1478 udp 1479 tcp 1479 udp 1480 tcp 1480 udp 1481 tcp 1481 udp 1482 tcp 1482 udp 1483 tcp 1483 udp 1484 tcp 1484 udp 1485 tcp 1485 udp 1486 tcp 1486 udp 1487 tcp 1487 udp 1488 tcp 1488 udp 1489 tcp 1489 udp 1490 tcp 1490 udp 1491 tcp 1491 udp 1492 tcp 1492 udp 1492 tcp 1493 tcp 1493 udp 1494 tcp

uaiact Universal Analytics uaiact Universal Analytics csdmbase CSDMBASE csdmbase CSDMBASE csdm CSDM csdm CSDM openmath OpenMath openmath OpenMath telefinder Telefinder telefinder Telefinder taligent-lm Taligent License Manager taligent-lm Taligent License Manager clvm-cfg clvm-cfg clvm-cfg clvm-cfg ms-sna-server ms-sna-server ms-sna-server ms-sna-server ms-sna-base ms-sna-base ms-sna-base ms-sna-base dberegister dberegister dberegister dberegister pacerforum PacerForum pacerforum PacerForum airs AIRS airs AIRS miteksys-lm Miteksys License Manager miteksys-lm Miteksys License Manager afs AFS License Manager afs AFS License Manager confluent Confluent License Manager confluent Confluent License Manager lansource LANSource lansource LANSource nms_topo_serv nms_topo_serv nms_topo_serv nms_topo_serv localinfosrvr LocalInfoSrvr localinfosrvr LocalInfoSrvr docstor DocStor docstor DocStor dmdocbroker dmdocbroker dmdocbroker dmdocbroker insitu-conf insitu-conf insitu-conf insitu-conf anynetgateway anynetgateway anynetgateway anynetgateway stone-design-1 stone-design-1 stone-design-1 stone-design-1 FTP99CMP [trojan] FTP99CMP netmap_lm netmap_lm netmap_lm netmap_lm citrix-ica ica

1494 udp 1494 tcp 1495 tcp 1495 udp 1496 tcp 1496 udp 1497 tcp 1497 udp 1498 tcp 1498 udp 1498 tcp 1498 udp 1499 tcp 1499 udp 1500 tcp 1500 udp 1501 tcp 1501 udp 1502 tcp 1502 udp 1503 tcp 1503 tcp 1503 udp 1504 tcp Manager 1504 udp Manager 1505 tcp 1505 udp 1506 tcp 1506 udp 1507 tcp 1507 udp 1508 tcp 1508 udp 1509 tcp 1509 udp 1509 tcp 1510 tcp Man. 1510 udp Man. 1511 tcp 1511 udp 1512 tcp Service 1512 udp Service 1513 tcp Inc

citrix-ica ica winframe WinFrame server cvc cvc cvc cvc liberty-lm liberty-lm liberty-lm liberty-lm rfx-lm rfx-lm rfx-lm rfx-lm sybase-sqlany Sybase SQL Any sybase-sqlany Sybase SQL Any watcom-sql watcom-sql watcom-sql watcom-sql fhc Federico Heinz Consultora fhc Federico Heinz Consultora vlsi-lm VLSI License Manager vlsi-lm VLSI License Manager saiscm Satellite-data Acquisition System 3 saiscm Satellite-data Acquisition System 3 shivadiscovery Shiva shivadiscovery Shiva imtc-mcs Databeam Netmeeting Microsoft Netmeeting imtc-mcs Databeam evb-elm EVB Software Engineering License evb-elm EVB Software Engineering License

funkproxy Funk Software Inc. funkproxy Funk Software Inc. utcd Universal Time daemon (utcd) utcd Universal Time daemon (utcd) symplex symplex symplex symplex diagmond diagmond diagmond diagmond robcad-lm Robcad Ltd. License Manager robcad-lm Robcad Ltd. License Manager PsyberStreamingServer [trojan] Psyber StreamingServer mvx-lm Midland Valley Exploration Ltd. Lic. mvx-lm 3l-l1 3l-l1 wins wins fujitsu-dtc Midland Valley Exploration Ltd. Lic. 3l-l1 3l-l1 Microsoft's Windows Internet Name Microsoft's Windows Internet Name Fujitsu Systems Business of America

1513 udp Inc 1514 tcp Inc 1514 udp Inc 1515 tcp 1515 udp 1516 tcp 1516 udp 1517 tcp 1517 udp 1518 tcp 1518 udp 1519 tcp 1519 udp 1520 tcp 1520 udp 1521 tcp 1521 tcp 1521 tcp 1521 udp 1522 tcp Manager 1522 udp Manager 1523 tcp 1523 udp 1524 tcp 1524 udp 1524 tcp 1525 tcp 1525 tcp 1525 udp 1525 udp 1526 tcp 1526 udp 1527 tcp 1527 udp 1528 tcp 1528 udp 1529 tcp 1529 tcp 1529 udp 1530 tcp 1530 udp 1531 tcp 1531 udp 1532 tcp 1532 udp

fujitsu-dtc fujitsu-dtcns fujitsu-dtcns

Fujitsu Systems Business of America Fujitsu Systems Business of America Fujitsu Systems Business of America

ifor-protocol ifor-protocol ifor-protocol ifor-protocol vpad Virtual Places Audio data vpad Virtual Places Audio data vpac Virtual Places Audio control vpac Virtual Places Audio control vpvd Virtual Places Video data vpvd Virtual Places Video data vpvc Virtual Places Video control vpvc Virtual Places Video control atm-zip-office atm zip office atm-zip-office atm zip office ncube-lm nCube License Manager oracle Oracle 8 SQL (default) oracle-tns TNS Listener ncube-lm nCube License Manager ricardo-lm Ricardo North America License ricardo-lm cichild-lm cichild-lm ingreslock ingreslock Trinoo orasrv prospero-np prospero-np orasrv pdap-np pdap-np tlisrv tlisrv mciautoreg mciautoreg support coauthor coauthor rap-service rap-service rap-listen rap-listen miroconnect miroconnect Ricardo North America License cichild-lm cichild-lm ingres ingres [trojan] Trinoo oracle Prospero Directory Service non-priv Prospero Directory Service non-priv oracle Prospero Data Access Prot non-priv Prospero Data Access Prot non-priv oracle oracle mciautoreg mciautoreg prmsd gnatsd cygnus bug tracker oracle oracle rap-service rap-service rap-listen rap-listen microconnect microconnect

1533 tcp virtual-places 1533 udp virtual-places 1534 tcp micromuse-lm 1534 udp micromuse-lm 1535 tcp ampr-info 1535 udp ampr-info 1536 tcp ampr-inter 1536 udp ampr-inter 1536 tcp W32bckdr Windows backdoor 1537 tcp sdsc-lm 1537 udp sdsc-lm 1538 tcp 3ds-lm 1538 udp 3ds-lm 1539 tcp intellistor-lm 1539 udp intellistor-lm 1540 tcp rds 1540 udp rds 1541 tcp rds2 1541 udp rds2 1542 tcp gridgen-elmd 1542 udp gridgen-elmd 1543 tcp simba-cs 1543 udp simba-cs 1544 tcp aspeclmd 1544 udp aspeclmd 1545 tcp vistium-share 1545 udp vistium-share 1546 tcp abbaccuray 1546 udp abbaccuray 1547 tcp laplink 1547 udp laplink 1548 tcp axon-lm 1548 udp axon-lm 1549 tcp shivahose 1549 udp shivasound 1550 tcp 3m-image-lm Company 1550 udp 3m-image-lm Company 1551 tcp hecmtl-db 1551 udp hecmtl-db 1552 tcp pciarray 1552 udp pciarray 1553 tcp sna-cs 1553 udp sna-cs 1554 tcp caci-lm Manager 1554 udp caci-lm Manager

Virtual Places Software Virtual Places Software micromuse-lm micromuse-lm ampr-info ampr-info ampr-inter ampr-inter W32bckdr -Open

Source

isi-lm isi-lm 3ds-lm 3ds-lm Intellistor License Manager Intellistor License Manager rds rds rds2 rds2 gridgen-elmd gridgen-elmd simba-cs simba-cs aspeclmd aspeclmd vistium-share vistium-share abbaccuray abbaccuray laplink laplink Axon License Manager Axon License Manager Shiva Hose Shiva Sound Image Storage license manager 3M Image Storage license manager 3M HECMTL-DB HECMTL-DB pciarray pciarray sna-cs sna-cs CACI Products Company License CACI Products Company License

1555 tcp 1555 udp 1556 tcp 1556 udp 1557 tcp 1557 udp 1558 tcp 1558 udp 1559 tcp 1559 udp 1560 tcp 1560 udp 1561 tcp 1561 udp 1562 tcp 1562 udp 1563 tcp 1563 udp 1564 tcp 1564 udp 1565 tcp 1565 udp 1566 tcp 1566 udp 1567 tcp 1567 udp 1568 tcp 1568 udp 1568 tcp 1569 tcp 1569 udp 1570 tcp 1570 udp 1571 tcp 1571 udp 1572 tcp 1572 udp 1573 tcp 1573 udp 1574 tcp 1574 udp 1575 tcp 1575 udp 1576 tcp 1576 udp 1577 tcp 1577 udp 1578 tcp 1578 udp 1579 tcp

livelan livelan livelan livelan ashwin AshWin CI Tecnologies ashwin AshWin CI Tecnologies arbortext-lm ArborText License Manager arbortext-lm ArborText License Manager xingmpeg xingmpeg xingmpeg xingmpeg web2host web2host web2host web2host asci-val asci-val asci-val asci-val facilityview facilityview facilityview facilityview pconnectmgr pconnectmgr pconnectmgr pconnectmgr cadabra-lm Cadabra License Manager cadabra-lm Cadabra License Manager pay-per-view Pay-Per-View pay-per-view Pay-Per-View winddlb WinDD winddlb WinDD corelvideo CORELVIDEO corelvideo CORELVIDEO jlicelmd jlicelmd jlicelmd jlicelmd tsspmap tsspmap tsspmap tsspmap RemoteHack [trojan] Remote Hack ets ets ets ets orbixd Orbix orbixd Orbix rdb-dbs-disp Oracle Remote Data Base rdb-dbs-disp Oracle Remote Data Base chip-lm Chipcom License Manager chip-lm Chipcom License Manager itscomm-ns itscomm-ns itscomm-ns itscomm-ns mvel-lm mvel-lm mvel-lm mvel-lm oraclenames oraclenames oraclenames oraclenames moldflow-lm moldflow-lm moldflow-lm moldflow-lm hypercube-lm hypercube-lm hypercube-lm hypercube-lm jacobus-lm Jacobus License Manager jacobus-lm Jacobus License Manager ioc-sea-lm ioc-sea-lm

1579 udp 1580 tcp 1580 udp 1581 tcp 1581 udp 1582 tcp 1582 udp 1583 tcp 1583 udp 1584 tcp 1584 udp 1585 tcp 1585 udp 1586 tcp 1586 udp 1587 tcp 1587 udp 1588 tcp 1588 udp 1589 tcp 1589 udp 1590 tcp 1590 udp 1591 tcp 1591 udp 1592 tcp 1592 udp 1593 tcp 1593 udp 1594 tcp 1594 udp 1595 tcp 1595 udp 1596 tcp 1596 udp 1597 tcp 1597 udp 1598 tcp 1598 udp 1599 tcp 1599 udp 1600 tcp 1600 udp 1600 tcp 1600 tcp 1601 tcp 1601 udp 1602 tcp 1602 udp 1603 tcp

ioc-sea-lm ioc-sea-lm tn-tl-r1 tn-tl-r1 tn-tl-r2 tn-tl-r2 mil-2045-47001 MIL-2045-47001 mil-2045-47001 MIL-2045-47001 msims MSIMS msims MSIMS simbaexpress simbaexpress simbaexpress simbaexpress tn-tl-fd2 tn-tl-fd2 tn-tl-fd2 tn-tl-fd2 intv intv intv intv ibm-abtact ibm-abtact ibm-abtact ibm-abtact pra_elmd pra_elmd pra_elmd pra_elmd triquest-lm triquest-lm triquest-lm triquest-lm vqp VQP vqp VQP gemini-lm gemini-lm gemini-lm gemini-lm ncpm-pm ncpm-pm ncpm-pm ncpm-pm commonspace commonspace commonspace commonspace mainsoft-lm mainsoft-lm mainsoft-lm mainsoft-lm sixtrak sixtrak sixtrak sixtrak radio radio radio radio radio-sm radio-sm radio-bc radio-bc orbplus-iiop orbplus-iiop orbplus-iiop orbplus-iiop picknfs picknfs picknfs picknfs simbaservices simbaservices simbaservices simbaservices issd issd issd issd DirectConnection [trojan] Direct Connection ShivkaBurka [trojan] Shivka-Burka aas aas aas aas inspect inspect inspect inspect picodbc pickodbc

1603 1604 1604 1605 1605 1606 1606 1607 1607 1608 1608 1609 1609 1610 1610 1611 1611 1612 1612 1613 1613 1614 1614 1615 1615 1616 1616 1617 1617 1618 1618 1619 1619 1620 1620 1621 1621 1622 1622 1623 1623 1624 1624 1625 1625 1626 1626 1627 1627 1628

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

picodbc pickodbc icabrowser icabrowser icabrowser icabrowser slp Salutation Manager (Salutation Protocol) slp Salutation Manager (Salutation Protocol) slm-api Salutation Manager (SLM-API) slm-api Salutation Manager (SLM-API) stt stt stt stt smart-lm Smart Corp. License Manager smart-lm Smart Corp. License Manager isysg-lm isysg-lm isysg-lm isysg-lm taurus-wh taurus-wh taurus-wh taurus-wh ill Inter Library Loan ill Inter Library Loan netbill-trans NetBill Transaction Server netbill-trans NetBill Transaction Server netbill-keyrep NetBill Key Repository netbill-keyrep NetBill Key Repository netbill-cred NetBill Credential Server netbill-cred NetBill Credential Server netbill-auth NetBill Authorization Server netbill-auth NetBill Authorization Server netbill-prod NetBill Product Server netbill-prod NetBill Product Server nimrod-agent Nimrod Inter-Agent Communication nimrod-agent Nimrod Inter-Agent Communication skytelnet skytelnet skytelnet skytelnet xs-openstorage xs-openstorage xs-openstorage xs-openstorage faxportwinport faxportwinport faxportwinport faxportwinport softdataphone softdataphone softdataphone softdataphone ontime ontime ontime ontime jaleosnd jaleosnd jaleosnd jaleosnd udp-sr-port udp-sr-port udp-sr-port udp-sr-port svs-omagent svs-omagent svs-omagent svs-omagent shockwave Shockwave shockwave Shockwave t128-gateway T.128 Gateway t128-gateway T.128 Gateway lontalk-norm LonTalk normal

1628 1629 1629 1630 1630 1631 1631 1632 1632 1633 1633 1634 1634 1635 1635 1636 1636 1637 1637 1638 1638 1639 1639 1640 1640 1641 1641 1642 1642 1643 1643 1644 1645 1645 1645 1646 1646 1646 1647 1647 1648 1648 1649 1649 1650 1650 1651 1651 1652 1652

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp udp tcp udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

lontalk-norm LonTalk normal lontalk-urgnt LonTalk urgent lontalk-urgnt LonTalk urgent oraclenet8cman Oracle Net8 Cman oraclenet8cman Oracle Net8 Cman visitview Visit view visitview Visit view pammratc PAMMRATC pammratc PAMMRATC pammrpc PAMMRPC pammrpc PAMMRPC loaprobe Log On America Probe loaprobe Log On America Probe edb-server1 EDB Server 1 edb-server1 EDB Server 1 cncp CableNet Control Protocol cncp CableNet Control Protocol cnap CableNet Admin Protocol cnap CableNet Admin Protocol cnip CableNet Info Protocol cnip CableNet Info Protocol cert-initiator cert-initiator cert-initiator cert-initiator cert-responder cert-responder cert-responder cert-responder invision InVision invision InVision isis-am isis-am isis-am isis-am isis-ambc isis-ambc isis-ambc isis-ambc saiseh Satellite-data Acquisition System 4 datametrics datametrics datametrics datametrics radius radius authentication sa-msg-port sa-msg-port radacct radius accounting sa-msg-port sa-msg-port rsap rsap rsap rsap concurrent-lm concurrent-lm concurrent-lm concurrent-lm kermit kermit kermit kermit nkd nkd nkd nkd shiva_confsrvr shiva_confsrvr shiva_confsrvr shiva_confsrvr xnmp xnmp xnmp xnmp

1653 1653 1654 1654 1655 1655 1656 1656 1657 1657 1658 1658 1659 1659 1660 1660 1661 1661 1662 1662 1663 1663 1664 1664 1665 1665 1666 1666 1667 1667 1668 1668 1669 1669 1670 1670 1671 1671 1672 1672 1673 1673 1674 1674 1675 1675 1676 1676 1677 1677

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

alphatech-lm alphatech-lm alphatech-lm alphatech-lm stargatealerts stargatealerts stargatealerts stargatealerts dec-mbadmin dec-mbadmin dec-mbadmin dec-mbadmin dec-mbadmin-h dec-mbadmin-h dec-mbadmin-h dec-mbadmin-h fujitsu-mmpdc fujitsu-mmpdc fujitsu-mmpdc fujitsu-mmpdc sixnetudr sixnetudr sixnetudr sixnetudr sg-lm Silicon Grail License Manager sg-lm Silicon Grail License Manager skip-mc-gikreq skip-mc-gikreq skip-mc-gikreq skip-mc-gikreq netview-aix-1 netview-aix-1 netview-aix-1 netview-aix-1 netview-aix-2 netview-aix-2 netview-aix-2 netview-aix-2 netview-aix-3 netview-aix-3 netview-aix-3 netview-aix-3 netview-aix-4 netview-aix-4 netview-aix-4 netview-aix-4 netview-aix-5 netview-aix-5 netview-aix-5 netview-aix-5 netview-aix-6 netview-aix-6 netview-aix-6 netview-aix-6 netview-aix-7 netview-aix-7 netview-aix-7 netview-aix-7 netview-aix-8 netview-aix-8 netview-aix-8 netview-aix-8 netview-aix-9 netview-aix-9 netview-aix-9 netview-aix-9 netview-aix-10 netview-aix-10 netview-aix-10 netview-aix-10 netview-aix-11 netview-aix-11 netview-aix-11 netview-aix-11 netview-aix-12 netview-aix-12 netview-aix-12 netview-aix-12 proshare-mc-1 Intel Proshare Multicast proshare-mc-1 Intel Proshare Multicast proshare-mc-2 Intel Proshare Multicast proshare-mc-2 Intel Proshare Multicast pdp Pacific Data Products pdp Pacific Data Products netcomm1 netcomm1 netcomm2 netcomm2 groupwise groupwise groupwise groupwise

1678 1678 1679 1679 1680 1680 1680 1681 1681 1682 1682 1683 1683 1684 1684 1685 1685 1686 1686 1687 1687 1688 1688 1689 1689 1690 1690 1691 1691 1692 1692 1693 1693 1694 1694 1695 1695 1696 1696 1697 1697 1698 1698 1699 1699 1700 1700 1701 1701 1702

tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

prolink prolink prolink prolink darcorp-lm darcorp-lm darcorp-lm darcorp-lm carboncopy Carbon Copy microcom-sbp microcom-sbp microcom-sbp microcom-sbp sd-elmd sd-elmd sd-elmd sd-elmd lanyon-lantern lanyon-lantern lanyon-lantern lanyon-lantern ncpm-hip ncpm-hip ncpm-hip ncpm-hip snaresecure SnareSecure snaresecure SnareSecure n2nremote n2nremote n2nremote n2nremote cvmon cvmon cvmon cvmon nsjtp-ctrl nsjtp-ctrl nsjtp-ctrl nsjtp-ctrl nsjtp-data nsjtp-data nsjtp-data nsjtp-data firefox firefox firefox firefox ng-umds ng-umds ng-umds ng-umds empire-empuma empire-empuma empire-empuma empire-empuma sstsys-lm sstsys-lm sstsys-lm sstsys-lm rrirtr rrirtr rrirtr rrirtr rrimwm rrimwm rrimwm rrimwm rrilwm rrilwm rrilwm rrilwm rrifmm rrifmm rrifmm rrifmm rrisat rrisat rrisat rrisat rsvp-encap-1 RSVP-ENCAPSULATION-1 rsvp-encap-1 RSVP-ENCAPSULATION-1 rsvp-encap-2 RSVP-ENCAPSULATION-2 rsvp-encap-2 RSVP-ENCAPSULATION-2 mps-raft mps-raft mps-raft mps-raft l2f l2f l2f l2f deskshare deskshare

1702 udp deskshare deskshare 1703 tcp Exploiter [trojan] Exploiter 1703 tcp hb-engine hb-engine 1703 udp hb-engine hb-engine 1704 tcp bcs-broker bcs-broker 1704 udp bcs-broker bcs-broker 1705 tcp slingshot slingshot 1705 udp slingshot slingshot 1706 tcp jetform jetform 1706 udp jetform jetform 1707 tcp vdmplay vdmplay 1707 udp vdmplay vdmplay 1708 tcp gat-lmd gat-lmd 1708 udp gat-lmd gat-lmd 1709 tcp centra centra 1709 udp centra centra 1710 tcp impera impera 1710 udp impera impera 1711 tcp pptconference pptconference 1711 udp pptconference pptconference 1712 tcp registrar resource monitoring service 1712 udp registrar resource monitoring service 1713 tcp conferencetalk ConferenceTalk 1713 udp conferencetalk ConferenceTalk 1714 tcp sesi-lm sesi-lm 1714 udp sesi-lm sesi-lm 1715 tcp houdini-lm houdini-lm 1715 udp houdini-lm houdini-lm 1716 tcp xmsg xmsg 1716 udp xmsg xmsg 1717 tcp fj-hdnet fj-hdnet 1717 udp fj-hdnet fj-hdnet 1717 udp convoy Convoy MSCS Windows Load Balancing Service 1718 tcp h323gatedisc h323gatedisc 1718 udp h323gatedisc h323gatedisc 1719 tcp h323gatestat h323gatestat 1719 udp h323gatestat h323gatestat 1720 tcp h323hostcall h323hostcall 1720 udp h323hostcall h323hostcall 1721 tcp caicci caicci 1721 udp caicci caicci 1722 tcp hks-lm HKS License Manager 1722 udp hks-lm HKS License Manager 1723 tcp pptp Point-to-point tunnelling protocol 1723 udp pptp pptp 1724 tcp csbphonemaster csbphonemaster 1724 udp csbphonemaster csbphonemaster 1725 tcp iden-ralp iden-ralp 1725 udp iden-ralp iden-ralp

1726 tcp iberiagames IBERIAGAMES 1726 udp iberiagames IBERIAGAMES 1727 tcp winddx winddx 1727 udp winddx winddx 1728 tcp telindus TELINDUS 1728 udp telindus TELINDUS 1729 tcp citynl CityNL License Management 1729 udp citynl CityNL License Management 1730 tcp roketz roketz 1730 udp roketz roketz 1731 tcp msiccp MSICCP 1731 udp msiccp MSICCP 1732 tcp proxim proxim 1732 udp proxim proxim 1733 tcp siipat SIMS - SIIPAT Protocol for Alarm Transmission 1733 udp siipat SIMS - SIIPAT Protocol for Alarm Transmission 1734 tcp cambertx-lm Camber Corporation License Management 1734 udp cambertx-lm Camber Corporation License Management 1735 tcp privatechat PrivateChat 1735 udp privatechat PrivateChat 1736 tcp street-stream street-stream 1736 udp street-stream street-stream 1737 tcp ultimad ultimad 1737 udp ultimad ultimad 1738 tcp gamegen1 GameGen1 1738 udp gamegen1 GameGen1 1739 tcp webaccess webaccess 1739 udp webaccess webaccess 1740 tcp encore encore 1740 udp encore encore 1741 tcp cisco-net-mgmt cisco-net-mgmt 1741 udp cisco-net-mgmt cisco-net-mgmt 1742 tcp 3Com-nsd 3Com-nsd 1742 udp 3Com-nsd 3Com-nsd 1743 tcp cinegrfx-lm Cinema Graphics License Manager 1743 udp cinegrfx-lm Cinema Graphics License Manager 1744 tcp ncpm-ft ncpm-ft 1744 udp ncpm-ft ncpm-ft 1745 tcp remote-winsock remote-winsock 1745 udp remote-winsock remote-winsock 1746 tcp ftrapid-1 ftrapid-1 1746 udp ftrapid-1 ftrapid-1 1747 tcp ftrapid-2 ftrapid-2 1747 udp ftrapid-2 ftrapid-2 1748 tcp oracle-em1 oracle-em1 1748 udp oracle-em1 oracle-em1

1749 tcp aspen-services aspen-services 1749 udp aspen-services aspen-services 1750 tcp sslp Simple Socket Library's PortMaster 1750 udp sslp Simple Socket Library's PortMaster 1751 tcp swiftnet SwiftNet 1751 udp swiftnet SwiftNet 1752 tcp lofr-lm Leap of Faith Research License Manager 1752 udp lofr-lm Leap of Faith Research License Manager 1753 tcp translogic-lm Translogic License Manager 1753 udp translogic-lm Translogic License Manager 1754 tcp oracle-em2 oracle-em2 1754 udp oracle-em2 oracle-em2 1755 tcp ms-streaming NetShow (MS streaming) 1755 udp ms-streaming NetShow (MS streaming) 1756 tcp capfast-lmd capfast-lmd 1756 udp capfast-lmd capfast-lmd 1757 tcp cnhrp cnhrp 1757 udp cnhrp cnhrp 1758 tcp tftp-mcast tftp-mcast 1758 udp tftp-mcast tftp-mcast 1759 tcp spss-lm SPSS License Manager 1759 udp spss-lm SPSS License Manager 1760 tcp www-ldap-gw www-ldap-gw 1760 udp www-ldap-gw www-ldap-gw 1761 tcp sms Microsoft System Management Server (rights verification; remote reboot and execute) 1761 tcp cft-0 cft-0 1761 udp cft-0 cft-0 1762 tcp sms Microsoft System Management Server (remote control) 1762 tcp cft-1 cft-1 1762 udp cft-1 cft-1 1763 tcp sms Microsoft System Management Server (remote chat) 1763 tcp cft-2 cft-2 1763 udp cft-2 cft-2 1764 tcp sms Microsoft System Management Server (file transfer) 1764 tcp cft-3 cft-3 1764 udp cft-3 cft-3 1765 tcp cft-4 cft-4 1765 udp cft-4 cft-4 1766 tcp cft-5 cft-5 1766 udp cft-5 cft-6 1767 udp cft-6 cft-6 1768 tcp cft-7 cft-7 1768 udp cft-7 cft-7 1769 tcp bmc-net-adm bmc-net-adm 1769 udp bmc-net-adm bmc-net-adm

1770 tcp bmc-net-svc 1770 udp bmc-net-svc 1771 tcp vaultbase 1771 udp vaultbase 1772 tcp essweb-gw 1772 udp essweb-gw 1773 tcp kmscontrol 1773 udp kmscontrol 1774 tcp global-dtserv 1774 udp global-dtserv 1776 tcp femis Information System 1776 udp femis Information System 1777 tcp powerguardian 1777 udp powerguardian 1777 tcp Scarab 1778 tcp prodigy-intrnet 1778 udp prodigy-intrnet 1779 tcp pharmasoft 1779 udp pharmasoft 1780 tcp dpkeyserv 1780 udp dpkeyserv 1781 tcp answersoft-lm 1781 udp answersoft-lm 1782 tcp hp-hcip 1782 udp hp-hcip 1784 tcp finle-lm 1784 udp finle-lm 1785 tcp windlm 1785 udp windlm 1786 tcp funk-logger 1786 udp funk-logger 1787 tcp funk-license 1787 udp funk-license 1788 tcp psmond 1788 udp psmond 1789 tcp hello 1789 udp hello 1790 tcp nmsp 1790 udp nmsp 1791 tcp ea1 1791 udp ea1 1792 tcp ibm-dt-2 1792 udp ibm-dt-2 1793 tcp rsc-robot 1793 udp rsc-robot 1794 tcp cera-bcm 1794 udp cera-bcm 1795 tcp dpi-proxy

bmc-net-svc bmc-net-svc vaultbase vaultbase EssWeb Gateway EssWeb Gateway KMSControl KMSControl global-dtserv global-dtserv Federal Emergency Management Federal Emergency Management powerguardian powerguardian [trojan] Scarab prodigy-internet prodigy-internet pharmasoft pharmasoft dpkeyserv dpkeyserv answersoft-lm answersoft-lm hp-hcip hp-hcip Finle License Manager Finle License Manager Wind River Systems License Manager Wind River Systems License Manager funk-logger funk-logger funk-license funk-license psmond psmond hello hello Narrative Media Streaming Protocol Narrative Media Streaming Protocol EA1 EA1 ibm-dt-2 ibm-dt-2 rsc-robot rsc-robot cera-bcm cera-bcm dpi-proxy

1795 1796 1796 1797 1797 1798 1798 1799 1799 1800 1800 1801 1801 1802 1802 1803 1803 1804 1804 1805 1805 1806 1806 1807 1807 1807 1808 1808 1809 1809 1810 1810 1811 1811 1812 1812 1813 1813 2139) 1814 1814 1815 1815 1816 1816 1817 1817 1818 1818 1819

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

dpi-proxy dpi-proxy vocaltec-admin Vocaltec Server Administration vocaltec-admin Vocaltec Server Administration uma UMA uma UMA etp Event Transfer Protocol etp Event Transfer Protocol netrisk NETRISK netrisk NETRISK ansys-lm ANSYS-License manager ansys-lm ANSYS-License manager msmq Microsoft Message Que msmq Microsoft Message Que concomp1 ConComp1 concomp1 ConComp1 hp-hcip-gwy HP-HCIP-GWY hp-hcip-gwy HP-HCIP-GWY enl ENL enl ENL enl-name ENL-Name enl-name ENL-Name musiconline Musiconline musiconline Musiconline fhsp Fujitsu Hot Standby Protocol fhsp Fujitsu Hot Standby Protocol SpySender [trojan] SpySender oracle-vp2 Oracle-VP2 oracle-vp2 Oracle-VP2 oracle-vp1 Oracle-VP1 oracle-vp1 Oracle-VP1 jerand-lm Jerand License Manager jerand-lm Jerand License Manager scientia-sdb Scientia-SDB scientia-sdb Scientia-SDB radius RADIUS radius RADIUS radius-acct RADIUS Accounting radacct RADIUS accounting protocol (RFC tdp-suite tdp-suite mmpft mmpft harp harp rkb-oscs rkb-oscs etftp etftp plato-lm TDP Suite TDP Suite MMPFT MMPFT HARP HARP RKB-OSCS RKB-OSCS Enhanced Trivial File Transfer Protocol Enhanced Trivial File Transfer Protocol Plato License Manager

1819 udp plato-lm 1820 tcp mcagent 1820 udp mcagent 1821 tcp donnyworld 1821 udp donnyworld 1822 tcp es-elmd 1822 udp es-elmd 1823 tcp unisys-lm Manager 1823 udp unisys-lm Manager 1824 tcp metrics-pas 1824 udp metrics-pas 1825 tcp direcpc-video 1825 udp direcpc-video 1826 tcp ardt 1826 udp ardt 1826 tcp Glacier 1827 tcp asi 1827 udp asi 1827 tcp pcm Compliance Manager 1828 tcp itm-mcell-u 1828 udp itm-mcell-u 1829 tcp optika-emedia 1829 udp optika-emedia 1830 tcp net8-cman 1830 udp net8-cman 1831 tcp myrtle 1831 udp myrtle 1832 tcp tht-treasure 1832 udp tht-treasure 1833 tcp udpradio 1833 udp udpradio 1834 tcp ardusuni 1834 udp ardusuni 1835 tcp ardusmul 1835 udp ardusmul 1836 tcp ste-smsc 1836 udp ste-smsc 1837 tcp csoft1 1837 udp csoft1 1838 tcp talnet 1838 udp talnet 1839 tcp netopia-vo1 1839 udp netopia-vo1 1840 tcp netopia-vo2 1840 udp netopia-vo2 1841 tcp netopia-vo3 1841 udp netopia-vo3

Plato License Manager mcagent mcagent donnyworld donnyworld es-elmd es-elmd Unisys Natural Language License Unisys Natural Language License metrics-pas metrics-pas DirecPC Video DirecPC Video ARDT ARDT [trojan] Glacier ASI ASI PCM Agent (AutoSecure Policy itm-mcell-u itm-mcell-u Optika eMedia Optika eMedia Oracle Net8 CMan Admin Oracle Net8 CMan Admin Myrtle Myrtle ThoughtTreasure ThoughtTreasure udpradio udpradio ARDUS Unicast ARDUS Unicast ARDUS Multicast ARDUS Multicast ste-smsc ste-smsc csoft1 csoft1 TALNET TALNET netopia-vo1 netopia-vo1 netopia-vo2 netopia-vo2 netopia-vo3 netopia-vo3

1842 tcp 1842 udp 1843 tcp 1843 udp 1844 tcp 1844 udp 1844 tcp 1844 udp 1845 tcp 1845 udp 1846 tcp 1846 udp 1847 tcp 1847 udp 1848 tcp 1848 udp 1849 tcp 1849 udp 1850 tcp 1850 udp 1851 tcp 1851 udp 1852 tcp 1852 udp 1853 tcp 1853 udp 1854 tcp 1854 udp 1855 tcp 1855 udp 1856 tcp 1856 udp 1857 tcp 1857 udp 1858 tcp 1858 udp 1859 tcp 1859 udp 1860 tcp 1860 udp 1861 tcp 1861 udp 1862 tcp 1862 udp 1863 tcp 1863 udp 1864 tcp 1864 udp 1865 tcp 1865 udp

netopia-vo4 netopia-vo4 netopia-vo4 netopia-vo4 netopia-vo5 netopia-vo5 netopia-vo5 netopia-vo5 direcpc-dll DirecPC-DLL direcpc-dll DirecPC-DLL tbroker HPUX Task Broker Service tbroker HPUX Task Broker Service altalink altalink altalink altalink tunstall-pnc Tunstall PNC tunstall-pnc Tunstall PNC slp-notify SLP Notification slp-notify SLP Notification fjdocdist fjdocdist fjdocdist fjdocdist alpha-sms ALPHA-SMS alpha-sms ALPHA-SMS gsi GSI gsi GSI ctcd ctcd ctcd ctcd virtual-time Virtual Time virtual-time Virtual Time vids-avtp VIDS-AVTP vids-avtp VIDS-AVTP buddy-draw Buddy Draw buddy-draw Buddy Draw fiorano-rtrsvc Fiorano RtrSvc fiorano-rtrsvc Fiorano RtrSvc fiorano-msgsvc Fiorano MsgSvc fiorano-msgsvc Fiorano MsgSvc datacaptor DataCaptor datacaptor DataCaptor privateark PrivateArk privateark PrivateArk gammafetchsvr Gamma Fetcher Server gammafetchsvr Gamma Fetcher Server sunscalar-svc SunSCALAR Services sunscalar-svc SunSCALAR Services lecroy-vicp LeCroy VICP lecroy-vicp LeCroy VICP techra-server techra-server techra-server techra-server msnp MSN Messenger Protocol msnp MSN Messenger Protocol paradym-31port Paradym 31 Port paradym-31port Paradym 31 Port entp ENTP entp ENTP

1866 1866 1867 1867 1868 1868 1869 1869 1870 1870 1871 1871 1872 1872 1873 1873 1874 1874 1875 1875 1876 1876 1877 1877 1878 1878 1879 1879 1880 1880 1881 1881 1882 1882 1883 1883 1884 1884 1885 1885 1886 1886 1887 1887 1888 1888 1889 1889 1890 1890

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

swrmi swrmi swrmi swrmi udrive UDRIVE udrive UDRIVE viziblebrowser VizibleBrowser viziblebrowser VizibleBrowser yestrader YesTrader yestrader YesTrader sunscalar-dns SunSCALAR DNS Service sunscalar-dns SunSCALAR DNS Service canocentral0 Cano Central 0 canocentral0 Cano Central 0 canocentral1 Cano Central 1 canocentral1 Cano Central 1 fjmpjps Fjmpjps fjmpjps Fjmpjps fjswapsnp Fjswapsnp fjswapsnp Fjswapsnp westell-stats westell stats westell-stats westell stats ewcappsrv ewcappsrv ewcappsrv ewcappsrv hp-webqosdb hp-webqosdb hp-webqosdb hp-webqosdb drmsmc drmsmc drmsmc drmsmc nettgain-nms NettGain NMS nettgain-nms NettGain NMS vsat-control Gilat VSAT Control vsat-control Gilat VSAT Control ibm-mqseries2 IBM MQSeries ibm-mqseries2 IBM MQSeries ecsqdmn ecsqdmn ecsqdmn ecsqdmn ibm-mqisdp IBM MQSeries SCADA ibm-mqisdp IBM MQSeries SCADA idmaps Internet Distance Map Svc idmaps Internet Distance Map Svc vrtstrapserver Veritas Trap Server vrtstrapserver Veritas Trap Server leoip Leonardo over IP leoip Leonardo over IP filex-lport FileX Listening Port filex-lport FileX Listening Port ncconfig NC Config Port ncconfig NC Config Port unify-adapter Unify Web Adapter Service unify-adapter Unify Web Adapter Service wilkenlistener wilkenListener wilkenlistener wilkenListener

1891 tcp 1891 udp 1892 tcp 1892 udp 1893 tcp 1893 udp 1894 tcp 1894 udp 1896 tcp 1896 udp 1897 tcp 1897 udp 1898 tcp 1898 udp 1899 tcp 1899 udp 1900 tcp 1900 udp 1901 tcp A 1901 udp A 1902 tcp B 1902 udp B 1903 tcp 1903 udp 1904 tcp C 1904 udp C 1905 tcp 1905 udp 1906 tcp 1906 udp 1907 tcp 1907 udp 1908 tcp 1908 udp 1909 tcp 1909 udp 1910 tcp 1910 udp 1911 tcp Protocol 1911 udp Protocol 1912 tcp 1912 udp

childkey-notif ChildKey Notification childkey-notif ChildKey Notification childkey-ctrl ChildKey Control childkey-ctrl ChildKey Control elad ELAD Protocol elad ELAD Protocol o2server-port O2Server Port o2server-port O2Server Port b-novative-ls b-novative license server b-novative-ls b-novative license server metaagent MetaAgent metaagent MetaAgent cymtec-port Cymtec secure management cymtec-port Cymtec secure management mc2studios MC2Studios mc2studios MC2Studios ssdp SSDP ssdp SSDP fjicl-tep-a Fujitsu ICL Terminal Emulator Program fjicl-tep-a fjicl-tep-b fjicl-tep-b linkname linkname fjicl-tep-c fjicl-tep-c sugp sugp tpmd tpmd intrastar intrastar dawn dawn global-wlink global-wlink ultrabac ultrabac mtp mtp rhp-iibp rhp-iibp Fujitsu ICL Terminal Emulator Program Fujitsu ICL Terminal Emulator Program Fujitsu ICL Terminal Emulator Program Local Link Name Resolution Local Link Name Resolution Fujitsu ICL Terminal Emulator Program Fujitsu ICL Terminal Emulator Program Secure UP.Link Gateway Protocol Secure UP.Link Gateway Protocol TPortMapperReq TPortMapperReq IntraSTAR IntraSTAR Dawn Dawn Global World Link Global World Link ultrabac ultrabac Starlight Networks Multimedia Transport Starlight Networks Multimedia Transport rhp-iibp rhp-iibp

1913 1913 1914 1914 1915 1915 1916 1916 1917 1917 1918 1918 1919 1919 1920 1920 1921 1921 1922 1922 1923 1923 1924 1924 1925 1925 1926 1926 1927 1927 1928 1928 1929 1929 1930 1930 1931 1931 1932 1932 1933 1933 1934 1934 1935 1935 1936 1936 1937 1937

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

armadp armadp armadp armadp elm-momentum Elm-Momentum elm-momentum Elm-Momentum facelink FACELINK facelink FACELINK persona Persoft Persona persona Persoft Persona noagent nOAgent noagent nOAgent can-nds Candle Directory Service - NDS can-nds Candle Directory Service - NDS can-dch Candle Directory Service - DCH can-dch Candle Directory Service - DCH can-ferret Candle Directory Service - FERRET can-ferret Candle Directory Service - FERRET noadmin NoAdmin noadmin NoAdmin tapestry Tapestry tapestry Tapestry spice SPICE spice SPICE xiip XIIP xiip XIIP discovery-port Surrogate Discovery Port discovery-port Surrogate Discovery Port egs Evolution Game Server egs Evolution Game Server videte-cipc Videte CIPC Port videte-cipc Videte CIPC Port emsd-port Expnd Maui Srvr Dscovr emsd-port Expnd Maui Srvr Dscovr bandwiz-system Bandwiz System - Server bandwiz-system Bandwiz System - Server driveappserver Drive AppServer driveappserver Drive AppServer amdsched AMD SCHED amdsched AMD SCHED ctt-broker CTT Broker ctt-broker CTT Broker xmapi IBM LM MT Agent xmapi IBM LM MT Agent xaapi IBM LM Appl Agent xaapi IBM LM Appl Agent tincan TinCan tincan TinCan jetcmeserver JetCmeServer Server Port jetcmeserver JetCmeServer Server Port jwserver JetVWay Server Port jwserver JetVWay Server Port

1938 1938 1939 1939 1940 1940 1941 1941 1942 1942 1943 1943 1944 1944 1945 1945 1946 1946 1947 1947 1948 1948 1949 1949 1950 1950 1951 1951 1952 1952 1953 1953 1954 1954 1955 1955 1956 1956 1957 1957 1958 1958 1959 1959 1960 1960 1961 1961 1962 1962

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

jwclient JetVWay Client Port jwclient JetVWay Client Port jvserver JetVision Server Port jvserver JetVision Server Port jvclient JetVision Client Port jvclient JetVision Client Port dic-aida DIC-Aida dic-aida DIC-Aida res Real Enterprise Service res Real Enterprise Service beeyond-media Beeyond Media beeyond-media Beeyond Media close-combat close-combat close-combat close-combat dialogic-elmd dialogic-elmd dialogic-elmd dialogic-elmd tekpls tekpls tekpls tekpls hlserver hlserver hlserver hlserver eye2eye eye2eye eye2eye eye2eye ismaeasdaqlive ISMA Easdaq Live ismaeasdaqlive ISMA Easdaq Live ismaeasdaqtest ISMA Easdaq Test ismaeasdaqtest ISMA Easdaq Test bcs-lmserver bcs-lmserver bcs-lmserver bcs-lmserver mpnjsc mpnjsc mpnjsc mpnjsc rapidbase Rapid Base rapidbase Rapid Base abr-basic ABR-Basic Data abr-basic ABR-Basic Data abr-secure ABR-Secure Data abr-secure ABR-Secure Data vrtl-vmf-ds Vertel VMF DS vrtl-vmf-ds Vertel VMF DS unix-status unix-status unix-status unix-status dxadmind CA Administration Daemon dxadmind CA Administration Daemon simp-all SIMP Channel simp-all SIMP Channel nasmanager Merit DAC NASmanager nasmanager Merit DAC NASmanager bts-appserver BTS APPSERVER bts-appserver BTS APPSERVER biap-mp BIAP-MP biap-mp BIAP-MP

1963 tcp 1963 udp 1964 tcp 1964 udp 1965 tcp 1965 udp 1966 tcp 1966 udp 1966 tcp 1967 tcp 1967 udp 1967 tcp 1967 tcp FYEO 1968 tcp 1968 udp 1969 tcp 1969 udp 1969 tcp 1970 tcp 1970 udp 1971 tcp 1971 udp 1972 tcp 1972 udp 1973 tcp Protocol 1973 udp Protocol 1974 tcp 1974 udp 1975 tcp servers 1975 tcp 1975 udp 1976 tcp 1976 udp 1977 tcp 1977 udp 1978 tcp 1978 udp 1979 tcp 1979 udp 1980 tcp 1980 udp 1981 tcp 1981 udp 1981 tcp 1981 tcp 1982 tcp

webmachine WebMachine webmachine WebMachine solid-e-engine SOLID E ENGINE solid-e-engine SOLID E ENGINE tivoli-npm Tivoli NPM tivoli-npm Tivoli NPM slush Slush slush Slush FakeFTP [trojan] Fake FTP sns-quote SNS Quote sns-quote SNS Quote WMFTPServer [trojan] WM FTP Server ForYourEyesOnly [trojan] For Your Eyes Only lipsinc LIPSinc lipsinc LIPSinc lipsinc1 LIPSinc 1 lipsinc1 LIPSinc 1 OpCBO [trojan] OpC BO netop-rc NetOp Remote Control netop-rc NetOp Remote Control netop-school NetOp School netop-school NetOp School intersys-cache Cache intersys-cache Cache dlsrap Data Link Switching Remote Access dlsrap drp drp Aureate tcoflashagent tcoflashagent tcoregagent tcoregagent tcoaddressbook tcoaddressbook unisql unisql unisql-java unisql-java pearldoc-xact pearldoc-xact p2pq p2pq Shockrave Bowl estamp Data Link Switching Remote Access DRP DRP Aureate / Radiate spyware TCO Flash Agent TCO Flash Agent TCO Reg Agent TCO Reg Agent TCO Address Book TCO Address Book UniSQL UniSQL UniSQL Java UniSQL Java PearlDoc XACT PearlDoc XACT p2pQ p2pQ [trojan] Shockrave [trojan] Bowl Evidentiary Timestamp

1982 1983 1983 1984 1984 1985 1985 1986 1986 1987 1987 1988 1988 1989 1989 1989 1989 1990 1990 1991 1991 1991 1992 1992 1992 1992 1993 1993 1994 1994 1995 1995 1996 1996 1997 1997 1998 1998 1999 1999 1999 1999 1999 2000 2000 2000 2000 2000 2000

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp udp tcp udp tcp udp tcp tcp tcp udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp udp tcp tcp tcp tcp

estamp Evidentiary Timestamp lhtp Loophole Test Protocol lhtp Loophole Test Protocol bb BB bb BB hsrp Hot Standby Router Protocol hsrp Hot Standby Router Protocol licensedaemon cisco license management licensedaemon cisco license management tr-rsrb-p1 cisco RSRB Priority 1 port tr-rsrb-p1 cisco RSRB Priority 1 port tr-rsrb-p2 cisco RSRB Priority 2 port tr-rsrb-p2 cisco RSRB Priority 2 port mshnet MHSnet system tr-rsrb-p3 cisco RSRB Priority 3 port mshnet MHSnet system tr-rsrb-p3 cisco RSRB Priority 3 port stun-p1 cisco STUN Priority 1 port stun-p1 cisco STUN Priority 1 port stun-p2 cisco STUN Priority 2 port stun-p2 cisco STUN Priority 2 port PitFall [trojan] PitFall ipsendmsg IPsendmsg stun-p3 cisco STUN Priority 3 port ipsendmsg IPsendmsg stun-p3 cisco STUN Priority 3 port snmp-tcp-port cisco SNMP TCP port snmp-tcp-port cisco SNMP TCP port stun-port cisco serial tunnel port stun-port cisco serial tunnel port perf-port cisco perf port perf-port cisco perf port tr-rsrb-port cisco Remote SRB port tr-rsrb-port cisco Remote SRB port gdp-port cisco Gateway Discovery Protocol gdp-port cisco Gateway Discovery Protocol x25-svc-port cisco X.25 service (XOT) x25-svc-port cisco X.25 service (XOT) tcp-id-port cisco identification port tcp-id-port cisco identification port TransScout [trojan] TransScout BackDoor [trojan] Back Door SubSeven [trojan] SubSeven callbook callbook callbook callbook openwindows OpenWindows DerSpher [trojan] Der Spher / Der Spaeher InsaneNetwork [trojan] Insane Network Last2000 [trojan] Last 2000

2000 tcp RemoteExplorer2000 [trojan] Remote Explorer 2000 2000 tcp SennaSpyTrojanGenerator [trojan] Senna Spy Trojan Generator 2001 tcp dc dc 2001 tcp DerSpher [trojan] Der Spher / Der Spaeher 2001 tcp TrojanCow [trojan] Trojan Cow 2001 udp wizard curry 2002 tcp globe globe 2002 udp globe globe 2002 tcp milan Digi MiLAN print server admin port 2002 udp slapper [trojan] Peer-to-peer UDP DDoS (PUD) (used by OpenSSL/Apache "Slapper" worm) 2002 tcp TransScout [trojan] TransScout 2003 tcp cfingerd GNU finger 2003 tcp TransScout [trojan] TransScout 2004 tcp mailbox mailbox 2004 udp emce CCWS mm conf 2004 udp eDonkey2000 eDonkey2000 unknown/unlisted port 2004 tcp TransScout [trojan] TransScout 2005 tcp berknet berknet 2005 udp oracle oracle 2005 tcp deslogin encrypted symmetric telnet login 2005 tcp TransScout [trojan] TransScout 2006 tcp invokator 2006 udp raid-cc raid 2007 tcp dectalk 2007 udp raid-am 2008 tcp conf 2008 udp terminaldb 2009 tcp news 2009 udp whosockami 2010 tcp nfr Network Flight Recorder sensor 2010 tcp search 2010 udp pipe_server 2011 tcp raid-cc raid 2011 udp servserv 2012 tcp ttyinfo 2012 udp raid-ac 2013 tcp raid-am 2013 udp raid-cd 2014 tcp troff 2014 udp raid-sf 2015 tcp cypress 2015 udp raid-cs 2016 tcp bootserver 2016 udp bootserver 2017 tcp cypress-stat

2017 udp 2018 tcp 2018 udp 2019 tcp 2019 udp 2020 tcp 2020 udp 2021 tcp 2021 udp 2022 tcp 2022 udp 2023 tcp 2023 tcp 2023 tcp 2023 udp 2024 tcp 2024 udp 2025 tcp 2025 udp 2026 tcp 2026 udp 2027 tcp 2027 udp 2028 tcp 2028 udp 2030 tcp 2030 udp 2032 tcp 2032 udp 2033 tcp 2033 udp 2034 tcp 2034 udp 2035 tcp 2035 udp 2038 tcp 2038 udp 2040 tcp 2040 udp 2041 tcp 2041 udp 2042 tcp 2042 udp 2043 tcp 2043 udp 2044 tcp 2044 udp 2045 tcp 2045 udp 2046 tcp

bootclient terminaldb rellpack whosockami about xinupageserver xinupageserver servexec xinuexpansion1 down xinuexpansion2 RipperPro [trojan] Ripper Pro Ripper [trojan] Ripper xinuexpansion3 xinuexpansion3 xinuexpansion4 xinuexpansion4 ellpack xribs scrabble scrabble shadowserver shadowserver submitserver submitserver device2 device2 blackboard blackboard glogger glogger scoremgr scoremgr imsldoc imsldoc objectmanager objectmanager lam lam interbase interbase isis isis isis-bcast isis-bcast rimsl rimsl cdfunc cdfunc sdfunc

2046 udp sdfunc 2047 tcp dls 2047 udp dls 2048 tcp dls-monitor 2048 udp dls-monitor 2049 tcp nfs Network File System 2049 udp nfs Network File System 2049 tcp shilp 2049 udp shilp 2050 tcp av-emb-config Avaya EMB Config Port 2050 udp av-emb-config Avaya EMB Config Port 2050 tcp blazix-ejb Blazix java webserver 2051 tcp epnsdp EPNSDP 2051 udp epnsdp EPNSDP 2052 tcp clearvisn clearVisn Services Port 2052 udp clearvisn clearVisn Services Port 2053 tcp lot105-ds-upd Lot105 DSuper Updates 2053 udp lot105-ds-upd Lot105 DSuper Updates 2054 tcp weblogin Weblogin Port 2054 udp weblogin Weblogin Port 2055 tcp iop Iliad-Odyssey Protocol 2055 udp iop Iliad-Odyssey Protocol 2056 tcp omnisky OmniSky Port 2056 udp omnisky OmniSky Port 2057 tcp rich-cp Rich Content Protocol 2057 udp rich-cp Rich Content Protocol 2058 tcp newwavesearch NewWaveSearchables RMI 2058 udp newwavesearch NewWaveSearchables RMI 2059 tcp bmc-messaging BMC Messaging Service 2059 udp bmc-messaging BMC Messaging Service 2060 tcp teleniumdaemon Telenium Daemon IF 2060 udp teleniumdaemon Telenium Daemon IF 2061 tcp netmount NetMount 2061 udp netmount NetMount 2062 tcp icg-swp ICG SWP Port 2062 udp icg-swp ICG SWP Port 2063 tcp icg-bridge ICG Bridge Port 2063 udp icg-bridge ICG Bridge Port 2064 tcp distrib-netassholes A group of lamers working on a silly closed-source client 2064 tcp icg-iprelay ICG IP Relay Port 2064 udp icg-iprelay ICG IP Relay Port 2065 tcp dlsrpn Data Link Switch Read Port Number 2065 udp dlsrpn Data Link Switch Read Port Number 2067 tcp dlswpn Data Link Switch Write Port Number 2067 udp dlswpn Data Link Switch Write Port Number 2068 tcp avauthsrvprtcl Avocent AuthSrv Protocol 2068 udp avauthsrvprtcl Avocent AuthSrv Protocol 2069 tcp event-port HTTP Event Port 2069 udp event-port HTTP Event Port

2070 packet 2070 packet 2071 2071 2072 2072 2073 2073 2074 2074 2075 2075 2076 2076 2077 2077 2078 2078 2079 2079 2080 2080 2080 2080 2081 2081 2087 2087 2089 2089 2090 2090 2091 2091 2092 2092 2093 2093 2094 2094 2095 2095 2096 2096 2097 2097 2098 2098

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

ah-esp-encap ah-esp-encap

AH and ESP Encapsulated in UDP AH and ESP Encapsulated in UDP

acp-port Axon Control Protocol acp-port Axon Control Protocol msync GlobeCast mSync msync GlobeCast mSync vbs-data-port Variable Block Socket vbs-data-port Variable Block Socket vrtl-vmf-sa Vertel VMF SA vrtl-vmf-sa Vertel VMF SA newlixengine Newlix ServerWare Engine newlixengine Newlix ServerWare Engine newlixconfig Newlix JSPConfig newlixconfig Newlix JSPConfig trellisagt TrelliSoft Agent trellisagt TrelliSoft Agent trellissvr TrelliSoft Server trellissvr TrelliSoft Server idware-router IDWARE Router Port idware-router IDWARE Router Port autodesk-nlm Autodesk NLM (FLEXlm) WinHole [trojan] WinHole WinHole [trojan] WinHole autodesk-nlm Autodesk NLM (FLEXlm) kme-trap-port KME PRINTER TRAP PORT kme-trap-port KME PRINTER TRAP PORT eli ELI - Event Logging Integration eli ELI - Event Logging Integration sep Security Encapsulation Protocol - SEP sep Security Encapsulation Protocol - SEP lrp Load Report Protocol lrp Load Report Protocol prp PRP prp PRP descent3 Descent 3 descent3 Descent 3 nbx-cc NBX CC nbx-cc NBX CC nbx-au NBX AU nbx-au NBX AU nbx-ser NBX SER nbx-ser NBX SER nbx-dir NBX DIR nbx-dir NBX DIR jetformpreview Jet Form Preview jetformpreview Jet Form Preview dialog-port Dialog Port dialog-port Dialog Port

2099 tcp 2099 udp 2100 tcp 2100 udp 2101 tcp 2101 udp 2102 tcp 2102 udp 2103 tcp 2103 udp 2104 tcp 2104 udp 2105 tcp 2105 tcp 2105 udp 2105 udp 2106 tcp 2106 tcp 2106 udp 2106 udp 2107 tcp 2107 udp 2108 tcp 2108 tcp 2108 udp 2108 udp 2109 tcp 2109 udp 2110 tcp 2110 udp 2111 tcp 2111 tcp 2111 udp 2112 tcp 2112 udp 2112 tcp 2112 tcp partner 2000 2113 tcp 2113 udp 2114 tcp 2114 udp 2115 tcp 2115 tcp 2115 tcp 2115 udp 2116 tcp 2116 udp 2117 tcp 2117 udp

h2250-annex-g H.225.0 Annex G h2250-annex-g H.225.0 Annex G amiganetfs amiganetfs amiganetfs amiganetfs rtcm-sc104 rtcm-sc104 rtcm-sc104 rtcm-sc104 zephyr-srv Zephyr server zephyr-srv Zephyr server zephyr-clt Zephyr serv-hm connection zephyr-clt Zephyr serv-hm connection zephyr-hm Zephyr hostmanager zephyr-hm Zephyr hostmanager eklogin Kerberos (v4) encrypted rlogin minipay MiniPay eklogin Kerberos (v4) encrypted rlogin minipay MiniPay ekshell Kerberos (v4) encrypted rshell mzap MZAP ekshell Kerberos (v4) encrypted rshell mzap MZAP bintec-admin BinTec Admin bintec-admin BinTec Admin comcam Comcam rkinit Kerberos (v4) remote initialization comcam Comcam rkinit Kerberos (v4) remote initialization ergolight Ergolight ergolight Ergolight umsp UMSP umsp UMSP dsatp DSATP kx X over kerberos dsatp DSATP idonix-metanet Idonix MetaNet idonix-metanet Idonix MetaNet kip IP over kerberos pos-partner Vital Processing Services hsl-storm hsl-storm newheights newheights Bugs Bugs kdm kdm ccowcmr ccowcmr mentaclient mentaclient HSL StoRM HSL StoRM NEWHEIGHTS NEWHEIGHTS [trojan] Bugs [trojan] Bugs KDM KDM CCOWCMR CCOWCMR MENTACLIENT MENTACLIENT

POS

2118 tcp 2118 udp 2119 tcp 2119 udp 2120 tcp 2120 tcp 2120 udp 2121 tcp 2121 udp 2122 tcp 2122 udp 2123 tcp 2123 udp 2124 tcp 2124 udp 2125 tcp 2125 udp 2126 tcp 2126 udp 2127 tcp 2127 udp 2128 tcp 2128 udp 2129 tcp 2129 udp 2130 tcp 2130 udp 2130 udp 2131 tcp 2131 udp 2132 tcp 2132 udp 2133 tcp 2133 udp 2134 tcp 2134 udp 2135 tcp 2135 udp 2136 tcp 2136 udp 2137 tcp 2137 udp 2138 tcp 2138 udp 2139 tcp 2139 udp 2140 tcp Foreplay 2140 tcp 2140 tcp

mentaserver mentaserver gsigatekeeper gsigatekeeper kauth qencp qencp scientia-ssdb scientia-ssdb caupc-remote caupc-remote gtp-control gtp-control elatelink elatelink lockstep lockstep pktcable-cops pktcable-cops index-pc-wb index-pc-wb net-steward net-steward cs-live cs-live swc-xds MiniBacklash swc-xds avantageb2b avantageb2b avail-epmap avail-epmap zymed-zpp zymed-zpp avenue avenue gris gris appworxsrv appworxsrv connect connect unbind-cluster unbind-cluster ias-auth ias-auth Foreplay ias-reg TheInvasor

MENTASERVER MENTASERVER GSIGATEKEEPER GSIGATEKEEPER Remote kauth Quick Eagle Networks CP Quick Eagle Networks CP SCIENTIA-SSDB SCIENTIA-SSDB CauPC Remote Control CauPC Remote Control GTP-Control Plane (3GPP) GTP-Control Plane (3GPP) ELATELINK ELATELINK LOCKSTEP LOCKSTEP PktCable-COPS PktCable-COPS INDEX-PC-WB INDEX-PC-WB Net Steward Control Net Steward Control cs-live.com cs-live.com SWC-XDS [trojan] Mini Backlash SWC-XDS Avantageb2b Avantageb2b AVAIL-EPMAP AVAIL-EPMAP ZYMED-ZPP ZYMED-ZPP AVENUE AVENUE Grid Resource Information Server Grid Resource Information Server APPWORXSRV APPWORXSRV CONNECT CONNECT UNBIND-CLUSTER UNBIND-CLUSTER IAS-AUTH IAS-AUTH [trojan] Foreplay or Reduced IAS-REG [trojan] The Invasor

2140 udp DeepThroat [trojan] Deep Throat 2140 udp DeepThroat [trojan] Deep Throat 2140 udp Foreplay [trojan] Foreplay 2140 udp ias-reg IAS-REG 2141 tcp ias-admind IAS-ADMIND 2141 udp ias-admind IAS-ADMIND 2142 tcp tdm-over-ip TDM-OVER-IP 2142 udp tdm-over-ip TDM-OVER-IP 2143 tcp lv-jc Live Vault Job Control 2143 udp lv-jc Live Vault Job Control 2144 tcp lv-ffx Live Vault Fast Object Transfer 2144 udp lv-ffx Live Vault Fast Object Transfer 2145 tcp lv-pici Live Vault Remote Diagnostic Console Support 2145 udp lv-pici Live Vault Remote Diagnostic Console Support 2146 tcp lv-not Live Vault Admin Event Notification 2146 udp lv-not Live Vault Admin Event Notification 2147 tcp lv-auth Live Vault Authentication 2147 udp lv-auth Live Vault Authentication 2148 tcp veritas-ucl VERITAS UNIVERSAL COMMUNICATION LAYER 2148 udp veritas-ucl VERITAS UNIVERSAL COMMUNICATION LAYER 2149 tcp acptsys ACPTSYS 2149 udp acptsys ACPTSYS 2150 tcp dynamic3d DYNAMIC3D 2150 udp dynamic3d DYNAMIC3D 2151 tcp docent DOCENT 2151 udp docent DOCENT 2152 tcp gtp-user GTP-User Plane (3GPP) 2152 udp gtp-user GTP-User Plane (3GPP) 2155 tcp IllusionMailer [trojan] Illusion Mailer 2155 tcp IllusionMailer [trojan] Illusion Mailer 2160 tcp apc-cms APC Central Mgmt Server 2160 udp apc-cms APC Central Mgmt Server 2165 tcp x-bone-api X-Bone API 2165 udp x-bone-api X-Bone API 2166 tcp iwserver IWSERVER 2166 udp iwserver IWSERVER 2180 tcp mc-gt-srv Millicent Vendor Gateway Server 2180 udp mc-gt-srv Millicent Vendor Gateway Server 2181 tcp eforward eforward 2181 udp eforward eforward 2200 tcp ici ICI 2200 udp ici ICI 2201 tcp ats Advanced Training System Program 2201 udp ats Advanced Training System Program 2202 tcp imtc-map Int. Multimedia Teleconferencing Cosortium

2202 udp Cosortium 2213 tcp 2213 udp 2220 tcp 2220 udp 2221 tcp 2221 udp 2222 tcp exploit 2222 tcp 2222 udp 2223 tcp 2223 udp 2232 tcp 2232 udp 2233 tcp 2233 udp 2234 tcp 2234 udp 2235 tcp 2235 udp 2236 tcp 2236 udp 2237 tcp 2237 udp 2238 tcp 2238 udp 2239 tcp 2239 udp 2240 tcp 2240 udp 2241 tcp 2241 udp 2242 tcp 2242 udp 2243 tcp 2243 udp 2244 tcp 2244 udp 2245 tcp 2245 udp 2250 tcp 2250 udp 2255 tcp 2255 tcp 2255 tcp 2255 udp 2279 tcp 2279 udp

imtc-map

Int. Multimedia Teleconferencing

kali Kali kali Kali netiq NetIQ Pegasus netiq NetIQ Pegasus rockwell-csp1 Rockwell CSP1 rockwell-csp1 Rockwell CSP1 AMD [trojan] Rootshell left by AMD rockwell-csp2 Rockwell CSP2 rockwell-csp2 Rockwell CSP2 rockwell-csp3 Rockwell CSP3 rockwell-csp3 Rockwell CSP3 ivs-video IVS Video default ivs-video IVS Video default infocrypt INFOCRYPT infocrypt INFOCRYPT directplay DirectPlay directplay DirectPlay sercomm-wlink Sercomm-WLink sercomm-wlink Sercomm-WLink nani Nani nani Nani optech-port1-lm Optech Port1 License Manager optech-port1-lm Optech Port1 License Manager aviva-sna AVIVA SNA SERVER aviva-sna AVIVA SNA SERVER imagequery Image Query imagequery Image Query recipe RECIPe recipe RECIPe ivsd IVS Daemon ivsd IVS Daemon foliocorp Folio Remote Server foliocorp Folio Remote Server magicom Magicom Protocol magicom Magicom Protocol nmsserver NMS Server nmsserver NMS Server hao HaO hao HaO remote-collab remote-collab remote-collab remote-collab Nirvana [trojan] Nirvana Nirvana [trojan] Nirvana vrtp VRTP - ViRtue Transfer Protocol vrtp VRTP - ViRtue Transfer Protocol xmquery xmquery xmquery xmquery

2280 tcp 2280 udp 2281 tcp 2281 udp 2282 tcp 2282 udp 2283 tcp 2283 tcp 2283 tcp 2283 udp 2284 tcp 2284 udp 2285 tcp 2285 udp 2286 tcp 2286 udp 2287 tcp 2287 udp 2288 tcp 2288 udp 2294 tcp 2294 udp 2295 tcp 2295 udp 2296 tcp 2296 udp 2297 tcp 2297 udp 2298 tcp 2298 udp 2299 tcp 2299 udp 2300 tcp 2300 tcp 2300 tcp 2300 udp 2301 tcp management 2301 udp 2302 tcp 2302 udp 2303 tcp 2303 udp 2304 tcp 2304 udp 2305 tcp 2305 udp 2306 tcp 2306 udp 2307 tcp

lnvpoller LNVPOLLER lnvpoller LNVPOLLER lnvconsole LNVCONSOLE lnvconsole LNVCONSOLE lnvalarm LNVALARM lnvalarm LNVALARM HVLRat5 [trojan] HVL Rat5 HvlRAT [trojan] Hvl RAT lnvstatus LNVSTATUS lnvstatus LNVSTATUS lnvmaps LNVMAPS lnvmaps LNVMAPS lnvmailmon LNVMAILMON lnvmailmon LNVMAILMON nas-metering NAS-Metering nas-metering NAS-Metering dna DNA dna DNA netml NETML netml NETML konshus-lm Konshus License Manager (FLEX) konshus-lm Konshus License Manager (FLEX) advant-lm Advant License Manager advant-lm Advant License Manager theta-lm Theta License Manager (Rainbow) theta-lm Theta License Manager (Rainbow) d2k-datamover1 D2K DataMover 1 d2k-datamover1 D2K DataMover 1 d2k-datamover2 D2K DataMover 2 d2k-datamover2 D2K DataMover 2 pc-telecommute PC Telecommute pc-telecommute PC Telecommute cvmmon CVMMON Xplorer [trojan] Xplorer Xplorer [trojan] Xplorer cvmmon CVMMON compaqdiag Compaq remote diagnostic cpq-wbem binderysupport binderysupport proxy-gateway proxy-gateway attachmate-uts attachmate-uts mt-scaleserver mt-scaleserver tappi-boxnet tappi-boxnet pehelp Compaq HTTP Bindery Support Bindery Support Proxy Gateway Proxy Gateway Attachmate UTS Attachmate UTS MT ScaleServer MT ScaleServer TAPPI BoxNet TAPPI BoxNet

2307 udp 2308 tcp 2308 udp 2309 tcp 2309 udp 2310 tcp 2310 udp 2311 tcp 2311 tcp 2311 udp 2313 tcp 2313 udp 2314 tcp 2314 udp 2315 tcp 2315 udp 2316 tcp 2316 udp 2317 tcp 2317 udp 2318 tcp 2318 udp 2319 tcp 2319 udp 2320 tcp 2320 udp 2321 tcp 2321 udp 2322 tcp 2322 udp 2323 tcp 2323 udp 2324 tcp 2324 udp 2325 tcp 2325 udp 2326 tcp 2326 udp 2327 tcp 2327 udp 2328 tcp 2328 udp 2329 tcp 2329 udp 2330 tcp 2330 tcp 2330 udp 2331 tcp 2331 tcp 2331 udp

pehelp sdhelp sdhelp sdhelp sdhelp sdserver SD Server sdserver SD Server sdclient SD Client sdclient SD Client messageservice Message Service Studio54 [trojan] Studio 54 messageservice Message Service iapp IAPP (Inter Access Point Protocol) iapp IAPP (Inter Access Point Protocol) cr-websystems CR WebSystems cr-websystems CR WebSystems precise-sft Precise Sft. precise-sft Precise Sft. sent-lm SENT License Manager sent-lm SENT License Manager attachmate-g32 Attachmate G32 attachmate-g32 Attachmate G32 cadencecontrol Cadence Control cadencecontrol Cadence Control infolibria InfoLibria infolibria InfoLibria siebel-ns Siebel NS siebel-ns Siebel NS rdlap RDLAP over UDP rdlap RDLAP ofsd ofsd ofsd ofsd 3d-nfsd 3d-nfsd 3d-nfsd 3d-nfsd cosmocall Cosmocall cosmocall Cosmocall designspace-lm Design Space License Management designspace-lm Design Space License Management idcp IDCP idcp IDCP xingcsm xingcsm xingcsm xingcsm netrix-sftm Netrix SFTM netrix-sftm Netrix SFTM nvd NVD nvd NVD IRCContact [trojan] IRC Contact tscchat TSCCHAT tscchat TSCCHAT agentview AGENTVIEW IRCContact [trojan] IRC Contact agentview AGENTVIEW

2332 2332 2332 2333 2333 2333 2334 2334 2334 2335 2335 2335 2336 2336 2336 2337 2337 2337 2338 2338 2338 2339 2339 2339 2339 2339 2339 2339 2340 2340 2341 2341 2342 2342 2343 2343 2344 2344 2345 2345 2345 2345 2346 2346 2347 2347 2348 2348 2349 2349

tcp tcp udp tcp tcp udp tcp tcp udp tcp tcp udp tcp tcp udp tcp tcp udp tcp tcp udp tcp tcp tcp tcp udp udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp

IRCContact rcc-host rcc-host IRCContact snapp snapp ace-client IRCContact ace-client ace-proxy IRCContact ace-proxy appleugcontrol IRCContact appleugcontrol ideesrv IRCContact ideesrv IRCContact norton-lambert norton-lambert 3com-webview IRCContact VoiceSpyOBS VoiceSpy 3com-webview VoiceSpyOBS VoiceSpy wrs_registry wrs_registry xiostatus xiostatus manage-exec manage-exec nati-logos nati-logos fcmsys fcmsys dbm DolyTrojan DolyTrojan dbm redstorm_join redstorm_join redstorm_find redstorm_find redstorm_info redstorm_info redstorm_diag redstorm_diag

[trojan] IRC Contact RCC Host RCC Host [trojan] IRC Contact SNAPP SNAPP ACE Client Auth [trojan] IRC Contact ACE Client Auth ACE Proxy [trojan] IRC Contact ACE Proxy Apple UG Control [trojan] IRC Contact Apple UG Control ideesrv [trojan] IRC Contact ideesrv [trojan] IRC Contact Norton Lambert Norton Lambert 3Com WebView [trojan] IRC Contact [trojan] Voice Spy - OBS!!! [trojan] Voice Spy 3Com WebView [trojan] Voice Spy - OBS!!! [trojan] Voice Spy WRS Registry WRS Registry XIO Status XIO Status Seagate Manage Exec Seagate Manage Exec nati logos nati logos fcmsys fcmsys dbm [trojan] Doly Trojan [trojan] Doly Trojan dbm Game Connection Port Game Connection Port Game Announcement and Location Game Announcement and Location Information to query for game status Information to query for game status Diagnostics Port Disgnostics Port

2350 tcp psbserver psbserver 2350 udp psbserver psbserver 2351 tcp psrserver psrserver 2351 udp psrserver psrserver 2352 tcp pslserver pslserver 2352 udp pslserver pslserver 2353 tcp pspserver pspserver 2353 udp pspserver pspserver 2354 tcp psprserver psprserver 2354 udp psprserver psprserver 2355 tcp psdbserver psdbserver 2355 udp psdbserver psdbserver 2356 tcp gxtelmd GXT License Managemant 2356 udp gxtelmd GXT License Managemant 2357 tcp unihub-server UniHub Server 2357 udp unihub-server UniHub Server 2358 tcp futrix Futrix 2358 udp futrix Futrix 2359 tcp flukeserver FlukeServer 2359 udp flukeserver FlukeServer 2360 tcp nexstorindltd NexstorIndLtd 2360 udp nexstorindltd NexstorIndLtd 2361 tcp tl1 TL1 2361 udp tl1 TL1 2362 tcp digiman digiman 2362 udp digiman digiman 2363 tcp mediacntrlnfsd Media Central NFSD 2363 udp mediacntrlnfsd Media Central NFSD 2364 tcp oi-2000 OI-2000 2364 udp oi-2000 OI-2000 2365 tcp dbref dbref 2365 udp dbref dbref 2366 tcp qip-login qip-login 2366 udp qip-login qip-login 2367 tcp service-ctrl Service Control 2367 udp service-ctrl Service Control 2368 tcp opentable OpenTable 2368 udp opentable OpenTable 2369 tcp acs2000-dsp ACS2000 DSP 2369 udp acs2000-dsp ACS2000 DSP 2370 tcp compaq-econnect Worldwire eConnect Secure Remote Support 2370 tcp l3-hbmon L3-HBMon 2370 udp l3-hbmon L3-HBMon 2381 tcp compaq-https Compaq HTTPS 2381 udp compaq-https Compaq HTTPS 2382 tcp ms-olap3 Microsoft OLAP 2382 udp ms-olap3 Microsoft OLAP 2383 tcp ms-olap4 Microsoft OLAP 2383 udp ms-olap4 Microsoft OLAP

Compaq

2384 tcp 2384 udp 2389 tcp 2389 udp 2390 tcp 2390 udp 2391 tcp 2391 udp 2392 tcp 2392 udp 2393 tcp 2393 udp 2394 tcp 2394 udp 2395 tcp 2395 udp 2396 tcp 2396 udp 2397 tcp 2397 udp 2398 tcp 2398 udp 2399 tcp 2399 udp 2400 tcp 2400 tcp 2400 udp 2401 tcp 2401 udp 2402 tcp 2402 udp 2403 tcp 2403 udp 2404 tcp 2404 udp 2405 tcp 2405 udp 2406 tcp 2406 udp 2407 tcp 2407 udp 2408 tcp 2408 udp 2409 tcp 2409 udp 2410 tcp 2410 udp 2411 tcp 2411 udp 2412 tcp

sd-request SD-REQUEST sd-request SD-REQUEST ovsessionmgr OpenView Session Mgr ovsessionmgr OpenView Session Mgr rsmtp RSMTP rsmtp RSMTP 3com-net-mgmt 3COM Net Management 3com-net-mgmt 3COM Net Management tacticalauth Tactical Auth tacticalauth Tactical Auth ms-olap1 MS OLAP 1 ms-olap1 MS OLAP 1 ms-olap2 MS OLAP 2 ms-olap2 MA OLAP 2 lan900_remote LAN900 Remote lan900_remote LAN900 Remote wusage Wusage wusage Wusage ncl NCL ncl NCL orbiter Orbiter orbiter Orbiter fmpro-fdal FileMaker Inc. - Data Access Layer fmpro-fdal FileMaker Inc. - Data Access Layer opequus-server OpEquus Server Portd [trojan] Portd opequus-server OpEquus Server cvspserver CVS network server cvspserver CVS network server taskmaster2000 TaskMaster 2000 Server taskmaster2000 TaskMaster 2000 Server taskmaster2000 TaskMaster 2000 Web taskmaster2000 TaskMaster 2000 Web iec870-5-104 IEC870-5-104 iec870-5-104 IEC870-5-104 trc-netpoll TRC Netpoll trc-netpoll TRC Netpoll jediserver JediServer jediserver JediServer orion Orion orion Orion optimanet OptimaNet optimanet OptimaNet sns-protocol SNS Protocol sns-protocol SNS Protocol vrts-registry VRTS Registry vrts-registry VRTS Registry netwave-ap-mgmt Netwave AP Management netwave-ap-mgmt Netwave AP Management cdn CDN

2412 udp 2413 tcp 2413 udp 2414 tcp 2414 udp 2415 tcp 2415 udp 2416 tcp 2416 udp 2417 tcp 2417 udp 2418 tcp 2418 udp 2419 tcp 2419 udp 2420 tcp 2420 udp 2421 tcp 2421 udp 2422 tcp 2422 udp 2423 tcp 2423 udp 2424 tcp 2424 udp 2425 tcp 2425 udp 2426 tcp 2426 udp 2427 tcp Gateway 2427 udp Gateway 2428 tcp 2428 udp 2429 tcp 2429 udp 2430 tcp 2430 udp 2431 tcp 2431 udp 2432 tcp 2432 udp 2433 tcp 2433 udp 2434 tcp 2434 udp 2435 tcp 2435 udp 2436 tcp

cdn CDN orion-rmi-reg orion-rmi-reg orion-rmi-reg orion-rmi-reg beeyond Beeyond beeyond Beeyond comtest COMTEST comtest COMTEST rmtserver RMT Server rmtserver RMT Server composit-server Composit Server composit-server Composit Server cas cas cas cas attachmate-s2s Attachmate S2S attachmate-s2s Attachmate S2S dslremote-mgmt DSL Remote Management dslremote-mgmt DSL Remote Management g-talk G-Talk g-talk G-Talk crmsbits CRMSBITS crmsbits CRMSBITS rnrp RNRP rnrp RNRP kofax-svr KOFAX-SVR kofax-svr KOFAX-SVR fjitsuappmgr Fujitsu App Manager fjitsuappmgr Fujitsu App Manager applianttcp Appliant TCP appliantudp Appliant UDP mgcp-gateway Media Gateway Control Protocol mgcp-gateway ott ott ft-role ft-role venus venus venus-se venus-se codasrv codasrv codasrv-se codasrv-se pxc-epmap pxc-epmap optilogic optilogic topx Media Gateway Control Protocol

One Way Trip Time One Way Trip Time FT-ROLE FT-ROLE venus venus venus-se venus-se codasrv codasrv codasrv-se codasrv-se pxc-epmap pxc-epmap OptiLogic OptiLogic TOP X

2436 2437 2437 2438 2438 2439 2439 2440 2440 2441 2441 2442 2442 2443 2443 2444 2444 2445 2445 2446 2446 2447 2447 2448 2448 2449 2449 2450 2450 2451 2451 2452 2452 2453 2453 2454 2454 2455 2455 2456 2456 2457 2457 2458 2458 2459 2459 2460 2460 2461

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

topx TOP X unicontrol UniControl unicontrol UniControl msp MSP msp MSP sybasedbsynch SybaseDBSynch sybasedbsynch SybaseDBSynch spearway Spearway Lockers spearway Spearway Lockser pvsw-inet pvsw-inet pvsw-inet pvsw-inet netangel Netangel netangel Netangel powerclientcsf PowerClient Central Storage Facility powerclientcsf PowerClient Central Storage Facility btpp2sectrans BT PP2 Sectrans btpp2sectrans BT PP2 Sectrans dtn1 DTN1 dtn1 DTN1 bues_service bues_service bues_service bues_service ovwdb OpenView NNM daemon ovwdb OpenView NNM daemon hpppssvr hpppsvr hpppssvr hpppsvr ratl RATL ratl RATL netadmin netadmin netadmin netadmin netchat netchat netchat netchat snifferclient SnifferClient snifferclient SnifferClient madge-om madge-om madge-om madge-om indx-dds IndX-DDS indx-dds IndX-DDS wago-io-system WAGO-IO-SYSTEM wago-io-system WAGO-IO-SYSTEM altav-remmgt altav-remmgt altav-remmgt altav-remmgt rapido-ip Rapido_IP rapido-ip Rapido_IP griffin griffin griffin griffin community Community community Community ms-theater ms-theater ms-theater ms-theater qadmifoper qadmifoper

2461 udp 2462 tcp 2462 udp 2463 tcp 2463 udp 2464 tcp 2464 udp 2465 tcp 2465 udp 2466 tcp 2466 udp 2467 tcp 2467 udp 2468 tcp 2468 udp 2469 tcp 2469 udp 2470 tcp 2470 udp 2471 tcp 2471 udp 2472 tcp 2472 udp 2473 tcp 2473 udp 2474 tcp 2474 udp 2475 tcp 2475 udp 2476 tcp 2476 udp 2477 tcp Service 2477 udp Service 2478 tcp (SLL) 2478 udp (SSL) 2479 tcp 2479 udp 2480 tcp 2480 udp 2481 tcp 2481 udp 2482 tcp 2483 tcp 2483 udp 2484 tcp 2485 tcp

qadmifoper qadmifevent qadmifevent symbios-raid symbios-raid direcpc-si direcpc-si lbm lbm lbf lbf high-criteria high-criteria qip-msgd qip-msgd mti-tcs-comm mti-tcs-comm taskman-port taskman-port seaodbc seaodbc c3 c3 aker-cdp aker-cdp vitalanalysis vitalanalysis ace-server ace-server ace-svr-prop ace-svr-prop ssm-cvs ssm-cvs ssm-cssps ssm-cssps ssm-els ssm-els lingwood lingwood giop giop giop-ssl ttc ttc ttc-ssl netobjects1

qadmifoper qadmifevent qadmifevent Symbios Raid Symbios Raid DirecPC SI DirecPC SI Load Balance Management Load Balance Management Load Balance Forwarding Load Balance Forwarding High Criteria High Criteria qip_msgd qip_msgd MTI-TCS-COMM MTI-TCS-COMM taskman port taskman port SeaODBC SeaODBC C3 C3 Aker-cdp Aker-cdp Vital Analysis Vital Analysis ACE Server ACE Server ACE Server Propagation ACE Server Propagation SecurSight Certificate Valifation SecurSight Certificate Valifation SecurSight Authentication Server SecurSight Authentication Server SecurSight Event Logging Server (SSL) SecurSight Event Logging Server (SSL) Lingwood's Detail Lingwood's Detail Oracle GIOP Oracle GIOP Oracle GIOP SSL Oracle TTC Oracel TTC Oracle TTC SSL Net Objects1

2485 udp 2486 tcp 2486 udp 2487 tcp 2487 udp 2488 tcp 2488 udp 2489 tcp 2489 udp 2490 tcp 2490 udp 2491 tcp 2491 udp 2492 tcp 2492 udp 2493 tcp 2493 udp 2494 tcp 2494 udp 2495 tcp 2495 udp 2496 tcp 2496 udp 2497 tcp 2497 udp 2498 tcp 2498 udp 2499 tcp 2499 udp 2500 tcp 2500 udp 2501 tcp 2501 udp 2502 tcp 2502 udp 2503 tcp 2503 udp 2504 tcp 2504 udp 2505 tcp 2505 udp 2506 tcp 2506 udp 2506 tcp 2507 tcp 2507 udp 2508 tcp 2508 udp 2509 tcp 2509 udp

netobjects1 Net Objects1 netobjects2 Net Objects2 netobjects2 Net Objects2 pns Policy Notice Service pns Policy Notice Service moy-corp Moy Corporation moy-corp Moy Corporation tsilb TSILB tsilb TSILB qip-qdhcp qip_qdhcp qip-qdhcp qip_qdhcp conclave-cpp Conclave CPP conclave-cpp Conclave CPP groove GROOVE groove GROOVE talarian-mqs Talarian MQS talarian-mqs Talarian MQS bmc-ar BMC AR bmc-ar BMC AR fast-rem-serv Fast Remote Services fast-rem-serv Fast Remote Services dirgis DIRGIS dirgis DIRGIS quaddb Quad DB quaddb Quad DB odn-castraq ODN-CasTraq odn-castraq ODN-CasTraq unicontrol UniControl unicontrol UniControl rtsserv Resource Tracking system server rtsserv Resource Tracking system server rtsclient Resource Tracking system client rtsclient Resource Tracking system client kentrox-prot Kentrox Protocol kentrox-prot Kentrox Protocol nms-dpnss NMS-DPNSS nms-dpnss NMS-DPNSS wlbs WLBS wlbs WLBS torque-traffic torque-traffic torque-traffic torque-traffic jbroker jbroker jbroker jbroker jana Jana Proxy Server admin port spock spock spock spock jdatastore JDataStore jdatastore JDataStore fjmpss fjmpss fjmpss fjmpss

2510 2510 2511 2511 2512 2512 2513 2513 2514 2514 2515 2515 2516 2516 2517 2517 2518 2518 2519 2519 2520 2520 2521 2521 2522 2522 2523 2523 2524 2524 2525 2525 2526 2526 2527 2527 2528 2528 2529 2529 2530 2530 2531 2531 2532 2532 2533 2533 2534 2534

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

fjappmgrbulk fjappmgrbulk fjappmgrbulk fjappmgrbulk metastorm Metastorm metastorm Metastorm citrixima Citrix IMA citrixima Citrix IMA citrixadmin Citrix ADMIN citrixadmin Citrix ADMIN facsys-ntp Facsys NTP facsys-ntp Facsys NTP facsys-router Facsys Router facsys-router Facsys Router maincontrol Main Control maincontrol Main Control call-sig-trans H.323 Annex E call signaling transport call-sig-trans H.323 Annex E call signaling transport willy Willy willy Willy globmsgsvc globmsgsvc globmsgsvc globmsgsvc pvsw pvsw pvsw pvsw adaptecmgr Adaptec Manager adaptecmgr Adaptec Manager windb WinDb windb WinDb qke-llc-v3 Qke LLC V.3 qke-llc-v3 Qke LLC V.3 optiwave-lm Optiwave License Management optiwave-lm Optiwave License Management ms-v-worlds MS V-Worlds ms-v-worlds MS V-Worlds ema-sent-lm EMA License Manager ema-sent-lm EMA License Manager iqserver IQ Server iqserver IQ Server ncr_ccl NCR CCL ncr_ccl NCR CCL utsftp UTS FTP utsftp UTS FTP vrcommerce VR Commerce vrcommerce VR Commerce ito-e-gui ITO-E GUI ito-e-gui ITO-E GUI ovtopmd OVTOPMD ovtopmd OVTOPMD snifferserver SnifferServer snifferserver SnifferServer combox-web-acc Combox Web Access combox-web-acc Combox Web Access

2535 tcp 2535 udp 2536 tcp 2536 udp 2537 tcp 2537 udp 2538 tcp 2538 udp 2539 tcp 2539 udp 2540 tcp 2540 udp 2541 tcp 2541 udp 2542 tcp 2542 udp 2543 tcp 2543 udp 2544 tcp 2545 tcp 2545 udp 2546 tcp 2546 udp 2547 tcp 2547 udp 2548 tcp 2548 udp 2549 tcp 2549 udp 2550 tcp 2550 udp 2551 tcp 2551 udp 2552 tcp 2552 udp 2553 tcp 2553 udp 2554 tcp 2554 udp 2555 tcp 2555 tcp 2555 tcp 2555 udp 2556 tcp 2556 udp 2557 tcp 2557 udp 2558 tcp 2558 udp 2559 tcp

madcap MADCAP madcap MADCAP btpp2audctr1 btpp2audctr1 btpp2audctr1 btpp2audctr1 upgrade Upgrade Protocol upgrade Upgrade Protocol vnwk-prapi vnwk-prapi vnwk-prapi vnwk-prapi vsiadmin VSI Admin vsiadmin VSI Admin lonworks LonWorks lonworks LonWorks lonworks2 LonWorks2 lonworks2 LonWorks2 davinci daVinci davinci daVinci reftek REFTEK reftek REFTEK novell-zen Novell ZEN sis-emt sis-emt sis-emt sis-emt vytalvaultbrtp vytalvaultbrtp vytalvaultbrtp vytalvaultbrtp vytalvaultvsmp vytalvaultvsmp vytalvaultvsmp vytalvaultvsmp vytalvaultpipe vytalvaultpipe vytalvaultpipe vytalvaultpipe ipass IPASS ipass IPASS ads ADS ads ADS isg-uda-server ISG UDA Server isg-uda-server ISG UDA Server call-logging Call Logging call-logging Call Logging efidiningport efidiningport efidiningport efidiningport vcnet-link-v10 VCnet-Link v10 vcnet-link-v10 VCnet-Link v10 compaq-wcp Compaq WCP Lion [trojan] Lion T0rnRootkit [trojan] T0rn Rootkit compaq-wcp Compaq WCP nicetec-nmsvc nicetec-nmsvc nicetec-nmsvc nicetec-nmsvc nicetec-mgmt nicetec-mgmt nicetec-mgmt nicetec-mgmt pclemultimedia PCLE Multi Media pclemultimedia PCLE Multi Media lstp LSTP

2559 udp 2560 tcp 2560 udp 2561 tcp 2561 udp 2562 tcp 2562 udp 2563 tcp 2563 udp 2564 tcp 2565 tcp 2565 tcp 2565 tcp 2565 udp 2566 tcp 2566 udp 2567 tcp 2567 udp 2568 tcp 2568 udp 2569 tcp 2569 udp 2570 tcp 2570 udp 2571 tcp 2571 udp 2572 tcp 2572 udp 2573 tcp 2573 udp 2574 tcp 2574 udp 2575 tcp 2575 udp 2576 tcp 2576 udp 2577 tcp 2577 udp 2578 tcp 2578 udp 2579 tcp 2579 udp 2580 tcp 2580 udp 2581 tcp 2581 udp 2582 tcp 2582 udp 2583 tcp 2583 tcp

lstp LSTP labrat labrat labrat labrat mosaixcc MosaixCC mosaixcc MosaixCC delibo Delibo delibo Delibo cti-redwood CTI Redwood cti-redwood CTI Redwood hp-3000-telnet HP 3000 NS VT block mode telnet coord-svr Coordinator Server Striker [trojan] Striker Strikertrojan [trojan] Striker trojan coord-svr Coordinator Server pcs-pcw pcs-pcw pcs-pcw pcs-pcw clp Cisco Line Protocol clp Cisco Line Protocol spamtrap SPAM TRAP spamtrap SPAM TRAP sonuscallsig Sonus Call Signal sonuscallsig Sonus Call Signal hs-port HS Port hs-port HS Port cecsvc CECSVC cecsvc CECSVC ibp IBP ibp IBP trustestablish Trust Establish trustestablish Trust Establish blockade-bpsp Blockade BPSP blockade-bpsp Blockade BPSP hl7 HL7 hl7 HL7 tclprodebugger TCL Pro Debugger tclprodebugger TCL Pro Debugger scipticslsrvr Scriptics Lsrvr scipticslsrvr Scriptics Lsrvr rvs-isdn-dcp RVS ISDN DCP rvs-isdn-dcp RVS ISDN DCP mpfoncl mpfoncl mpfoncl mpfoncl tributary Tributary tributary Tributary argis-te ARGIS TE argis-te ARGIS TE argis-ds ARGIS DS argis-ds ARGIS DS mon MON WinCrash [trojan] WinCrash

2583 tcp 2583 udp 2584 tcp 2584 udp 2585 tcp 2585 udp 2586 tcp 2586 udp 2587 tcp 2587 udp 2588 tcp 2588 udp 2589 tcp 2589 tcp 2589 udp 2590 tcp 2590 udp 2591 tcp 2591 udp 2592 tcp 2592 udp 2593 tcp 2593 udp 2594 tcp 2594 udp 2595 tcp 2595 udp 2596 tcp 2596 udp 2597 tcp 2597 udp 2598 tcp 2598 udp 2599 tcp 2599 udp 2600 tcp 2600 tcp 2600 tcp 2600 tcp 2600 udp 2601 tcp 2601 tcp 2601 udp 2602 tcp 2602 tcp 2602 udp 2603 tcp 2603 tcp 2603 udp 2604 tcp

WinCrash [trojan] WinCrash mon MON cyaserv cyaserv cyaserv cyaserv netx-server NETX Server netx-server NETX Server netx-agent NETX Agent netx-agent NETX Agent masc MASC masc MASC privilege Privilege privilege Privilege Dagger [trojan] Dagger quartus-tcl quartus tcl quartus-tcl quartus tcl idotdist idotdist idotdist idotdist maytagshuffle Maytag Shuffle maytagshuffle Maytag Shuffle netrek netrek netrek netrek mns-mail MNS Mail Notice Service mns-mail MNS Mail Notice Service dts Data Base Server dts Data Base Server worldfusion1 World Fusion 1 worldfusion1 World Fusion 1 worldfusion2 World Fusion 2 worldfusion2 World Fusion 2 homesteadglory Homestead Glory homesteadglory Homestead Glory citriximaclient Citrix MA Client citriximaclient Citrix MA Client meridiandata Meridian Data meridiandata Meridian Data DigitalRootBeer [trojan] Digital RootBeer DigitalRootBeer [trojan] Digital RootBeer hpstgmgr HPSTGMGR zebrasrv zebra service hpstgmgr HPSTGMGR discp-client discp client zebra zebra vty discp-client discp client discp-server discp server ripd RIPd vty discp-server discp server ripngd RIPngd vty servicemeter Service Meter servicemeter Service Meter nsc-ccs NSC CCS

2604 tcp 2604 udp 2605 tcp 2605 tcp 2605 udp 2606 tcp 2606 udp 2607 tcp 2607 udp 2608 tcp 2608 udp 2609 tcp 2609 udp 2610 tcp 2610 udp 2611 tcp 2611 udp 2612 tcp 2612 udp 2613 tcp 2613 udp 2614 tcp 2614 udp 2615 tcp 2615 udp 2616 tcp 2616 udp 2617 tcp 2617 udp 2618 tcp 2618 udp 2619 tcp 2619 udp 2620 tcp 2620 udp 2621 tcp 2621 udp 2622 tcp 2622 udp 2623 tcp 2623 udp 2624 tcp 2624 udp 2625 tcp 2625 udp 2626 tcp 2626 udp 2626 tcp 2627 tcp 2627 tcp

ospfd OSPFd vty nsc-ccs NSC CCS bgpd BGPd vty nsc-posa NSC POSA nsc-posa NSC POSA netmon Dell Netmon netmon Dell Netmon connection Dell Connection connection Dell Connection wag-service Wag Service wag-service Wag Service system-monitor System Monitor system-monitor System Monitor versa-tek VersaTek versa-tek VersaTek lionhead LIONHEAD lionhead LIONHEAD qpasa-agent Qpasa Agent qpasa-agent Qpasa Agent smntubootstrap SMNTUBootstrap smntubootstrap SMNTUBootstrap neveroffline Never Offline neveroffline Never Offline firepower firepower firepower firepower appswitch-emp appswitch-emp appswitch-emp appswitch-emp cmadmin Clinical Context Managers cmadmin Clinical Context Managers priority-e-com Priority E-Com priority-e-com Priority E-Com bruce bruce bruce bruce lpsrecommender LPSRecommender lpsrecommender LPSRecommender miles-apart Miles Apart Jukebox Server miles-apart Miles Apart Jukebox Server metricadbc MetricaDBC metricadbc MetricaDBC lmdp LMDP lmdp LMDP aria Aria aria Aria blwnkl-port Blwnkl Port blwnkl-port Blwnkl Port gbjd816 gbjd816 gbjd816 gbjd816 ap-defender AP Defender moshebeeri Moshe Beeri webster Network dictionary

2627 2627 2628 2628 2629 2629 2630 2630 2631 2631 2632 2632 2633 2633 2634 2634 2635 2635 2636 2636 2637 2637 2638 2638 2639 2639 2640 2640 2641 2641 2642 2642 2643 2643 2644 2644 2645 2645 2646 2646 2647 2647 2648 2648 2649 2649 2650 2650 2651 2651

udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

moshebeeri Moshe Beeri webster Network dictionary dict DICT dict DICT sitaraserver Sitara Server sitaraserver Sitara Server sitaramgmt Sitara Management sitaramgmt Sitara Management sitaradir Sitara Dir sitaradir Sitara Dir irdg-post IRdg Post irdg-post IRdg Post interintelli InterIntelli interintelli InterIntelli pk-electronics PK Electronics pk-electronics PK Electronics backburner Back Burner backburner Back Burner solve Solve solve Solve imdocsvc Import Document Service imdocsvc Import Document Service sybase Sybase database sybaseanywhere Sybase Anywhere aminet AMInet aminet AMInet sai_sentlm Sabbagh Associates Licence Manager sai_sentlm Sabbagh Associates Licence Manager hdl-srv HDL Server hdl-srv HDL Server tragic Tragic tragic Tragic gte-samp GTE-SAMP gte-samp GTE-SAMP travsoft-ipx-t Travsoft IPX Tunnel travsoft-ipx-t Travsoft IPX Tunnel novell-ipx-cmd Novell IPX CMD novell-ipx-cmd Novell IPX CMD and-lm AND Licence Manager and-lm AND License Manager syncserver SyncServer syncserver SyncServer upsnotifyprot Upsnotifyprot upsnotifyprot Upsnotifyprot vpsipport VPSIPPORT vpsipport VPSIPPORT eristwoguns eristwoguns eristwoguns eristwoguns ebinsite EBInSite ebinsite EBInSite

2652 2652 2653 2653 2654 2654 2655 2655 2656 2656 2657 2657 2658 2658 2659 2659 2660 2660 2661 2661 2662 2662 2663 2663 2664 2664 2665 2665 2666 2666 2667 2667 2668 2668 2669 2669 2670 2670 2671 2671 2672 2672 2673 2673 2674 2674 2675 2675 2676 2676

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

interpathpanel InterPathPanel interpathpanel InterPathPanel sonus Sonus sonus Sonus corel_vncadmin Corel VNC Admin corel_vncadmin Corel VNC Admin unglue UNIX Nt Glue unglue UNIX Nt Glue kana Kana kana Kana sns-dispatcher SNS Dispatcher sns-dispatcher SNS Dispatcher sns-admin SNS Admin sns-admin SNS Admin sns-query SNS Query sns-query SNS Query gcmonitor GC Monitor gcmonitor GC Monitor olhost OLHOST olhost OLHOST bintec-capi BinTec-CAPI bintec-capi BinTec-CAPI bintec-tapi BinTec-TAPI bintec-tapi BinTec-TAPI patrol-mq-gm Patrol for MQ GM patrol-mq-gm Patrol for MQ GM patrol-mq-nm Patrol for MQ NM patrol-mq-nm Patrol for MQ NM extensis extensis extensis extensis alarm-clock-s Alarm Clock Server alarm-clock-s Alarm Clock Server alarm-clock-c Alarm Clock Client alarm-clock-c Alarm Clock Client toad TOAD toad TOAD tve-announce TVE Announce tve-announce TVE Announce newlixreg newlixreg newlixreg newlixreg nhserver nhserver nhserver nhserver firstcall42 First Call 42 firstcall42 First Call 42 ewnn ewnn ewnn ewnn ttc-etap TTC ETAP ttc-etap TTC ETAP simslink SIMSLink simslink SIMSLink

2677 tcp 2677 udp 2678 tcp 2678 udp 2679 tcp 2680 tcp 2680 udp 2681 tcp 2681 udp 2682 tcp 2682 udp 2683 tcp 2683 udp 2684 tcp 2684 udp 2685 tcp 2685 udp 2686 tcp 2686 udp 2687 tcp 2687 udp 2688 tcp 2688 udp 2689 tcp 2689 udp 2690 tcp 2690 udp 2691 tcp 2691 udp 2692 tcp 2692 udp 2693 tcp 2693 udp 2694 tcp 2694 udp 2695 tcp 2695 udp 2696 tcp 2696 udp 2697 tcp 2697 udp 2698 tcp 2698 udp 2699 tcp 2699 udp 2700 tcp 2700 udp 2701 tcp 2701 udp 2702 tcp

gadgetgate1way Gadget Gate 1 Way gadgetgate1way Gadget Gate 1 Way gadgetgate2way Gadget Gate 2 Way gadgetgate2way Gadget Gate 2 Way syncserverssl Sync Server SSL pxc-sapxom pxc-sapxom pxc-sapxom pxc-sapxom mpnjsomb mpnjsomb mpnjsomb mpnjsomb srsp SRSP srsp SRSP ncdloadbalance NCDLoadBalance ncdloadbalance NCDLoadBalance mpnjsosv mpnjsosv mpnjsosv mpnjsosv mpnjsocl mpnjsocl mpnjsocl mpnjsocl mpnjsomg mpnjsomg mpnjsomg mpnjsomg pq-lic-mgmt pq-lic-mgmt pq-lic-mgmt pq-lic-mgmt md-cg-http md-cf-http md-cg-http md-cf-http fastlynx FastLynx fastlynx FastLynx hp-nnm-data HP NNM Embedded Database hp-nnm-data HP NNM Embedded Database itinternet IT Internet itinternet IT Internet admins-lms Admins LMS admins-lms Admins LMS belarc-http belarc-http belarc-http belarc-http pwrsevent pwrsevent pwrsevent pwrsevent vspread VSPREAD vspread VSPREAD unifyadmin Unify Admin unifyadmin Unify Admin oce-snmp-trap Oce SNMP Trap Port oce-snmp-trap Oce SNMP Trap Port mck-ivpip MCK-IVPIP mck-ivpip MCK-IVPIP csoft-plusclnt Csoft Plus Client csoft-plusclnt Csoft Plus Client tqdata tqdata tqdata tqdata sms-rcinfo SMS RCINFO sms-rcinfo SMS RCINFO BlackDiver [trojan] Black Diver

2702 tcp 2702 udp 2703 tcp 2703 udp 2704 tcp 2704 udp 2705 tcp 2705 udp 2706 tcp 2706 udp 2707 tcp 2707 udp 2708 tcp 2708 udp 2709 tcp 2709 udp 2710 tcp 2710 udp 2711 tcp 2711 udp 2712 tcp 2712 udp 2713 tcp 2713 udp 2714 tcp 2715 tcp 2715 udp 2716 tcp 2716 tcp 2716 tcp 2716 udp 2717 tcp 2717 udp 2718 tcp 2718 udp 2719 tcp 2719 udp 2720 tcp 2720 udp 2721 tcp 2721 udp 2722 tcp 2722 udp 2723 tcp 2723 udp 2724 tcp 2724 udp 2725 tcp 2725 udp 2726 tcp

sms-xfer sms-xfer sms-chat sms-chat sms-remctrl sms-remctrl sds-admin sds-admin ncdmirroring ncdmirroring emcsymapiport emcsymapiport banyan-net banyan-net supermon supermon sso-service sso-service sso-control sso-control aocp aocp raven1 raven1 raven2 hpstgmgr2 hpstgmgr2 inova-ip-disco ThePrayer ThePrayer inova-ip-disco pn-requester pn-requester pn-requester2 pn-requester2 scan-change scan-change wkars wkars smart-diagnose smart-diagnose proactivesrvr proactivesrvr watchdognt watchdognt qotps qotps msolap-ptp2 msolap-ptp2 tams

SMS XFER SMS XFER SMS CHAT SMS CHAT SMS REMCTRL SMS REMCTRL SDS Admin SDS Admin NCD Mirroring NCD Mirroring EMCSYMAPIPORT EMCSYMAPIPORT Banyan-Net Banyan-Net Supermon Supermon SSO Service SSO Service SSO Control SSO Control Axapta Object Communication Protocol Axapta Object Communication Protocol Raven1 Raven1 Raven2 HPSTGMGR2 HPSTGMGR2 Inova IP Disco [trojan] The Prayer [trojan] The Prayer Inova IP Disco PN REQUESTER PN REQUESTER PN REQUESTER 2 PN REQUESTER 2 Scan & Change Scan & Change wkars wkars Smart Diagnose Smart Diagnose Proactive Server Proactive Server WatchDog NT WatchDog NT qotps qotps MSOLAP PTP2 MSOLAP PTP2 TAMS

2726 udp 2727 tcp Call Agent 2727 udp Call Agent 2728 tcp 2728 udp 2729 tcp 2729 udp 2730 tcp 2730 udp 2731 tcp 2731 udp 2732 tcp 2732 udp 2733 tcp 2733 udp 2734 tcp 2734 udp 2735 tcp 2735 udp 2736 tcp 2736 udp 2737 tcp 2737 udp 2738 tcp 2738 udp 2739 tcp 2739 udp 2740 tcp 2740 udp 2741 tcp 2741 udp 2742 tcp 2742 udp 2743 tcp 2743 udp 2744 tcp 2744 udp 2745 tcp 2745 udp 2746 tcp 2746 udp 2747 tcp 2747 udp 2748 tcp 2748 udp 2749 tcp 2749 udp 2750 tcp

tams TAMS mgcp-callagent Media Gateway Control Protocol mgcp-callagent Media Gateway Control Protocol

sqdr SQDR sqdr SQDR tcim-control TCIM Control tcim-control TCIM Control nec-raidplus NEC RaidPlus nec-raidplus NEC RaidPlus netdragon-msngr NetDragon Messanger netdragon-msngr NetDragon Messanger g5m G5M g5m G5M signet-ctf Signet CTF signet-ctf Signet CTF ccs-software CCS Software ccs-software CCS Software netiq-mc NetIQ Monitor Console netiq-mc NetIQ Monitor Console radwiz-nms-srv RADWIZ NMS SRV radwiz-nms-srv RADWIZ NMS SRV srp-feedback SRP Feedback srp-feedback SRP Feedback ndl-tcp-ois-gw NDL TCP-OSI Gateway ndl-tcp-ois-gw NDL TCP-OSI Gateway tn-timing TN Timing tn-timing TN Timing alarm Alarm alarm Alarm tsb TSB tsb TSB tsb2 TSB2 tsb2 TSB2 murx murx murx murx honyaku honyaku honyaku honyaku urbisnet URBISNET urbisnet URBISNET cpudpencap CPUDPENCAP cpudpencap CPUDPENCAP fjippol-swrly fjippol-swrly fjippol-polsvr fjippol-polsvr fjippol-cnsl fjippol-cnsl fjippol-port1

2750 udp 2751 tcp 2751 udp 2752 tcp 2752 udp 2753 tcp 2753 udp 2754 tcp 2754 udp 2755 tcp 2755 udp 2756 tcp 2756 udp 2757 tcp 2757 udp 2758 tcp 2758 udp 2759 tcp 2759 udp 2760 tcp 2760 udp 2761 tcp 2761 udp 2762 tcp 2762 udp 2763 tcp 2763 udp 2764 tcp 2764 udp 2765 tcp 2765 udp 2766 tcp 2766 tcp 2766 tcp 2766 udp 2767 tcp 2767 udp 2768 tcp 2768 udp 2769 tcp 2769 udp 2770 tcp 2770 udp 2771 tcp 2771 udp 2772 tcp 2772 udp 2773 tcp 2773 tcp 2773 tcp

fjippol-port1 fjippol-port2 fjippol-port2 rsisysaccess RSISYS ACCESS rsisysaccess RSISYS ACCESS de-spot de-spot de-spot de-spot apollo-cc APOLLO CC apollo-cc APOLLO CC expresspay Express Pay expresspay Express Pay simplement-tie simplement-tie simplement-tie simplement-tie cnrp CNRP cnrp CNRP apollo-status APOLLO Status apollo-status APOLLO Status apollo-gms APOLLO GMS apollo-gms APOLLO GMS sabams Saba MS sabams Saba MS dicom-iscl DICOM ISCL dicom-iscl DICOM ISCL dicom-tls DICOM TLS dicom-tls DICOM TLS desktop-dna Desktop DNA desktop-dna Desktop DNA data-insurance Data Insurance data-insurance Data Insurance qip-audup qip-audup qip-audup qip-audup compaq-scp Compaq SCP listen System V listener port nlps Solaris Print Services compaq-scp Compaq SCP uadtc UADTC uadtc UADTC uacs UACS uacs UACS singlept-mvs Single Point MVS singlept-mvs Single Point MVS veronica Veronica veronica Veronica vergencecm Vergence CM vergencecm Vergence CM auris auris auris auris pcbakcup1 PC Backup SubSeven2.1Gold [trojan] SubSeven 2.1 Gold SubSeven [trojan] SubSeven

2773 tcp 2773 udp 2774 tcp 2774 tcp 2774 tcp 2774 udp 2775 tcp 2775 udp 2776 tcp 2776 udp 2777 tcp 2777 udp 2778 tcp 2778 udp 2779 tcp 2779 udp 2780 tcp 2780 udp 2781 tcp 2781 udp 2782 tcp 2782 udp 2783 tcp 2783 udp 2784 tcp 2784 udp 2785 tcp 2785 udp 2786 tcp 2786 udp 2787 tcp 2787 udp 2788 tcp Software 2788 udp Software 2789 tcp 2789 udp 2790 tcp 2790 udp 2791 tcp 2791 udp 2792 tcp 2792 udp 2793 tcp 2793 udp 2794 tcp 2794 udp 2795 tcp 2795 udp

SubSeven [trojan] SubSeven pcbakcup1 PC Backup pcbakcup2 PC Backup SubSeven2.1Gold [trojan] SubSeven 2.1 Gold SubSeven [trojan] SubSeven pcbakcup2 PC Backup smpp SMMP smpp SMMP ridgeway1 Ridgeway Systems & Software ridgeway1 Ridgeway Systems & Software ridgeway2 Ridgeway Systems & Software ridgeway2 Ridgeway Systems & Software gwen-sonya Gwen-Sonya gwen-sonya Gwen-Sonya lbc-sync LBC Sync lbc-sync LBC Sync lbc-control LBC Control lbc-control LBC Control whosells ResolveNet IOM whosells whosells ResolveNet IOM whosells everydayrc everydayrc everydayrc everydayrc aises AISES aises AISES www-dev world wide web - development www-dev world wide web - development aic-np aic-np aic-np aic-np aic-oncrpc aic-oncrpc - Destiny MCD database aic-oncrpc aic-oncrpc - Destiny MCD database piccolo piccolo - Cornerstone Software piccolo piccolo - Cornerstone Software fryeserv NetWare Loadable Module - Seagate fryeserv media-agent media-agent plgproxy plgproxy mtport-regist mtport-regist f5-globalsite f5-globalsite initlsmsad initlsmsad aaftp aaftp livestats livestats NetWare Loadable Module - Seagate Media Agent Media Agent PLG Proxy PLG Proxy MT Port Registrator MT Port Registrator f5-globalsite f5-globalsite initlsmsad initlsmsad aaftp aaftp LiveStats LiveStats

2796 tcp 2796 udp 2797 tcp 2797 udp 2798 tcp 2798 udp 2799 tcp 2799 udp 2800 tcp 2800 udp 2801 tcp 2801 tcp 2801 tcp 2801 udp 2802 tcp 2802 udp 2803 tcp 2803 udp 2804 tcp 2804 udp 2805 tcp 2805 udp 2806 tcp 2806 udp 2807 tcp 2807 udp 2808 tcp 2808 udp 2809 tcp 2809 udp 2810 tcp 2810 udp 2811 tcp 2811 udp 2812 tcp 2812 udp 2813 tcp 2813 udp 2814 tcp 2814 udp 2815 tcp 2815 udp 2816 tcp 2816 udp 2817 tcp 2817 udp 2818 tcp 2818 udp 2819 tcp 2819 udp

ac-tech ac-tech ac-tech ac-tech esp-encap esp-encap esp-encap esp-encap tmesis-upshot TMESIS-UPShot tmesis-upshot TMESIS-UPShot icon-discover ICON Discover icon-discover ICON Discover acc-raid ACC RAID acc-raid ACC RAID igcp IGCP PhineasPhucker [trojan] Phineas Phucker PhineasPhucker [trojan] Phineas Phucker igcp IGCP veritas-tcp1 Veritas TCP1 veritas-udp1 Veritas UDP1 btprjctrl btprjctrl btprjctrl btprjctrl telexis-vtu Telexis VTU telexis-vtu Telexis VTU wta-wsp-s WTA WSP-S wta-wsp-s WTA WSP-S cspuni cspuni cspuni cspuni cspmulti cspmulti cspmulti cspmulti j-lan-p J-LAN-P j-lan-p J-LAN-P corbaloc CORBA LOC corbaloc CORBA LOC netsteward Active Net Steward netsteward Active Net Steward gsiftp GSI FTP gsiftp GSI FTP atmtcp atmtcp atmtcp atmtcp llm-pass llm-pass llm-pass llm-pass llm-csv llm-csv llm-csv llm-csv lbc-measure LBC Measurement lbc-measure LBC Measurement lbc-watchdog LBC Watchdog lbc-watchdog LBC Watchdog nmsigport NMSig Port nmsigport NMSig Port rmlnk rmlnk rmlnk rmlnk fc-faultnotify FC Fault Notification fc-faultnotify FC Fault Notification

2820 2820 2821 2821 2822 2822 2823 2823 2824 2824 2826 2826 2827 2827 2828 2828 2829 2829 2830 2830 2831 2831 2832 2832 2833 2833 2834 2834 2835 2835 2836 2836 2837 2837 2838 2838 2839 2839 2840 2840 2841 2841 2842 2842 2843 2843 2844 2844 2845 2845

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

univision UniVision univision UniVision vml-dms vml_dms vml-dms vml_dms ka0wuc ka0wuc ka0wuc ka0wuc cqg-netlan CQG Net LAN cqg-netlan CQG Net LAN cqg-netlan-1 CQG Net LAN 1 cqg-netlan-1 CQG Net Lan 1 slc-systemlog slc systemlog slc-systemlog slc systemlog slc-ctrlrloops slc ctrlrloops slc-ctrlrloops slc ctrlrloops itm-lm ITM License Manager itm-lm ITM License Manager silkp1 silkp1 silkp1 silkp1 silkp2 silkp2 silkp2 silkp2 silkp3 silkp3 silkp3 silkp3 silkp4 silkp4 silkp4 silkp4 glishd glishd glishd glishd evtp EVTP evtp EVTP evtp-data EVTP-DATA evtp-data EVTP-DATA catalyst catalyst catalyst catalyst repliweb Repliweb repliweb Repliweb starbot Starbot starbot Starbot nmsigport NMSigPort nmsigport NMSigPort l3-exprt l3-exprt l3-exprt l3-exprt l3-ranger l3-ranger l3-ranger l3-ranger l3-hawk l3-hawk l3-hawk l3-hawk pdnet PDnet pdnet PDnet bpcp-poll BPCP POLL bpcp-poll BPCP POLL bpcp-trap BPCP TRAP bpcp-trap BPCP TRAP

2846 2846 2847 2847 2848 2848 2849 2849 2850 2850 2851 2851 2852 2852 2853 2853 2854 2854 2856 2856 2857 2857 2858 2858 2859 2859 2860 2860 2861 2861 2862 2862 2863 2863 2864 2864 2865 2865 2866 2866 2867 2867 2868 2868 2869 2869 2870 2870 2871 2871

tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

aimpp-hello AIMPP Hello aimpp-hello AIMPP Hello aimpp-port-req AIMPP Port Req aimpp-port-req AIMPP Port Req amt-blc-port AMT-BLC-PORT amt-blc-port AMT-BLC-PORT fxp FXP fxp FXP metaconsole MetaConsole metaconsole MetaConsole webemshttp webemshttp webemshttp webemshttp bears-01 bears-01 bears-01 bears-01 ispipes ISPipes ispipes ISPipes infomover InfoMover infomover InfoMover cesdinv cesdinv cesdinv cesdinv simctlp SimCtIP simctlp SimCtIP ecnp ECNP ecnp ECNP activememory Active Memory activememory Active Memory dialpad-voice1 Dialpad Voice 1 dialpad-voice1 Dialpad Voice 1 dialpad-voice2 Dialpad Voice 2 dialpad-voice2 Dialpad Voice 2 ttg-protocol TTG Protocol ttg-protocol TTG Protocol sonardata Sonar Data sonardata Sonar Data astromed-main main 5001 cmd astromed-main main 5001 cmd pit-vpn pit-vpn pit-vpn pit-vpn lwlistener lwlistener lwlistener lwlistener esps-portal esps-portal esps-portal esps-portal npep-messaging NPEP Messaging npep-messaging NPEP Messaging icslap ICSLAP icslap ICSLAP daishi daishi daishi daishi msi-selectplay MSI Select Play msi-selectplay MSI Select Play

2872 tcp contract CONTRACT 2872 udp contract CONTRACT 2873 tcp paspar2-zoomin PASPAR2 ZoomIn 2873 udp paspar2-zoomin PASPAR2 ZoomIn 2874 tcp dxmessagebase1 dxmessagebase1 2874 udp dxmessagebase1 dxmessagebase1 2875 tcp dxmessagebase2 dxmessagebase2 2875 udp dxmessagebase2 dxmessagebase2 2876 tcp sps-tunnel SPS Tunnel 2876 udp sps-tunnel SPS Tunnel 2877 tcp bluelance BLUELANCE 2877 udp bluelance BLUELANCE 2878 tcp aap AAP 2878 udp aap AAP 2879 tcp ucentric-ds ucentric-ds 2879 udp ucentric-ds ucentric-ds 2880 tcp synapse synapse 2880 udp synapse synapse 2881 tcp ndsp NDSP 2881 udp ndsp NDSP 2882 tcp ndtp NDTP 2882 udp ndtp NDTP 2883 tcp ndnp NDNP 2883 udp ndnp NDNP 2884 tcp flashmsg Flash Msg 2884 udp flashmsg Flash Msg 2885 tcp topflow TopFlow 2885 udp topflow TopFlow 2886 tcp responselogic RESPONSELOGIC 2886 udp responselogic RESPONSELOGIC 2887 tcp aironetddp aironet 2887 udp aironetddp aironet 2888 tcp spcsdlobby SPCSDLOBBY 2888 udp spcsdlobby SPCSDLOBBY 2889 tcp rsom RSOM 2889 udp rsom RSOM 2890 tcp cspclmulti CSPCLMULTI 2890 udp cspclmulti CSPCLMULTI 2891 tcp cinegrfx-elmd CINEGRFX-ELMD License Manager 2891 udp cinegrfx-elmd CINEGRFX-ELMD License Manager 2892 tcp snifferdata SNIFFERDATA 2892 udp snifferdata SNIFFERDATA 2893 tcp vseconnector VSECONNECTOR 2893 udp vseconnector VSECONNECTOR 2894 tcp abacus-remote ABACUS-REMOTE 2894 udp abacus-remote ABACUS-REMOTE 2895 tcp natuslink NATUS LINK 2895 udp natuslink NATUS LINK 2896 tcp ecovisiong6-1 ECOVISIONG6-1

2896 2897 2897 2898 2898 2899 2899 2900 2900 2901 2901 2902 2902 2903 2903 2904 2904 2905 2905 2906 2906 2907 2907 2908 2908 2909 2909 2910 2910 2911 2911 2912 2912 2913 2913 2914 2914 2915 2915 2916 2916 2917 2917 2918 2918 2919 2919 2920 2920 2921

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

ecovisiong6-1 ECOVISIONG6-1 citrix-rtmp Citrix RTMP citrix-rtmp Citrix RTMP appliance-cfg APPLIANCE-CFG appliance-cfg APPLIANCE-CFG powergemplus POWERGEMPLUS powergemplus POWERGEMPLUS quicksuite QUICKSUITE quicksuite QUICKSUITE allstorcns ALLSTORCNS allstorcns ALLSTORCNS netaspi NET ASPI netaspi NET ASPI suitcase SUITCASE suitcase SUITCASE m2ua M2UA m2ua M2UA m3ua M3UA m3ua M3UA caller9 CALLER9 caller9 CALLER9 webmethods-b2b WEBMETHODS B2B webmethods-b2b WEBMETHODS B2B mao mao mao mao funk-dialout Funk Dialout funk-dialout Funk Dialout tdaccess TDAccess tdaccess TDAccess blockade Blockade blockade Blockade epicon Epicon epicon Epicon boosterware Booster Ware boosterware Booster Ware gamelobby Game Lobby gamelobby Game Lobby tksocket TK Socket tksocket TK Socket elvin_server Elvin Server elvin_server Elvin Server elvin_client Elvin Client elvin_client Elvin Client kastenchasepad Kasten Chase Pad kastenchasepad Kasten Chase Pad roboer ROBOER roboer ROBOER roboeda ROBOEDA roboeda ROBOEDA cesdcdman CESD Contents Delivery Management

2921 udp cesdcdman CESD Contents Delivery Management 2922 tcp cesdcdtrn CESD Contents Delivery Data Transfer 2922 udp cesdcdtrn CESD Contents Delivery Data Transfer 2923 tcp wta-wsp-wtp-s WTA-WSP-WTP-S 2923 udp wta-wsp-wtp-s WTA-WSP-WTP-S 2924 tcp precise-vip PRECISE-VIP 2924 udp precise-vip PRECISE-VIP 2926 tcp mobile-file-dl MOBILE-FILE-DL 2926 udp mobile-file-dl MOBILE-FILE-DL 2927 tcp unimobilectrl UNIMOBILECTRL 2927 udp unimobilectrl UNIMOBILECTRL 2928 tcp redstone-cpss REDSTONE-CPSS 2928 udp redstone-cpss REDSONTE-CPSS 2929 tcp Konik [trojan] Konik 2929 tcp panja-webadmin PANJA-WEBADMIN 2929 udp panja-webadmin PANJA-WEBADMIN 2930 tcp panja-weblinx PANJA-WEBLINX 2930 udp panja-weblinx PANJA-WEBLINX 2931 tcp circle-x Circle-X 2931 udp circle-x Circle-X 2932 tcp incp INCP 2932 udp incp INCP 2933 tcp 4-tieropmgw 4-TIER OPM GW 2933 udp 4-tieropmgw 4-TIER OPM GW 2934 tcp 4-tieropmcli 4-TIER OPM CLI 2934 udp 4-tieropmcli 4-TIER OPM CLI 2935 tcp qtp QTP 2935 udp qtp QTP 2936 tcp otpatch OTPatch 2936 udp otpatch OTPatch 2937 tcp pnaconsult-lm PNACONSULT-LM 2937 udp pnaconsult-lm PNACONSULT-LM 2938 tcp sm-pas-1 SM-PAS-1 2938 udp sm-pas-1 SM-PAS-1 2939 tcp sm-pas-2 SM-PAS-2 2939 udp sm-pas-2 SM-PAS-2 2940 tcp sm-pas-3 SM-PAS-3 2940 udp sm-pas-3 SM-PAS-3 2941 tcp sm-pas-4 SM-PAS-4 2941 udp sm-pas-4 SM-PAS-4 2942 tcp sm-pas-5 SM-PAS-5 2942 udp sm-pas-5 SM-PAS-5 2943 tcp ttnrepository TTNRepository 2943 udp ttnrepository TTNRepository 2944 tcp megaco-h248 Megaco H-248 2944 udp megaco-h248 Megaco H-248 2945 tcp h248-binary H248 Binary 2945 udp h248-binary H248 Binary 2946 tcp fjsvmpor FJSVmpor

2946 2947 2947 2948 2948 2949 2949 2950 2950 2951 2951 2952 2952 2953 2953 2954 2954 2955 2955 2956 2956 2957 2957 2958 2958 2959 2959 2960 2960 2961 2961 2962 2962 2963 2963 2964 2964 2965 2965 2966 2966 2967 2967 2968 2968 2969 2969 2970 2970 2971

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

fjsvmpor FJSVmpor gpsd GPSD gpsd GPSD wap-push WAP PUSH wap-push WAP PUSH wap-pushsecure WAP PUSH SECURE wap-pushsecure WAP PUSH SECURE esip ESIP esip ESIP ottp OTTP ottp OTTP mpfwsas MPFWSAS mpfwsas MPFWSAS ovalarmsrv OVALARMSRV ovalarmsrv OVALARMSRV ovalarmsrv-cmd OVALARMSRV-CMD ovalarmsrv-cmd OVALARMSRV-CMD csnotify CSNOTIFY csnotify CSNOTIFY ovrimosdbman OVRIMOSDBMAN ovrimosdbman OVRIMOSDBMAN jmact5 JAMCT5 jmact5 JAMCT5 jmact6 JAMCT6 jmact6 JAMCT6 rmopagt RMOPAGT rmopagt RMOPAGT dfoxserver DFOXSERVER dfoxserver DFOXSERVER boldsoft-lm BOLDSOFT-LM boldsoft-lm BOLDSOFT-LM iph-policy-cli IPH-POLICY-CLI iph-policy-cli IPH-POLICY-CLI iph-policy-adm IPH-POLICY-ADM iph-policy-adm IPH-POLICY-ADM bullant-srap BULLANT SRAP bullant-srap BULLANT SRAP bullant-rap BULLANT RAP bullant-rap BULLANT RAP idp-infotrieve IDP-INFOTRIEVE idp-infotrieve IDP-INFOTRIEVE ssc-agent SSC-AGENT ssc-agent SSC-AGENT enpp ENPP enpp ENPP essp ESSP essp ESSP index-net INDEX-NET index-net INDEX-NET netclip Net Clip

2971 udp 2972 tcp 2972 udp 2973 tcp 2973 udp 2974 tcp 2974 udp 2975 tcp Service 2975 udp Service 2976 tcp 2976 udp 2977 tcp NS 2977 udp NS 2978 tcp DS 2978 udp DS 2979 tcp 2979 udp 2980 tcp 2980 udp 2981 tcp 2981 udp 2982 tcp 2982 udp 2983 tcp 2983 udp 2984 tcp 2984 udp 2985 tcp 2985 udp 2986 tcp 2986 udp 2987 tcp 2987 udp 2988 tcp 2988 udp 2989 tcp 2989 udp 2989 udp Tool - RAT 2989 udp 2990 tcp 2990 udp 2991 tcp 2991 udp

netclip Net Clip pmsm-webrctl PMSM Webrctl pmsm-webrctl PMSM Webrctl svnetworks SV Networks svnetworks SV Networks signal Signal signal Signal fjmpcm Fujitsu Configuration Management fjmpcm cns-srv-port cns-srv-port ttc-etap-ns ttc-etap-ns ttc-etap-ds ttc-etap-ds h263-video h263-video wimd wimd mylxamport mylxamport iwb-whiteboard iwb-whiteboard netplan netplan hpidsadmin hpidsadmin hpidsagent hpidsagnet stonefalls stonefalls identify identify classify classify zarkov RAT RAT zarkov boscap boscap wkstn-mon wkstn-mon Fujitsu Configuration Management CNS Server Port CNS Server Port TTCs Enterprise Test Access Protocol TTCs Enterprise Test Access Protocol TTCs Enterprise Test Access Protocol TTCs Enterprise Test Access Protocol H.263 Video Streaming H.263 Video Streaming Instant Messaging Service Instant Messaging Service MYLXAMPORT MYLXAMPORT IWB-WHITEBOARD IWB-WHITEBOARD NETPLAN NETPLAN HPIDSADMIN HPIDSADMIN HPIDSAGENT HPIDSAGENT STONEFALLS STONEFALLS ResolveNet IOM IDENTIFY ResolveNet IOM IDENTIFY ResolveNet IOM CLASSIFY ResolveNet IOM CLASSIFY ZARKOV [trojan] RAT [trojan] Remote Administration ZARKOV BOSCAP BOSCAP WKSTN-MON WKSTN-MON

2992 tcp itb301 ITB301 2992 udp itb301 ITB301 2993 tcp veritas-vis1 VERITAS VIS1 2993 udp veritas-vis1 VERITAS VIS1 2994 tcp veritas-vis2 VERITAS VIS2 2994 udp veritas-vis2 VERITAS VIS2 2995 tcp idrs IDRS 2995 udp idrs IDRS 2996 tcp vsixml vsixml 2996 udp vsixml vsixml 2997 tcp rebol REBOL 2997 udp rebol REBOL 2998 tcp realsecure Real Secure sensor 2998 udp realsecure Real Secure 2999 tcp remoteware-un RemoteWare Unassigned 2999 udp remoteware-un RemoteWare Unassigned 3000 tcp hbci HBCI 3000 tcp InetSpy [trojan] InetSpy 3000 tcp ppp User-level ppp daemon 3000 tcp RemoteShut [trojan] Remote Shut 3000 tcp RemoteShut [trojan] Remote Shut 3000 tcp remoteware-cl RemoteWare Client 3000 udp hbci HBCI 3000 udp remoteware-cl RemoteWare Client 3001 tcp nessusd Nessus Security Scanner (www.nessus.org) Daemon 3001 tcp redwood-broker Redwood Broker 3001 udp redwood-broker Redwood Broker 3002 tcp exlm-agent EXLM Agent 3002 tcp remoteware-srv RemoteWare Server 3002 udp exlm-agent EXLM Agent 3002 udp remoteware-srv RemoteWare Server 3003 tcp cgms CGMS 3003 udp cgms CGMS 3004 tcp csoftragent Csoft Agent 3004 udp csoftragent Csoft Agent 3005 tcp deslogin encrypted symmetric telnet login 3005 tcp geniuslm Genius License Manager 3005 udp geniuslm Genius License Manager 3006 tcp deslogind 3006 tcp ii-admin Instant Internet Admin 3006 udp ii-admin Instant Internet Admin 3007 tcp lotusmtap Lotus Mail Tracking Agent Protocol 3007 udp lotusmtap Lotus Mail Tracking Agent Protocol 3008 tcp midnight-tech Midnight Technologies 3008 udp midnight-tech Midnight Technologies 3009 tcp pxc-ntfy PXC-NTFY 3009 udp pxc-ntfy PXC-NTFY 3010 tcp gw Telerate Workstation 3010 udp ping-pong Telerate Workstation

3010 tcp port 3011 tcp 3011 udp 3012 tcp 3012 udp 3013 tcp 3013 udp 3014 tcp 3014 udp 3015 tcp 3015 udp 3016 tcp 3016 udp 3017 tcp 3017 udp 3018 tcp 3018 udp 3019 tcp 3019 udp 3020 tcp 3020 udp 3021 tcp 3021 udp 3022 tcp 3022 udp 3023 tcp 3023 udp 3024 tcp 3024 tcp 3024 tcp 3024 udp 3025 tcp 3025 udp 3026 tcp 3026 udp 3027 tcp 3027 udp 3028 tcp 3028 udp 3029 tcp 3029 udp 3030 tcp 3030 udp 3031 tcp 3031 tcp 3031 udp 3032 tcp 3032 udp 3033 tcp

blazix-adm

Blazix

webserver

administration

trusted-web Trusted Web trusted-web Trusted Web twsdss Trusted Web Client twsdss Trusted Web Client gilatskysurfer Gilat Sky Surfer gilatskysurfer Gilat Sky Surfer broker_service Broker Service broker_service Broker Service nati-dstp NATI DSTP nati-dstp NATI DSTP notify_srvr Notify Server notify_srvr Notify Server event_listener Event Listener event_listener Event Listener srvc_registry Service Registry srvc_registry Service Registry resource_mgr Resource Manager resource_mgr Resource Manager cifs CIFS cifs CIFS agriserver AGRI Server agriserver AGRI Server csregagent CSREGAGENT csregagent CSREGAGENT magicnotes magicnotes magicnotes magicnotes nds_sso NDS_SSO WinCrash [trojan] WinCrash WinCrash [trojan] WinCrash nds_sso NDS_SSO arepa-raft Arepa Raft arepa-raft Arepa Raft agri-gateway AGRI Gateway agri-gateway AGRI Gateway LiebDevMgmt_C LiebDevMgmt_C LiebDevMgmt_C LiebDevMgmt_C LiebDevMgmt_DM LiebDevMgmt_DM LiebDevMgmt_DM LiebDevMgmt_DM LiebDevMgmt_A LiebDevMgmt_A LiebDevMgmt_A LiebDevMgmt_A arepa-cas Arepa Cas arepa-cas Arepa Cas agentvu AgentVU Microspy [trojan] Microspy agentvu AgentVU redwood-chat Redwood Chat redwood-chat Redwood Chat pdb PDB

3033 3034 3034 3035 3035 3036 3036 3037 3037 3038 3038 3039 3039 3040 3040 3041 3041 3042 3042 3043 3043 3044 3044 3045 3045 3046 3046 3047 3047 3048 3048 3049 3049 3049 3049 3050 3050 3051 3051 3052 3052 3053 3053 3054 3054 3055 3055 3056 3056 3057

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

pdb PDB osmosis-aeea Osmosis AEEA osmosis-aeea Osmosis AEEA fjsv-gssagt FJSV gssagt fjsv-gssagt FJSV gssagt hagel-dump Hagel DUMP hagel-dump Hagel DUMP hp-san-mgmt HP SAN Mgmt hp-san-mgmt HP SAN Mgmt santak-ups Santak UPS santak-ups Santak UPS cogitate Cogitate Inc. cogitate Cogitate Inc. tomato-springs Tomato Springs tomato-springs Tomato Springs di-traceware di-traceware di-traceware di-traceware journee journee journee journee brp BRP brp BRP epp EndPoint Protocol epp EndPoint Protocol responsenet ResponseNet responsenet ResponseNet di-ase di-ase di-ase di-ase hlserver Fast Security HL Server hlserver Fast Security HL Server pctrader Sierra Net PC Trader pctrader Sierra Net PC Trader cfs cryptographic file system (uses nfs) nsws NSWS cfs cryptographic file system (uses nfs) nsws NSWS gds_db gds_db gds_db gds_db galaxy-server Galaxy Server galaxy-server Galaxy Server apcpcns APCPCNS apcpcns APCPCNS dsom-server dsom-server dsom-server dsom-server amt-cnf-prot AMT CNF PROT amt-cnf-prot AMT CNF PROT policyserver Policy Server policyserver Policy Server cdl-server CDL Server cdl-server CDL Server goahead-fldup GoAhead FldUp

3057 udp goahead-fldup GoAhead FldUp 3058 tcp videobeans videobeans 3058 udp videobeans videobeans 3059 tcp qsoft qsoft 3060 tcp interserver interserver 3060 udp interserver interserver 3061 tcp cautcpd cautcpd 3061 udp cautcpd cautcpd 3062 tcp ncacn-ip-tcp ncacn-ip-tcp 3062 udp ncacn-ip-tcp ncacn-ip-tcp 3063 tcp ncadg-ip-udp ncadg-ip-udp 3063 udp ncadg-ip-udp ncadg-ip-udp 3064 tcp distrib-net-proxy Stupid closed source distributed.net project proxy port 3064 tcp rprt Remote Port Redirector 3064 udp rprt Remote Port Redirector 3065 tcp slinterbase slinterbase 3065 udp slinterbase slinterbase 3066 tcp netattachsdmp NETATTACHSDMP 3066 udp netattachsdmp NETATTACHSDMP 3067 tcp fjhpjp FJHPJP 3067 udp fjhpjp FJHPJP 3068 tcp ls3bcast ls3 Broadcast 3068 udp ls3bcast ls3 Broadcast 3069 tcp ls3 ls3 3069 udp ls3 ls3 3070 tcp mgxswitch MGXSWITCH 3070 udp mgxswitch MGXSWITCH 3071 tcp csd-mgmt-port ContinuStor Manager Port 3071 udp csd-mgmt-port ContinuStor Manager Port 3072 tcp csd-monitor ContinuStor Monitor Port 3072 udp csd-monitor ContinuStor Monitor Port 3073 tcp vcrp Very simple chatroom prot 3073 udp vcrp Very simple chatroom prot 3074 tcp xbox-live XBox LIVE service 3075 tcp orbix-locator Orbix 2000 Locator 3075 udp orbix-locator Orbix 2000 Locator 3076 tcp orbix-config Orbix 2000 Config 3076 udp orbix-config Orbix 2000 Config 3077 tcp orbix-loc-ssl Orbix 2000 Locator SSL 3078 tcp orbix-cfg-ssl Orbix 2000 Locator SSL 3079 tcp lv-frontpanel LV Front Panel 3079 udp lv-frontpanel LV Front Panel 3080 tcp stm_pproc stm_pproc 3080 udp stm_pproc stm_pproc 3081 tcp tl1-lv TL1-LV 3081 udp tl1-lv TL1-LV 3082 tcp tl1-raw TL1-RAW 3082 udp tl1-raw TL1-RAW 3083 tcp tl1-telnet TL1-TELNET

3083 3084 3084 3085 3085 3086 3086 3086 3087 3087 3088 3088 3089 3089 3090 3090 3092 3092 3093 3093 3094 3094 3095 3095 3096 3096 3097 3098 3098 3099 3099 3100 3100 3101 3101 3102 3102 3103 3103 3104 3104 3105 3105 3106 3106 3107 3107 3108 3108 3109

udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp sctp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

tl1-telnet TL1-TELNET itm-mccs ITM-MCCS itm-mccs ITM-MCCS pcihreq PCIHReq pcihreq PCIHReq jdl-dbkitchen JDL-DBKitchen sj3 SJ3 (kanji input) jdl-dbkitchen JDL-DBKitchen asoki-sma Asoki SMA asoki-sma Asoki SMA xdtp eXtensible Data Transfer Protocol xdtp eXtensible Data Transfer Protocol ptk-alink ParaTek Agent Linking ptk-alink ParaTek Agent Linking rtss Rappore Session Services rtss Rappore Session Services njfss Netware sync services njfss Netware sync services rapidmq-center Jiiva RapidMQ Center rapidmq-center Jiiva RapidMQ Center rapidmq-reg Jiiva RapidMQ Registry rapidmq-reg Jiiva RapidMQ Registry panasas Panasas rendevous port panasas Panasas rendevous port ndl-aps Active Print Server Port ndl-aps Active Print Server Port ituq2150-3-stc ITU Q.2150.3 STC umm-port Universal Message Manager umm-port Universal Message Manager chmd CHIPSY Machine Daemon chmd CHIPSY Machine Daemon opcon-xps OpCon xps opcon-xps OpCon xps hp-pxpib HP PolicyXpert PIB Server hp-pxpib HP PolicyXpert PIB Server slslavemon SoftlinK Slave Mon Port slslavemon SoftlinK Slave Mon Port autocuesmi Autocue SMI Protocol autocuesmi Autocue SMI Protocol autocuelog Autocue Logger Protocol autocuetime Autocue Time Service cardbox Cardbox cardbox Cardbox cardbox-http Cardbox HTTP cardbox-http Cardbox HTTP rdi-business RDI Business protocol rdi-business RDI Business protocol rdi-geolocate RDI Geolocate protocol rdi-geolocate RDI Geolocate protocol rdi-personnel RDI Personnel protocol

3109 udp rdi-personnel RDI Personnel protocol 3110 tcp sim-control simulator control port 3110 udp sim-control simulator control port 3111 tcp wsynch Web Synchronous Services 3111 udp wsynch Web Synchronous Services 3128 tcp ReverseWWWTunnel [trojan] Reverse WWW Tunnel Backdoor 3128 tcp RingZero [trojan] RingZero 3128 tcp RingZero [trojan] RingZero 3128 tcp squid-http 3129 tcp MastersParadise [trojan] Masters Paradise 3129 tcp MastersParadise [trojan] Masters Paradise 3130 tcp icpv2 ICPv2 3130 udp icpv2 ICPv2 3130 udp squid-ipc 3131 tcp netbookmark Net Book Mark 3131 tcp SubSARI [trojan] SubSARI 3131 udp netbookmark Net Book Mark 3141 tcp vmodem 3141 udp vmodem 3142 tcp rdc-wh-eos RDC WH EOS 3142 udp rdc-wh-eos RDC WH EOS 3143 tcp seaview Sea View 3143 udp seaview Sea View 3144 tcp tarantella Tarantella 3144 udp tarantella Tarantella 3145 tcp csi-lfap CSI-LFAP 3145 udp csi-lfap CSI-LFAP 3147 tcp rfio RFIO 3147 udp rfio RFIO 3148 tcp nm-game-admin NetMike Game Administrator 3148 udp nm-game-admin NetMike Game Administrator 3149 tcp nm-game-server NetMike Game Server 3149 udp nm-game-server NetMike Game Server 3150 tcp Foreplay [trojan] Foreplay 3150 tcp Foreplay [trojan] Foreplay or Reduced Foreplay 3150 tcp MiniBacklash [trojan] Mini Backlash 3150 tcp nm-asses-admin NetMike Assessor Administrator 3150 tcp TheInvasor [trojan] The Invasor 3150 udp DeepThroat [trojan] Deep Throat 3150 udp DeepThroat [trojan] Deep Throat 3150 udp nm-asses-admin NetMike Assessor Administrator 3151 tcp nm-assessor NetMike Assessor 3151 udp nm-assessor NetMike Assessor 3180 tcp mc-brk-srv Millicent Broker Server 3180 udp mc-brk-srv Millicent Broker Server 3181 tcp bmcpatrolagent BMC Patrol Agent 3181 udp bmcpatrolagent BMC Patrol Agent 3182 tcp bmcpatrolrnvu BMC Patrol Rendezvous

3182 udp 3200 tcp 3201 tcp 3201 udp 3262 tcp 3262 udp 3264 tcp 3264 udp 3265 tcp 3265 udp 3266 tcp 3266 udp 3267 tcp 3267 udp 3268 tcp 3268 udp 3269 tcp SSL 3270 tcp 3270 udp 3271 tcp 3271 udp 3272 tcp 3272 udp 3273 tcp 3273 udp 3274 tcp 3274 udp 3275 tcp 3275 udp 3276 tcp 3276 udp 3277 tcp 3277 udp 3278 tcp 3278 udp 3279 tcp 3279 udp 3280 tcp 3280 udp 3281 tcp 3281 udp 3282 tcp 3282 udp 3283 tcp 3283 udp 3284 tcp 3284 udp 3285 tcp 3285 udp

bmcpatrolrnvu BMC Patrol Rendezvous sap-app SAP R/3 application server cpq-tasksmart CPQ-TaskSmart cpq-tasksmart CPQ-TaskSmart necp NECP necp NECP ccmail cc:mail lotus ccmail cc:mail lotus altav-tunnel Altav Tunnel altav-tunnel Altav Tunnel ns-cfg-server NS CFG Server ns-cfg-server NS CFG Server ibm-dial-out IBM Dial Out ibm-dial-out IBM Dial Out msft-gc Microsoft Global Catalog msft-gc Microsoft Global Catalog msft-gc-ssl Microsoft Global Catalog with LDAP verismart verismart csoft-prev csoft-prev user-manager user-manager sxmp sxmp ordinox-server ordinox-server samd samd maxim-asics maxim-asics awg-proxy awg-proxy lkcmserver lkcmserver admind admind vs-server vs-server sysopt sysopt datusorb datusorb net-assistant net-assistant 4talk 4talk plato plato Verismart Verismart CSoft Prev Port CSoft Prev Port Fujitsu User Manager Fujitsu User Manager Simple Extensible Multiplexed Protocol Simple Extensible Multiplexed Protocol Ordinox Server Ordinox Server SAMD SAMD Maxim ASICs Maxim ASICs AWG Proxy AWG Proxy LKCM Server LKCM Server admind admind VS Server VS Server SYSOPT SYSOPT Datusorb Datusorb Net Assistant Net Assistant 4Talk 4Talk Plato Plato

3286 tcp 3286 udp 3287 tcp 3287 udp 3288 tcp 3288 udp 3289 tcp 3289 udp 3290 tcp 3290 udp 3291 tcp 3291 udp 3292 tcp 3292 udp 3293 tcp 3293 udp 3294 tcp 3294 udp 3295 tcp 3295 udp 3296 tcp 3296 udp 3297 tcp 3297 udp 3298 tcp 3298 udp 3299 tcp 3299 udp 3300 tcp 3302 tcp 3302 udp 3303 tcp 3303 udp 3304 tcp 3304 udp 3305 tcp 3305 udp 3306 tcp 3306 udp 3307 tcp 3307 udp 3308 tcp 3308 udp 3309 tcp 3309 udp 3310 tcp 3310 udp 3311 tcp 3311 udp 3312 tcp

e-net e-net directvdata directvdata cops cops enpc enpc caps-lm caps-lm sah-lm sah-lm cart-o-rama cart-o-rama fg-fps fg-fps fg-gip fg-gip dyniplookup dyniplookup rib-slm rib-slm cytel-lm cytel-lm transview transview pdrncs pdrncs sap-gw mcs-fastmail mcs-fastmail opsession-clnt opsession-clnt opsession-srvr opsession-srvr odette-ftp odette-ftp mysql mysql opsession-prxy opsession-prxy tns-server tns-server tns-adv tns-adv dyna-access dyna-access mcns-tel-ret mcns-tel-ret appman-server

E-Net E-Net DIRECTVDATA DIRECTVDATA COPS COPS ENPC ENPC CAPS LOGISTICS TOOLKIT - LM CAPS LOGISTICS TOOLKIT - LM S A Holditch & Associates - LM S A Holditch & Associates - LM Cart O Rama Cart O Rama fg-fps fg-fps fg-gip fg-gip Dynamic IP Lookup Dynamic IP Lookup Rib License Manager Rib License Manager Cytel License Manager Cytel License Manager Transview Transview pdrncs pdrncs SAP Gateway Server MCS Fastmail MCS Fastmail OP Session Client OP Session Client OP Session Server OP Session Server ODETTE-FTP ODETTE-FTP MySQL MySQL OP Session Proxy OP Session Proxy TNS Server TNS Server TNS ADV TND ADV Dyna Access Dyna Access MCNS Tel Ret MCNS Tel Ret Application Management Server

3312 udp 3313 tcp 3313 udp 3314 tcp 3314 udp 3315 tcp 3315 udp 3316 tcp 3316 udp 3317 tcp 3317 udp 3318 tcp Protocol 3318 udp Protocol 3319 tcp 3319 udp 3320 tcp 3320 udp 3321 tcp 3321 udp 3322 tcp 3323 udp 3324 tcp 3325 udp 3326 tcp 3326 udp 3327 tcp 3327 udp 3328 tcp 3328 udp 3329 tcp 3329 udp 3330 tcp 3330 udp 3331 tcp 3331 udp 3332 tcp 3332 udp 3333 tcp 3333 udp 3334 tcp 3334 udp 3335 tcp 3335 udp 3336 tcp 3336 udp 3337 tcp 3337 udp 3338 tcp

appman-server uorb uorb uohost uohost cdid cdid aicc-cmi aicc-cmi vsaiport vsaiport ssrip ssrip

Application Management Server Unify Object Broker Unify Object Broker Unify Object Host Unify Object Host CDID CDID AICC CMI AICC CMI VSAI PORT VSAI PORT Swith to Swith Routing Information Swith to Swith Routing Information

sdt-lmd SDT License Manager sdt-lmd SDT License Manager officelink2000 Office Link 2000 officelink2000 Office Link 2000 vnsstr VNSSTR vnsstr VNSSTR active-net Active Networks active-net Active Networks active-net Active Networks active-net Active Networks sftu SFTU sftu SFTU bbars BBARS bbars BBARS egptlm Eaglepoint License Manager egptlm Eaglepoint License Manager hp-device-disc HP Device Disc hp-device-disc HP Device Disc mcs-calypsoicf MCS Calypso ICF mcs-calypsoicf MCS Calypso ICF mcs-messaging MCS Messaging mcs-messaging MCS Messaging mcs-mailsvr MCS Mail Server mcs-mailsvr MCS Mail Server dec-notes DEC Notes dec-notes DEC Notes directv-web Direct TV Webcasting directv-web Direct TV Webcasting directv-soft Direct TV Software Updates directv-soft Direct TV Software Updates directv-tick Direct TV Tickers directv-tick Direct TV Tickers directv-catlg Direct TV Data Catalog directv-catlg Direct TV Data Catalog anet-b OMF data b

3338 3339 3339 3340 3340 3341 3341 3342 3342 3343 3343 3344 3344 3345 3345 3346 3346 3347 3347 3348 3348 3349 3349 3350 3350 3351 3351 3352 3352 3353 3353 3354 3354 3355 3355 3356 3356 3357 3357 3358 3358 3359 3359 3360 3360 3361 3361 3362 3362 3363

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

anet-b anet-l anet-l anet-m anet-m anet-h anet-h webtie webtie ms-cluster-net ms-cluster-net bnt-manager bnt-manager influence influence trnsprntproxy trnsprntproxy phoenix-rpc phoenix-rpc pangolin-laser pangolin-laser chevinservices chevinservices findviatv findviatv btrieve btrieve ssql ssql fatpipe fatpipe suitjd suitjd ordinox-dbase ordinox-dbase upnotifyps upnotifyps adtech-test adtech-test mpsysrmsvr mpsysrmsvr wg-netforce wg-netforce kv-server kv-server kv-agent kv-agent dj-ilm dj-ilm nati-vi-server

OMF data b OMF data l OMF data l OMF data m OMF data m OMF data h OMF data h WebTIE WebTIE MS Cluster Net MS Cluster Net BNT Manager BNT Manager Influence Influence Trnsprnt Proxy Trnsprnt Proxy Phoenix RPC Phoenix RPC Pangolin Laser Pangolin Laser Chevin Services Chevin Services FINDVIATV FINDVIATV BTRIEVE BTRIEVE SSQL SSQL FATPIPE FATPIPE SUITJD SUITJD Ordinox Dbase Ordinox Dbase UPNOTIFYPS UPNOTIFYPS Adtech Test IP Adtech Test IP Mp Sys Rmsvr Mp Sys Rmsvr WG NetForce WG NetForce KV Server KV Server KV Agent KV Agent DJ ILM DJ ILM NATI Vi Server

3363 udp 3364 tcp 3364 udp 3365 tcp 3365 udp 3366 tcp 3366 udp 3367 ? 3368 ? 3369 ? 3370 ? 3371 ? 3372 tcp 3372 udp 3373 tcp 3373 udp 3374 tcp 3374 udp 3375 tcp 3375 udp 3376 tcp 3376 udp 3377 tcp 3377 udp 3378 tcp 3378 udp 3379 tcp 3379 udp 3380 tcp 3380 udp 3381 tcp 3381 udp 3382 tcp function 3382 udp function 3383 tcp Manager 3383 udp Manager 3384 tcp 3384 udp 3385 tcp 3385 udp 3386 tcp 3386 udp 3387 tcp 3387 udp 3388 tcp 3388 udp

nati-vi-server NATI Vi Server creativeserver Creative Server creativeserver Creative Server contentserver Content Server contentserver Content Server creativepartnr Creative Partner creativepartnr Creative Partner satvid-datalnk Video Data Link satvid-datalnk Video Data Link satvid-datalnk Video Data Link satvid-datalnk Video Data Link satvid-datalnk Video Data Link tip2 TIP 2 tip2 TIP 2 lavenir-lm Lavenir License Manager lavenir-lm Lavenir License Manager cluster-disc Cluster Disc cluster-disc Cluster Disc vsnm-agent VSNM Agent vsnm-agent VSNM Agent cdborker CD Broker cdbroker CD Broker cogsys-lm Cogsys Network License Manager cogsys-lm Cogsys Network License Manager wsicopy WSICOPY wsicopy WSICOPY socorfs SOCORFS socorfs SOCORFS sns-channels SNS Channels sns-channels SNS Channels geneous Geneous geneous Geneous fujitsu-neat Fujitsu Network Enhanced Antitheft fujitsu-neat esp-lm esp-lm hp-clic hp-clic qnxnetman qnxnetman gprs-data gprs-sig backroomnet backroomnet cbserver cbserver Fujitsu Network Enhanced Antitheft Enterprise Software Products License Enterprise Software Products License Cluster Management Services Hardware Management qnxnetman qnxnetman GPRS Data GPRS SIG Back Room Net Back Room Net CB Server CB Server

3389 tcp 3389 udp 3390 tcp 3390 udp 3391 tcp 3391 udp 3392 tcp 3392 udp 3393 tcp 3393 udp 3394 tcp 3394 udp 3395 tcp 3395 udp 3396 tcp 3396 udp 3397 tcp 3397 udp 3398 tcp 3398 udp 3399 tcp 3399 udp 3400 tcp 3400 udp 3401 tcp 3401 udp 3421 tcp 3421 udp 3454 tcp 3455 tcp 3455 udp 3456 tcp 3456 tcp 3456 tcp 3456 udp 3457 tcp 3457 udp 3458 tcp 3458 udp 3459 tcp 3459 tcp 3459 tcp 3459 tcp 3459 udp 3460 tcp 3460 udp 3461 tcp 3461 udp 3462 tcp 3462 tcp

ms-term-services MS Terminal Services ms-term-services MS Terminal Services dsc Distributed Service Coordinator dsc Distributed Service Coordinator savant SAVANT savant SAVANT efi-lm EFI License Management efi-lm EFI License Management d2k-tapestry1 D2K Tapestry Client to Server d2k-tapestry1 D2K Tapestry Client to Server d2k-tapestry2 D2K Tapestry Server to Server d2k-tapestry2 D2K Tapestry Server to Server dyna-lm Dyna License Manager (Elam) dyna-lm Dyna License Manager (Elam) printer_agent Printer Agent printer_agent Printer Agent cloanto-lm Cloanto License Manager cloanto-lm Cloanto License Manager mercantile Mercantile mercantile Mercantile csms CSMS csms CSMS csms2 CSMS2 csms2 CSMS2 filecast filecast filecast filecast bmap Bull Apprise portmapper bmap Bull Apprise portmapper mira Apple Remote Access Protocol prsvp RSVP Port prsvp RSVP Port Terrortrojan [trojan] Terror trojan Terrortrojan [trojan] Terror trojan vat VAT default data vat VAT default data vat-control VAT default control vat-control VAT default control d3winosfi D3WinOsfi d3winosfi DsWinOSFI Eclipse2000 [trojan] Eclipse 2000 Eclipse2000 [trojan] Eclipse 2000 integral TIP Integral Sanctuary [trojan] Sanctuary integral TIP Integral edm-manager EDM Manger edm-manager EDM Manger edm-stager EDM Stager edm-stager EDM Stager edm-std-notify EDM STD Notify track software distribution

3462 udp edm-std-notify EDM STD Notify 3463 tcp edm-adm-notify EDM ADM Notify 3463 udp edm-adm-notify EDM ADM Notify 3464 tcp edm-mgr-sync EDM MGR Sync 3464 udp edm-mgr-sync EDM MGR Sync 3465 tcp edm-mgr-cntrl EDM MGR Cntrl 3465 udp edm-mgr-cntrl EDM MGR Cntrl 3466 tcp workflow WORKFLOW 3466 udp workflow WORKFLOW 3467 tcp rcst RCST 3467 udp rcst RCST 3468 tcp ttcmremotectrl TTCM Remote Controll 3468 udp ttcmremotectrl TTCM Remote Controll 3469 tcp pluribus Pluribus 3469 udp pluribus Pluribus 3470 tcp jt400 jt400 3470 udp jt400 jt400 3471 tcp jt400-ssl jt400-ssl 3527 udp ms-mmq Microsoft Message Que 3535 tcp ms-la MS-LA 3535 udp ms-la MS-LA 3563 tcp watcomdebug Watcom Debug 3563 udp watcomdebug Watcom Debug 3600 tcp sap-msg SAP R/3 Message Server 3603 tcp polycom-vvws Polycom ViaVideo video conferencing web interface 3672 tcp harlequinorb harlequinorb 3672 udp harlequinorb harlequinorb 3700 tcp PortalofDoom [trojan] Portal of Doom 3700 tcp PortalofDoom [trojan] Portal of Doom 3709 tcp ca-idms CA-IDMS Server 3709 udp ca-idms CA-IDMS Server 3777 tcp PsychWard [trojan] PsychWard 3782 tcp rwbs Roger Wilco voice chat server 3783 udp rwbs Roger Wilco voice chat server 3783 tcp game-voice-chat GameSpy Arcade voice chat 3791 tcp Eclypse [trojan] Eclypse 3791 tcp TotalSolarEclypse [trojan] Total Solar Eclypse 3801 tcp TotalSolarEclypse [trojan] Total Solar Eclypse 3801 tcp TotalSolarEclypse [trojan] Total Solar Eclypse 3801 udp Eclypse [trojan] Eclypse 3802 tcp vhd VHD 3802 udp vhd VHD 3845 tcp v-one-spp V-ONE Single Port Proxy 3845 udp v-one-spp V-ONE Single Port Proxy 3862 tcp giga-pocket GIGA-POCKET 3862 udp giga-pocket GIGA-POCKET 3875 tcp pnbscada PNBSCADA 3875 udp pnbscada PNBSCADA 3900 tcp udt_os Unidata UDT OS

3900 udp 3984 tcp 3984 udp 3985 tcp 3985 udp 3986 tcp 3986 udp 3987 tcp 3987 udp 4000 tcp 4000 udp 4000 tcp 4000 udp 4000 tcp Backdoor 4000 tcp 4001 tcp 4001 udp 4002 tcp 4002 udp 4003 tcp 4003 udp 4004 tcp 4004 udp 4005 tcp 4005 udp 4006 tcp 4006 udp 4007 tcp 4007 udp 4008 tcp 4008 udp 4009 tcp 4009 udp 4010 tcp 4010 udp 4011 tcp 4011 udp 4012 tcp 4012 udp 4013 tcp 4013 udp 4014 tcp 4014 udp 4015 tcp 4015 udp 4016 tcp 4016 udp 4017 tcp 4017 udp

udt_os Unidata UDT OS mapper-nodemgr MAPPER network node manager mapper-nodemgr MAPPER network node manager mapper-mapethd MAPPER TCP IP server mapper-mapethd MAPPER TCP IP server mapper-ws_ethd MAPPER workstation server mapper-ws_ethd MAPPER workstation server centerline Centerline centerline Centerline terabase Terabase terabase Terabase circlemud CircleMUD default server port icq ICQ server port Connect-BackBackdoor [trojan] Connect-Back SkyDance newoak newoak pxc-spvr-ft pxc-spvr-ft pxc-splr-ft pxc-splr-ft pxc-roid pxc-roid pxc-pin pxc-pin pxc-spvr pxc-spvr pxc-splr pxc-splr netcheque netcheque chimera-hwm chimera-hwm samsung-unidex samsung-unidex altserviceboot altserviceboot pda-gate pda-gate acl-manager acl-manager taiclock taiclock talarian-mcast1 talarian-mcast1 talarian-mcast2 talarian-mcast2 talarian-mcast3 talarian-mcast3 [trojan] SkyDance NewOak NewOak pxc-spvr-ft pxc-spvr-ft pxc-splr-ft pxc-splr-ft pxc-roid pxc-roid pxc-pin pxc-pin pxc-spvr pxc-spvr pxc-splr pxc-splr NetCheque accounting NetCheque accounting Chimera HWM Chimera HWM Samsung Unidex Samsung Unidex Alternate Service Boot Alternate Service Boot PDA Gate PDA Gate ACL Manager ACL Manager TAICLOCK TAICLOCK Talarian Mcast Talarian Mcast Talarian Mcast Talarian Mcast Talarian Mcast Talarian Mcast

4018 tcp 4018 udp 4019 tcp 4019 udp 4040 tcp 4042 tcp 4042 udp 4045 tcp 4045 udp 4092 tcp 4092 tcp 4096 tcp 4096 udp 4097 tcp 4097 udp 4098 tcp 4098 udp 4099 tcp 4099 udp 4132 tcp 4132 udp 4133 tcp 4133 udp 4134 tcp 4134 udp 4141 tcp 4141 udp 4142 tcp 4142 udp 4143 tcp 4143 udp 4144 tcp 4160 tcp 4160 udp 4199 tcp 4199 udp 4200 vrml 4201 tcp 4201 vrml 4202 vrml 4203 vrml 4204 vrml 4205 vrml 4206 vrml 4207 vrml 4208 vrml 4209 vrml 4210 vrml 4211 vrml 4212 vrml

talarian-mcast4 Talarian Mcast talarian-mcast4 Talarian Mcast talarian-mcast5 Talarian Mcast talarian-mcast5 Talarian Mcast CIPHERim CIPHERim client ldxp LDXP ldxp LDXP lockd lockd NFS lock daemon manager WinCrash [trojan] WinCrash WinCrash [trojan] WinCrash bre BRE (Bridge Relay Element) bre BRE (Bridge Relay Element) patrolview Patrol View patrolview Patrol View drmsfsd drmsfsd drmsfsd drmsfsd dpcp DPCP dpcp DPCP nuts_dem NUTS Daemon nuts_dem NUTS Daemon nuts_bootp NUTS Bootp Server nuts_bootp NUTS Bootp Server nifty-hmi NIFTY-Serve HMI protocol nifty-hmi NIFTY-Serve HMI protocol oirtgsvc Workflow Server oirtgsvc Workflow Server oidocsvc Document Server oidocsvc Document Server oidsr Document Replication oidsr Document Replication wincim pc windows compuserve.com protocol jini-discovery Jini Discovery jini-discovery Jini Discovery eims-admin EIMS ADMIN eims-admin EIMS ADMIN vrml-multi-use Multi User Systems Wartrojan [trojan] War trojan vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems

4213 vrml vrml-multi-use Multi User Systems 4214 vrml vrml-multi-use Multi User Systems 4215 vrml vrml-multi-use Multi User Systems 4216 vrml vrml-multi-use Multi User Systems 4217 vrml vrml-multi-use Multi User Systems 4218 vrml vrml-multi-use Multi User Systems 4219 vrml vrml-multi-use Multi User Systems 4220 vrml vrml-multi-use Multi User Systems 4221 vrml vrml-multi-use Multi User Systems 4222 vrml vrml-multi-use Multi User Systems 4223 vrml vrml-multi-use Multi User Systems 4224 vrml vrml-multi-use Multi User Systems 4225 vrml vrml-multi-use Multi User Systems 4226 vrml vrml-multi-use Multi User Systems 4227 vrml vrml-multi-use Multi User Systems 4228 vrml vrml-multi-use Multi User Systems 4229 vrml vrml-multi-use Multi User Systems 4230 vrml vrml-multi-use Multi User Systems 4231 vrml vrml-multi-use Multi User Systems 4232 vrml vrml-multi-use Multi User Systems 4233 vrml vrml-multi-use Multi User Systems 4234 vrml vrml-multi-use Multi User Systems 4235 vrml vrml-multi-use Multi User Systems 4236 vrml vrml-multi-use Multi User Systems 4237 vrml vrml-multi-use Multi User Systems 4238 vrml vrml-multi-use Multi User Systems 4239 vrml vrml-multi-use Multi User Systems 4240 vrml vrml-multi-use Multi User Systems 4241 vrml vrml-multi-use Multi User Systems 4242 tcp VirtualHackingMachine [trojan] Virtual Machine - VHM 4242 tcp VirtualHackingMachine [trojan] Virtual Machine - VHM 4242 vrml vrml-multi-use Multi User Systems 4243 vrml vrml-multi-use Multi User Systems 4244 vrml vrml-multi-use Multi User Systems 4245 vrml vrml-multi-use Multi User Systems 4246 vrml vrml-multi-use Multi User Systems 4247 vrml vrml-multi-use Multi User Systems 4248 vrml vrml-multi-use Multi User Systems 4249 vrml vrml-multi-use Multi User Systems 4250 vrml vrml-multi-use Multi User Systems 4251 vrml vrml-multi-use Multi User Systems 4252 vrml vrml-multi-use Multi User Systems 4253 vrml vrml-multi-use Multi User Systems 4254 vrml vrml-multi-use Multi User Systems 4255 vrml vrml-multi-use Multi User Systems 4256 vrml vrml-multi-use Multi User Systems 4257 vrml vrml-multi-use Multi User Systems 4258 vrml vrml-multi-use Multi User Systems

Hacking Hacking

4259 vrml 4260 vrml 4261 vrml 4262 vrml 4263 vrml 4264 vrml 4265 vrml 4266 vrml 4267 vrml 4268 vrml 4269 vrml 4270 vrml 4271 vrml 4272 vrml 4273 vrml 4274 vrml 4275 vrml 4276 vrml 4277 vrml 4278 vrml 4279 vrml 4280 vrml 4281 vrml 4282 vrml 4283 vrml 4284 vrml 4285 vrml 4286 vrml 4287 vrml 4288 vrml 4289 vrml 4290 vrml 4291 vrml 4292 vrml 4293 vrml 4294 vrml 4295 vrml 4296 vrml 4297 vrml 4298 vrml 4299 vrml 4300 tcp 4300 udp 4321 tcp 4321 tcp 4321 tcp 4321 udp 4329 tcp 4333 tcp 4343 tcp

vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems vrml-multi-use Multi User Systems corelccam Corel CCam corelccam Corel CCam BoBo [trojan] BoBo BoBo [trojan] BoBo rwhois Remote Who Is rwhois Remote Who Is iMesh iMesh File sharing app msql mini-sql server unicall

4343 udp 4344 tcp 4344 udp 4345 tcp 4345 udp 4346 tcp 4346 udp 4347 tcp 4347 udp 4348 tcp 4348 udp 4349 tcp 4349 udp 4350 tcp 4350 udp 4351 tcp 4351 udp 4353 tcp 4353 udp 4442 tcp 4442 udp 4443 tcp 4443 udp 4444 tcp 4444 tcp 4444 tcp 4444 tcp 4444 tcp 4444 tcp 4444 udp 4444 udp 4445 tcp 4445 udp 4446 tcp 4446 udp 4447 tcp 4447 udp 4448 tcp 4448 udp 4449 tcp 4449 udp 4450 tcp 4450 udp 4451 tcp 4451 udp 4452 tcp 4452 udp 4453 tcp 4453 udp 4454 tcp

unicall vinainstall VinaInstall vinainstall VinaInstall m4-network-as Macro 4 Network AS m4-network-as Macro 4 Network AS elanlm ELAN LM elanlm ELAN LM lansurveyor LAN Surveyor lansurveyor LAN Surveyor itose ITOSE itose ITOSE fsportmap File System Port Map fsportmap File System Port Map net-device Net Device net-device Net Device plcy-net-svcs PLCY Net Services plcy-net-svcs PLCY Net Services f5-iquery F5 iQuery f5-iquery F5 iQuery saris Saris saris Saris pharos Pharos pharos Pharos CrackDown [trojan] CrackDown krb524 KRB524 nv-video NV Video default Prosiak [trojan] Prosiak Prosiak [trojan] Prosiak SwiftRemote [trojan] Swift Remote krb524 nv-video NV Video default upnotifyp UPNOTIFYP upnotifyp UPNOTIFYP n1-fwp N1-FWP n1-fwp N1-FWP n1-rmgmt N1-RMGMT n1-rmgmt N1-RMGMT asc-slmd ASC Licence Manager asc-slmd ASC Licence Manager privatewire PrivateWire privatewire PrivateWire camp Camp camp Camp ctisystemmsg CTI System Msg ctisystemmsg CTI System Msg ctiprogramload CTI Program Load ctiprogramload CTI Program Load nssalertmgr NSS Alert Manager nssalertmgr NSS Alert Manager nssagentmgr NSS Agent Manager

4454 udp 4455 tcp 4455 udp 4456 tcp 4456 udp 4457 tcp 4457 udp 4480 tcp 4488 tcp 4500 tcp 4500 udp 4501 tcp 4501 udp 4523 tcp 4545 tcp 4545 tcp 4545 udp 4546 tcp 4546 udp 4547 tcp 4547 udp 4555 tcp 4555 udp 4557 tcp 4559 tcp 4567 tcp 4567 tcp 4567 tcp 4567 udp 4568 tcp 4568 udp 4590 tcp 4590 tcp 4600 tcp 4600 udp 4601 tcp 4601 udp 4653 tcp 4661 tcp 4662 tcp 4662 tcp Port 4663 tcp Client 4665 udp Default Port 4666 tcp 4672 tcp 4672 udp 4800 tcp

nssagentmgr NSS Agent Manager prchat-user PR Chat User prchat-user PR Chat User prchat-server PR Chat Server prchat-server PR Chat Server prRegister PR Register prRegister PR Register proxyplus ProxyPlus proxy EventHorizon [trojan] Event Horizon sae-urn sae-urn urn-x-cdchoice urn-x-cdchoice urn-x-cdchoice urn-x-cdchoice Celine [trojan] Celine InternalRevise [trojan] Internal Revise worldscores WorldScores worldscores WorldScores sf-lm SF License Manager (Sentinel) sf-lm SF License Manager (Sentinel) lanner-lm Lanner License Manager lanner-lm Lanner License Manager rsip RSIP Port rsip RSIP Port fax FlexFax FAX transmission service hylafax HylaFAX client-server protocol FileNail [trojan] File Nail FileNail [trojan] File Nail tram TRAM tram TRAM bmc-reporting BMC Reporting bmc-reporting BMC Reporting ICQTrojan [trojan] ICQ Trojan ICQTrojan [trojan] ICQ Trojan piranha1 Piranha1 piranha1 Piranha1 piranha2 Piranha2 piranha2 Piranha2 Cero [trojan] Cero eDonkey2000 eDonkey2000 Server Default Port eDonkey2000 eDonkey2000 Server Default Port overnet Overnet P2P Server Default eDonkey2000 eDonkey2000 Mneah rfa rfa iims eDonkey2000 Command Line

eDonkey2000 Server

Messaging

[trojan] Mneah remote file access server remote file access server Icona Instant Messenging System

4800 4801 4801 4802 4802 4827 4827 4837 4837 4838 4838 4839 4868 4868 4869 4869 4885 4885 4899 4950 4950 4983 4983 4987 4987 4988 4988 5000 5000 5000 5000 5000 5000 5000 5000 5000 5000 5000 5000 5000 5001 5001 5001 5001 5001 5002 5002 5002 5002 5002

udp tcp udp tcp udp tcp udp tcp udp tcp udp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp udp tcp udp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp tcp tcp tcp udp tcp tcp tcp tcp tcp

iims Icona Instant Messenging System iwec Icona Web Embedded Chat iwec Icona Web Embedded Chat ilss Icona License System Server ilss Icona License System Server htcp HTCP htcp HTCP varadero-0 Varadero-0 varadero-0 Varadero-0 varadero-1 Varadero-1 varadero-1 Varadero-1 varadero-2 Varadero-2 phrelay Photon Relay phrelay Photon Relay phrelaydbg Photon Relay Debug phrelaydbg Photon Relay Debug abbs ABBS abbs ABBS radmin Remote Administrator default port ICQTrogenLm [trojan] ICQ Trogen (Lm) ICQTrogen(Lm) [trojan] ICQ Trogen (Lm) att-intercom AT&T Intercom att-intercom AT&T Intercom smar-se-port1 SMAR Ethernet Port 1 smar-se-port1 SMAR Ethernet Port 1 smar-se-port2 SMAR Ethernet Port 2 smar-se-port2 SMAR Ethernet Port 2 BackDoorSetup [trojan] Back Door Setup BackDoorSetup [trojan] Back Door Setup BioNetLite [trojan] BioNet Lite Blazer5 [trojan] Blazer5 Bubbel [trojan] Bubbel commplex-main fics Free Internet Chess Server ICKiller [trojan] ICKiller pitou Pitou P2 CAM Emulator Ra1d [trojan] Ra1d SocketsdesTroie [trojan] Sockets des Troie upnp Universal Plug and Play commplex-main BackDoorSetup [trojan] Back Door Setup BackDoorSetup [trojan] Back Door Setup commplex-link SocketsdesTroie [trojan] Sockets des Troie commplex-link cd00r [trojan] cd00r LinuxRootkitIV(4) [trojan] Linux Rootkit IV (4) rfe Radio Free Ethernet Shaft [trojan] Shaft Shaft [trojan] Shaft

5002 udp 5003 tcp 5003 udp binding 5004 tcp 5004 udp 5005 tcp 5005 tcp 5005 udp 5006 tcp 5006 udp 5007 tcp 5010 tcp 5010 tcp 5010 tcp 5010 tcp 5010 udp 5011 tcp 5011 tcp (OOTLT) 5011 tcp 5011 udp 5020 tcp 5020 udp 5021 tcp 5021 udp 5025 tcp KeyLogger 5025 tcp KeyLogger 5031 tcp 5031 tcp 5032 tcp 5032 tcp 5042 tcp 5042 udp 5050 tcp 5050 udp 5050 tcp port) 5051 tcp 5051 udp 5052 tcp 5052 udp 5055 tcp 5055 udp 5056 tcp 5056 udp 5057 tcp 5057 udp

rfe Radio Free Ethernet fmpro-internal FileMaker Inc. - Proprietary transport fmpro-internal FileMaker Inc. - Proprietary name avt-profile-1 avt-profile-1 avt-profile-1 avt-profile-1 Aladino [trojan] Aladino avt-profile-2 avt-profile-2 avt-profile-2 avt-profile-2 wsm-server wsm server wsm-server wsm server wsm-server-ssl wsm server ssl Solo [trojan] Solo Solo [trojan] Solo telelpathstart yahoo Yahoo! Messenger telelpathstart modified [trojan] modified OneoftheLastTrojans [trojan] One of the Last Trojans telelpathattack telelpathattack zenginkyo-1 zenginkyo-1 zenginkyo-1 zenginkyo-1 zenginkyo-2 zenginkyo-2 zenginkyo-2 zenginkyo-2 WMRemoteKeyLogger WMRemoteKeyLogger

[trojan] WM Remote WM Remote

[trojan]

NetMetropolitan [trojan] Net Metropolitan NetMetropolitan [trojan] Net Metropolitan NetMetropolitan [trojan] Net Metropolitan NetMetropolitan [trojan] Net Metropolitan asnaacceler8db asnaacceler8db asnaacceler8db asnaacceler8db mmcc multimedia conference control tool mmcc multimedia conference control tool yahoo-server Yahoo Messenger Server (default ita-agent ita-agent ita-manager ita-manager unot unot intecom-ps1 intecom-ps1 intecom-ps2 intecom-ps2 ITA Agent ITA Agent ITA Manager ITA Manager UNOT UNOT Intecom PS 1 Intecom PS 1 Intecom PS 2 Intecom PS 2

5060 tcp sip SIP 5060 udp sip SIP 5061 tcp sip-tls SIP-TLS 5061 udp sip-tls SIP-TLS 5066 tcp stanag-5066 STANAG-5066-SUBNET-INTF 5066 udp stanag-5066 STANAG-5066-SUBNET-INTF 5069 tcp i-net-2000-npr I Net 2000-NPR 5069 udp i-net-2000-npr I Net 2000-NPR 5071 tcp powerschool PowerSchool 5071 udp powerschool PowerSchool 5093 tcp sentinel-lm Sentinel LM 5093 udp sentinel-lm Sentinel LM 5099 tcp sentlm-srv2srv SentLM Srv2Srv 5099 udp sentlm-srv2srv SentLM Srv2Srv 5100 tcp cobalt-raq ChiliSoft ASP manager for Cobalt RaQ 5101 tcp yahoo-peer Yahoo Messenger Peer-to-Peer Listener (default port) 5130 udp sgi-dogfight SGI Dogfight demo/game 5131 udp sgi-arena SGI Arena demo/game 5133 udp sgi-bznet SGI BZ demo port 5135 udp sgi-objectserver SGI ObjectServer 5136 udp sgi-directoryserver SGI DirectoryServer 5137 udp sgi-oortnet SGI Oort demo port 5138 udp sgi-vroom-server SGI Vroom demo/game server 5139 udp sgi-vroom-client SGI Vroom demo/game client 5140 udp sgi-mekton SGI Mekton game 5141 udp sgi-mekton SGI Mekton game 5142 udp sgi-mekton SGI Mekton game 5143 udp sgi-mekton SGI Mekton game 5144 udp sgi-mekton SGI Mekton game 5145 tcp rmonitor_secure 5145 udp rmonitor_secure 5145 udp sgi-mekton SGI Mekton game 5146 udp sgi-mekton SGI Mekton game 5147 udp sgi-mekton SGI Mekton game 5150 tcp atmp Ascend Tunnel Management Protocol 5150 udp atmp Ascend Tunnel Management Protocol 5150 udp sgi-pointblank SGI Pointblank game/demo 5151 tcp esri_sde ESRI SDE Instance 5151 udp esri_sde ESRI SDE Remote Start 5152 tcp sde-discovery ESRI SDE Instance Discovery 5152 udp sde-discovery ESRI SDE Instance Discovery 5165 tcp ife_icorp ife_1corp 5165 udp ife_icorp ife_1corp 5190 tcp aim America Online Instant Messenger 5191 tcp aim America Online Instant Messenger 5192 tcp aim America Online Instant Messenger 5193 tcp aim America Online Instant Messenger 5200 tcp targus-getdata TARGUS GetData

5200 udp targus-getdata TARGUS GetData 5201 tcp targus-getdata1 TARGUS GetData 1 5201 udp targus-getdata1 TARGUS GetData 1 5202 tcp targus-getdata2 TARGUS GetData 2 5202 udp targus-getdata2 TARGUS GetData 2 5203 tcp targus-getdata3 TARGUS GetData 3 5203 udp targus-getdata3 TARGUS GetData 3 5232 tcp sgi-dgl SGI Distributed Graphics 5236 tcp padl2sim 5236 udp padl2sim 5272 tcp pk PK 5272 udp pk PK 5300 tcp hacl-hb 5300 udp hacl-hb 5301 tcp hacl-gs 5301 udp hacl-gs 5302 tcp hacl-cfg 5302 udp hacl-cfg 5303 tcp hacl-probe 5303 udp hacl-probe 5304 tcp hacl-local 5304 udp hacl-local 5305 tcp hacl-test 5305 udp hacl-test 5306 tcp sun-mc-grp Sun MC Group 5306 udp sun-mc-grp Sun MC Group 5307 tcp sco-aip SCO AIP 5307 udp sco-aip SCO AIP 5308 tcp cfengine 5308 udp cfengine 5309 tcp jprinter J Printer 5309 udp jprinter J Printer 5310 tcp outlaws Outlaws 5310 udp outlaws Outlaws 5311 tcp tmlogin TM Login 5311 udp tmlogin TM Login 5314 tcp opalis-rbt-ipc opalis-rbt-ipc 5314 udp opalis-rbt-ipc opalis-rbt-ipc 5315 tcp hacl-poll HA Cluster UDP Polling 5315 udp hacl-poll HA Cluster UDP Polling 5321 tcp Firehotcker [trojan] Firehotcker 5321 tcp Firehotcker [trojan] Firehotcker 5333 tcp Backage [trojan] Backage 5333 tcp NetDemon [trojan] NetDemon 5343 tcp WCRat [trojan] wCrat - WC Remote Administration Tool 5343 tcp wCrat [trojan] WC Remote Administration Tool 5400 tcp BackConstruction [trojan] Back Construction 5400 tcp BackConstruction [trojan] Back Construction

5400 5400 5400 5401 5401 5401 5401 5401 5401 5402 5402 5402 5402 5402 5402 5403 5403 5404 5404 5405 5405 5405 5406 5406 5407 5407 5408 5408 5409 5409 5410 5410 5411 5411 5412 5412 5413 5413 5414 5414 5415 5415 5416 5416 5417 5417 5418 5418 5419 5419

tcp tcp udp tcp tcp tcp tcp tcp udp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

BladeRunner [trojan] Blade Runner excerpt Excerpt Search excerpt Excerpt Search BackConstruction [trojan] Back Construction BackConstruction [trojan] Back Construction BladeRunner [trojan] Blade Runner excerpts Excerpt Search Secure Mneah [trojan] Mneah excerpts Excerpt Search Secure BackConstruction [trojan] Back Construction BackConstruction [trojan] Back Construction BladeRunner [trojan] Blade Runner mftp MFTP Mneah [trojan] Mneah mftp MFTP hpoms-ci-lstn HPOMS-CI-LSTN hpoms-ci-lstn HPOMS-CI-LSTN hpoms-dps-lstn HPOMS-DPS-LSTN hpoms-dps-lstn HPOMS-DPS-LSTN netsupport NetSupport netsupport NetSupport PcDuo PcDuo remote control systemics-sox Systemics Sox systemics-sox Systemics Sox foresyte-clear Foresyte-Clear foresyte-clear Foresyte-Clear foresyte-sec Foresyte-Sec foresyte-sec Foresyte-Sec salient-dtasrv Salient Data Server salient-dtasrv Salient Data Server salient-usrmgr Salient User Manager salient-usrmgr Salient User Manager actnet ActNet actnet ActNet continuus Continuus continuus Continuus wwiotalk WWIOTALK wwiotalk WWIOTALK statusd StatusD statusd StatusD ns-server NS Server ns-server NS Server sns-gateway SNS Gateway sns-gateway SNS Gateway sns-agent SNS Agent sns-agent SNS Agent mcntp MCNTP mcntp MCNTP dj-ice DJ-ICE dj-ice DJ-ICE

5420 tcp 5420 udp 5421 tcp 5421 udp 5422 tcp 5422 udp 5423 tcp 5423 udp 5426 tcp 5426 udp 5427 tcp 5427 udp 5428 tcp 5428 udp 5429 tcp 5429 udp Exchange 5430 tcp 5430 udp 5431 tcp 5431 udp 5432 tcp 5434 tcp 5435 tcp (DTTL) 5435 udp (DTTL) 5454 tcp 5454 udp 5455 tcp 5455 udp 5456 tcp 5456 udp 5461 tcp 5461 udp 5462 tcp 5462 udp 5465 tcp 5465 udp 5498 tcp 5499 udp 5500 tcp 5500 tcp 5500 udp 5500 udp 5501 tcp 5501 tcp 5501 udp 5502 tcp 5502 udp

cylink-c cylink-c netsupport2 netsupport2 salient-mux salient-mux virtualuser virtualuser devbasic devbasic sco-peer-tta sco-peer-tta telaconsole telaconsole base base radec-corp radec-corp park-agent park-agnet postgres sgi-arrayd dttl dttl apc-tcp-udp-4 apc-tcp-udp-4 apc-tcp-udp-5 apc-tcp-udp-5 apc-tcp-udp-6 apc-tcp-udp-6 silkmeter silkmeter ttl-publisher ttl-publisher netops-broker netops-broker hotline hotline fcp-addr-srvr1 hotline fcp-addr-srvr1 securid fcp-addr-srvr2 hotline fcp-addr-srvr2 fcp-srvr-inst1 fcp-srvr-inst1

Cylink-C Cylink-C Net Support 2 Net Support 2 Salient MUX Salient MUX VIRTUALUSER VIRTUALUSER DEVBASIC DEVBASIC SCO-PEER-TTA SCO-PEER-TTA TELACONSOLE TELACONSOLE Billing and Accounting System Exchange Billing and Accounting System RADEC CORP RADEC CORP PARK AGENT PARK AGENT postgres database server SGI Array Services Daemon Data Tunneling Transceiver Linking Data Tunneling Transceiver Linking apc-tcp-udp-4 apc-tcp-udp-4 apc-tcp-udp-5 apc-tcp-udp-5 apc-tcp-udp-6 apc-tcp-udp-6 SILKMETER SILKMETER TTL Publisher TTL Publisher NETOPS-BROKER NETOPS-BROKER Hotline Tracker Hotline Server Locator fcp-addr-srvr1 Hotline server fcp-addr-srvr1 SecurID fcp-addr-srvr2 Hotline server fcp-addr-srvr2 fcp-srvr-inst1 fcp-srvr-inst1

5503 5503 5504 5504 5510 5512 5517 5520 5530 5534 5540 5540 5550 5550 5550 5554 5554 5555 5555 5555 5555 5555 5556 5556 5557 5557 5566 5566 5569 5569 5599 5599 5600 5600 5601 5601 5602 5602 5603 5603 5604 5604 5605 5605 5631 5631 5632 5632 5636 5637

tcp udp tcp udp tcp tcp tcp tcp tcp tcp tcp udp tcp tcp tcp tcp udp udp tcp udp udp tcp tcp tcp tcp tcp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp

fcp-srvr-inst2 fcp-srvr-inst2 fcp-srvr-inst2 fcp-srvr-inst2 fcp-cics-gw1 fcp-cics-gw1 fcp-cics-gw1 fcp-cics-gw1 secureidprop ACE Server services IllusionMailer [trojan] Illusion Mailer setiqueue SetiQueue (default port) sdlog ACE Server services sdserv ACE Server services TheFlu [trojan] The Flu sdreport ACE Server services sdxauthd ACE Server services sdadmind ACE Server services Xtcp [trojan] Xtcp Xtcp [trojan] Xtcp sgi-esphttp SGI ESP HTTP sgi-esphttp SGI ESP HTTP rplay personal-agent Personal Agent personal-agent Personal Agent sbm-comm SGI Space Boulders game ServeMe [trojan] ServeMe BOFacil [trojan] BO Facil BOFacil [trojan] BO Facil BOFacil [trojan] BO Facil BOFacil [trojan] BO Facil udpplus UDPPlus udpplus UDPPlus RoboHack [trojan] Robo-Hack Robo-Hack [trojan] Robo-Hack esinstall Enterprise Security Remote Install esinstall Enterprise Security Remote Install esmmanager Enterprise Security Manager esmmanager Enterprise Security Manager esmagent Enterprise Security Agent esmagent Enterprise Security Agent a1-msc A1-MSC a1-msc A1-MSC a1-bs A1-BS a1-bs A1-BS a3-sdunode A3-SDUNode a3-sdunode A3-SDUNode a4-sdunode A4-SDUNode a4-sdunode A4-SDUNode pcanywheredata pcanywheredata pcanywherestat pcanywherestat PCCrasher [trojan] PC Crasher PCCrasher [trojan] PC Crasher

5638 tcp PCCrasher [trojan] PC Crasher 5678 tcp rrac Remote Replication Agent Connection 5678 udp rrac Remote Replication Agent Connection 5679 tcp dccm Direct Cable Connect Manager 5679 udp dccm Direct Cable Connect Manager 5680 tcp canna Canna (Japanese Input) 5713 tcp proshareaudio proshare conf audio 5713 udp proshareaudio proshare conf audio 5714 tcp prosharevideo proshare conf video 5714 udp prosharevideo proshare conf video 5715 tcp prosharedata proshare conf data 5715 udp prosharedata proshare conf data 5716 tcp prosharerequest proshare conf request 5716 udp prosharerequest proshare conf request 5717 tcp prosharenotify proshare conf notify 5717 udp prosharenotify proshare conf notify 5729 tcp openmail Openmail User Agent Layer 5729 udp openmail Openmail User Agent Layer 5730 tcp unieng Steltor's calendar access 5730 udp unieng Steltor's calendar access 5741 tcp ida-discover1 IDA Discover Port 1 5741 udp ida-discover1 IDA Discover Port 1 5742 tcp ida-discover2 IDA Discover Port 2 5742 tcp WinCrash [trojan] WinCrash 5742 tcp WinCrash [trojan] WinCrash 5742 udp ida-discover2 IDA Discover Port 2 5745 tcp fcopy-server fcopy-server 5745 udp fcopy-server fcopy-server 5746 tcp fcopys-server fcopys-server 5746 udp fcopys-server fcopys-server 5755 tcp openmailg OpenMail Desk Gateway server 5755 udp openmailg OpenMail Desk Gateway server 5757 tcp x500ms OpenMail X.500 Directory Server 5757 udp x500ms OpenMail X.500 Directory Server 5760 tcp PortmapRemoteRoot [trojan] Portmap Remote Root Linux Exploit 5760 tcp PRRLE [trojan] Portmap Remote Root Linux Exploit 5766 tcp openmailns OpenMail NewMail Server 5766 udp openmailns OpenMail NewMail Server 5767 tcp s-openmail OpenMail Suer Agent Layer (Secure) 5767 udp s-openmail OpenMail Suer Agent Layer (Secure) 5768 tcp openmailpxy OpenMail CMTS Server 5768 udp openmailpxy OpenMail CMTS Server 5771 tcp netagent NetAgent 5771 udp netagent NetAgent 5800 tcp vnc 5801 tcp vnc 5802 tcp Y3KRAT [trojan] Y3K RAT 5813 tcp icmpd ICMPD

5813 5859 5859 5873 5880 5882 5882 5882 5888 5888 5888 5889 5900 5901 5902 5968 5968 5969 5969 5977 5978 5979 5987 5987 5988 5988 5989 5989 5997 5998 5999 5999 5999 6000 6000 6000 6001 6001 6002 6002 6003 6003 6004 6004 6005 6005 6006 6006 6006 6007

udp tcp udp tcp tcp tcp udp udp tcp tcp udp tcp tcp tcp tcp tcp udp tcp udp tcp tcp tcp tcp udp tcp udp tcp udp tcp tcp tcp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp

icmpd wherehoo wherehoo SubSeven2.2 Y3KRAT Y3KRAT Y3KRAT Y3KRAT Y3KRAT Y3KRAT Y3KRAT Y3KRAT vnc vnc-1 vnc-2 mppolicy-v5 mppolicy-v5 mppolicy-mgr mppolicy-mgr ncd-pref-tcp ncd-diag-tcp ncd-conf-tcp wbem-rmi wbem-rmi wbem-http wbem-http wbem-https wbem-https ncd-pref ncd-diag cvsup ncd-conf cvsup x11 x11 TheThing x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 BadBlood x11

ICMPD WHEREHOO WHEREHOO [trojan] SubSeven 2.2 [trojan] Y3K RAT [trojan] Y3K RAT [trojan] Y3K RAT [trojan] Y3K RAT [trojan] Y3K RAT [trojan] Y3K RAT [trojan] Y3K RAT [trojan] Y3K RAT Virtual Network Computer Virtual Network Computer Display :1 Virtual Network Computer Display :2 mppolicy-v5 mppolicy-v5 mppolicy-mgr mppolicy-mgr NCD preferences tcp port NCD diagnostic tcp port NCD configuration tcp port WBEM RMI WBEM RMI WBEM HTTP WBEM HTTP WBEM HTTPS WBEM HTTPS NCD preferences telnet port NCD diagnostic telnet port CVSup NCD configuration telnet port CVSup X Window System X Window System [trojan] The Thing X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System [trojan] Bad Blood X Window System

6007 udp x11 6008 tcp x11 6008 udp x11 6009 tcp x11 6009 udp x11 6010 tcp x11 6010 udp x11 6011 tcp x11 6011 udp x11 6012 tcp x11 6012 udp x11 6013 tcp x11 6013 udp x11 6014 tcp x11 6014 udp x11 6015 tcp x11 6015 udp x11 6015 tcp sunONE-doc via ASTAWare SearchDisk 6016 tcp x11 6016 udp x11 6016 tcp sunONE-doc via ASTAWare SearchDisk 6017 tcp x11 6017 udp x11 6017 tcp sunONE-doc via ASTAWare SearchDisk 6018 tcp x11 6018 udp x11 6018 tcp sunONE-doc via ASTAWare SearchDisk 6019 tcp x11 6019 udp x11 6020 tcp x11 6020 udp x11 6021 tcp x11 6021 udp x11 6022 tcp x11 6022 udp x11 6023 tcp x11 6023 udp x11 6024 tcp x11 6024 udp x11 6025 tcp x11 6025 udp x11 6026 tcp x11 6026 udp x11 6027 tcp x11 6027 udp x11 6028 tcp x11

X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System Sun ONE Starter Kit documentation X Window System X Window System Sun ONE Starter Kit documentation X Window System X Window System Sun ONE Starter Kit documentation X Window System X Window System Sun ONE Starter Kit documentation X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System

6028 6029 6029 6030 6030 6031 6031 6032 6032 6033 6033 6034 6034 6035 6035 6036 6036 6037 6037 6038 6038 6039 6039 6040 6040 6041 6041 6042 6042 6043 6043 6044 6044 6045 6045 6046 6046 6047 6047 6048 6048 6049 6049 6050 6050 6051 6051 6052 6052 6053

udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp

x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11 x11

X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System X Window System

6053 udp 6054 tcp 6054 udp 6055 tcp 6055 udp 6056 tcp 6056 udp 6057 tcp 6057 udp 6058 tcp 6058 udp 6059 tcp 6059 udp 6060 tcp 6060 udp 6061 tcp 6061 udp 6062 tcp 6062 udp 6063 tcp 6063 udp 6064 tcp 6064 udp 6065 tcp 6065 udp 6066 tcp 6066 udp 6067 tcp 6067 udp 6068 tcp 6068 udp 6069 tcp 6069 udp 6070 tcp 6070 udp 6071 tcp 6071 udp 6072 tcp 6072 udp 6073 tcp 6073 udp 6100 tcp 6100 udp 6101 tcp 6101 udp 6101 tcp 6102 tcp 6102 udp 6102 tcp 6103 tcp

x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System x11 X Window System ndl-ahp-svc NDL-AHP-SVC ndl-ahp-svc NDL-AHP-SVC winpharaoh WinPharaoh winpharaoh WinPharaoh ewctsp EWCTSP ewctsp EWCTSP srb SRB srb SRB gsmp GSMP gsmp GSMP trip TRIP trip TRIP messageasap Messageasap messageasap Messageasap ssdtp SSDTP ssdtp SSDTP diagnose-proc DIAGNOSE-PROC diagmose-proc DIAGNOSE-PROC directplay8 DirectPlay8 directplay8 DirectPlay8 synchronet-db SynchroNet-db synchronet-db SynchroNet-db synchronet-rtc SynchroNet-rtc synchronet-rtc SynchroNet-rtc backupexec Veritas Backup Exec Advertiser synchronet-upd SynchroNet-upd synchronet-upd SynchroNet-upd backupexec Veritas Backup Exec Client rets RETS

6103 udp 6103 tcp 6104 tcp 6104 udp 6105 tcp 6105 udp 6106 tcp 6106 udp 6107 tcp 6107 udp 6108 tcp 6108 udp 6109 tcp 6109 udp 6110 tcp 6110 udp 6111 tcp 6111 udp 6112 tcp 6112 tcp 6112 udp 6112 udp 6123 tcp 6123 udp 6129 tcp 6141 tcp 6141 udp 6142 tcp 6142 udp 6143 tcp 6143 udp 6144 tcp 6144 udp 6145 tcp 6145 udp 6146 tcp 6146 udp 6147 tcp 6147 udp 6148 tcp Manager 6148 udp Manager 6149 tcp 6149 udp 6253 tcp 6253 udp 6257 udp 6272 tcp 6272 tcp

rets RETS backupexec Veritas Backup Exec Remote Agent dbdb DBDB dbdb DBDB primaserver Prima Server primaserver Prima Server mpsserver MPS Server mpsserver MPS Server etc-control ETC Control etc-control ETC Control sercomm-scadmin Sercomm-SCAdmin sercomm-scadmin Sercomm-SCAdmin globecast-id GLOBECAST-ID globecast-id GLOBECAST-ID softcm HP SoftBench CM softcm HP SoftBench CM spc HP SoftBench Sub-Process Control spc HP SoftBench Sub-Process Control dtspc CDE subprocess control fsgs FSGS (game) dtspcd dtspcd fsgs FSGS (game) backup-express Backup Express backup-express Backup Express DameWare DameWare remote control agent meta-corp Meta Corporation License Manager meta-corp Meta Corporation License Manager aspentec-lm Aspen Technology License Manager aspentec-lm Aspen Technology License Manager watershed-lm Watershed License Manager watershed-lm Watershed License Manager statsci1-lm StatSci License Manager - 1 statsci1-lm StatSci License Manager - 1 statsci2-lm StatSci License Manager - 2 statsci2-lm StatSci License Manager - 2 lonewolf-lm Lone Wolf Systems License Manager lonewolf-lm Lone Wolf Systems License Manager montage-lm Montage License Manager montage-lm Montage License Manager ricardo-lm Ricardo North America License ricardo-lm Ricardo North America License

tal-pod tal-pod tal-pod tal-pod crip CRIP crip CRIP WinMX WinMX file sharing app SecretService [trojan] Secret Service SecretService [trojan] Secret Service

6300 tcp 6300 udp 6321 tcp Server 1 6321 udp Server 1 6322 tcp Server 2 6322 udp Server 2 6346 tcp 6346 udp 6347 tcp 6347 udp 6348 tcp 6348 udp 6389 tcp 6389 udp 6400 tcp 6400 tcp 6401 tcp 6402 tcp 6403 tcp 6404 tcp 6405 tcp 6406 tcp 6407 n/a 6408 n/a 6409 n/a 6410 n/a 6455 tcp 6456 tcp 6471 tcp 6471 udp 6499 tcp 6500 tcp 6500 udp 6500 tcp 6501 tcp 6501 udp 6502 tcp 6502 udp 6503 tcp 6503 udp 6505 tcp 6505 udp 6506 tcp 6506 udp 6507 tcp 6507 udp

bmc-grx bmc-grx emp-server1 emp-server1 emp-server2 emp-server2 gnutella gnutella gnutella gnutella gnutella gnutella clariion-evr01 clariion-evr01 info-aps TheThing info-was info-eventsvr info-cachesvr info-filesvr info-pagesvr info-processvr reserved1 reserved2 reserved3 reserved4 skip-cert-recv skip-cert-send lvision-lm lvision-lm is411 boks boks game-query boks_servc boks_servc boks_servm boks_servm boks_clntd boks_clntd badm_priv badm_priv badm_pub badm_pub bdir_priv bdir_priv

BMC GRX BMC GRX Empress Software Connectivity Empress Software Connectivity Empress Software Connectivity Empress Software Connectivity gnutella (bearshare, limewire, etc.) gnutella (bearshare, limewire, etc.) gnutella (bearshare, limewire, etc.) gnutella (bearshare, limewire, etc.) gnutella (bearshare, limewire, etc.) gnutella (bearshare, limewire, etc.) clariion-evr01 clariion-evr01 [trojan] The Thing

SKIP Certificate Receive SKIP Certificate Send LVision License Manager LVision License Manager IS411 BoKS Master BoKS Master GameSpy Arcade query port BoKS Servc BoKS Servc BoKS Servm BoKS Servm BoKS Clntd BoKS Clntd BoKS Admin Private Port BoKS Admin Private Port BoKS Admin Public Port BoKS Admin Public Port BoKS Dir Server Private Port BoKS Dir Server Private Port

6508 tcp 6508 udp 6515 tcp 6515 udp 6547 tcp 6547 udp 6548 tcp 6548 udp 6549 tcp 6549 udp 6550 tcp 6550 udp 6558 tcp 6558 udp 6580 tcp 6580 udp 6581 tcp 6581 udp 6582 tcp 6582 udp 6588 tcp 6661 tcp 6661 tcp 6665 tcp 6666 tcp Inside 6666 tcp 6666 tcp 6666 tcp 6666 tcp 6666 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6667 tcp DefCon 8 6667 tcp 6667 tcp 6667 tcp 6667 tcp 6668 tcp 6668 tcp 6669 tcp 6669 tcp

bdir_pub BoKS Dir Server Public Port bdir_pub BoKS Dir Server Public Port McAfee-http McAfee ASap Virusscan agent game-play GameSpy Arcade game data apc-tcp-udp-1 apc-tcp-udp-1 apc-tcp-udp-1 apc-tcp-udp-1 apc-tcp-udp-2 apc-tcp-udp-2 apc-tcp-udp-2 apc-tcp-udp-2 apc-tcp-udp-3 apc-tcp-udp-3 apc-tcp-udp-3 apc-tcp-udp-3 fg-sysupdate fg-sysupdate fg-sysupdate fg-sysupdate xdsxdm xdsxdm parsec-master Parsec Masterserver parsec-master Parsec Masterserver parsec-peer Parsec Peer-to-Peer parsec-peer Parsec Peer-to-Peer parsec-game Parsec Gameserver parsec-game Parsec Gameserver analogx-proxy AnalogX Proxy Server TEMan [trojan] TEMan Weia-Meia [trojan] Weia-Meia ircu IRCU DarkConnectionInside [trojan] Dark Connection DarkConnection [trojan] Dark Connection irc-serv internet relay chat server ircu IRCU NetBusworm [trojan] NetBus worm TCPShell.c [trojan] TCPShell.c DarkFTP [trojan] Dark FTP EGO [trojan] EGO irc Internet Relay Chat ircu IRCU kaitex Kaitex Trojan Maniacrootkit [trojan] Maniac rootkit Moses [trojan] Moses ScheduleAgent [trojan] ScheduleAgent ScheduleAgent [trojan] ScheduleAgent Subseven2.1.4DefCon8 [trojan] Subseven 2.1.4 SubSeven [trojan] SubSeven TheThing [trojan] The Thing (modified) Trinity [trojan] Trinity WinSatan [trojan] WinSatan irc Internet Relay Chat ircu IRCU HostControl [trojan] Host Control HostControl [trojan] Host Control

6669 6669 6670 6670 6670 6670 6670 6670 6670 6670 6671 6672 6672 6673 6673 6699 6699 6701 6701 6711 6711 6711 6711 6711 6712 6712 6712 6713 6713 6714 6714 6723 6723 6767 6767 6767 6768 6768 6771 6771 6776 6776 6776 6776 6776 6789 6790 6790 6831 6831

tcp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp tcp udp tcp udp tcp tcp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp tcp tcp tcp udp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp udp

ircu IRCU Vampire [trojan] Vampire BackWebServer [trojan] BackWeb Server BackWebServer [trojan] BackWeb Server DeepThroat [trojan] Deep Throat DeepThroat [trojan] DeepThroat Foreplay [trojan] Foreplay vocaltec-gold Vocaltec Global Online Directory WinNukeeXtreame [trojan] WinNuke eXtreame vocaltec-gold Vocaltec Global Online Directory DeepThroat [trojan] DeepThroat v3.1 vision_server vision_server vision_server vision_server vision_elmd vision_elmd vision_elmd vision_elmd napster Napster Music Sharing Client WinMX WinMX file sharing app kti-icad-srvr KTI ICAD Nameserver kti-icad-srvr KTI ICAD Nameserver BackDoorG [trojan] BackDoor-G BackDoor-G [trojan] BackDoor-G SubSARI [trojan] SubSARI SubSeven [trojan] SubSeven VPKiller [trojan] VP Killer Funnytrojan [trojan] Funny trojan Funnytrojan [trojan] Funny trojan SubSeven [trojan] SubSeven SubSeven [trojan] SubSeven SubSeven [trojan] SubSeven ibprotocol Internet Backplane Protocol ibprotocol Internet Backplane Protocol Mstream [trojan] Mstream Mstream [trojan] Mstream bmc-perf-agent BMC PERFORM AGENT UandMe [trojan] UandMe bmc-perf-agent BMC PERFORM AGENT bmc-perf-mgrd BMC PERFORM MGRD bmc-perf-mgrd BMC PERFORM MGRD DeepThroat [trojan] Deep Throat Foreplay [trojan] Foreplay 2000Cracks [trojan] 2000 Cracks 2000Cracks [trojan] 2000 Cracks BackDoor-G [trojan] BackDoor-G SubSeven [trojan] SubSeven VPKiller [trojan] VP Killer ibm-db2-admin dB2 Web Control Center hnmp HNMP hnmp HNMP ambit-lm ambit-lm ambit-lm ambit-lm

6838 6838 6841 6841 6842 6842 6850 6850 6883 (??) 6883 6888 6888 6912 6912 6939 6939 6961 6961 6962 6962 6963 6963 6964 6964 6965 6965 6966 6966 6969 6969 6969 6969 6969 6969 6969 6969 6969 6970 6970 6998 6998 6999 6999 7000 7000 7000 7000 7000 7000

udp Mstream [trojan] Mstream udp Mstream [trojan] Mstream tcp netmo-default Netmo Default udp netmo-default Netmo Default tcp netmo-http Netmo HTTP udp netmo-http Netmo HTTP tcp iccrushmore ICCRUSHMORE udp iccrushmore ICCRUSHMORE tcp DeltaSourceDarkStar [trojan] Delta Source DarkStar tcp tcp udp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp tcp tcp tcp DeltaSourceDarkStar [trojan] Delta Source DarkStar muse MUSE muse MUSE ShitHeep [trojan] Shit Heep ShitHeep [trojan] Shit Heep Indoctrination [trojan] Indoctrination Indoctrination [trojan] Indoctrination jmact3 JMACT3 jmact3 JMACT3 jmevt2 jmevt2 jmevt2 jmevt2 swismgr1 swismgr1 swismgr1 swismgr1 swismgr2 swismgr2 swismgr2 swismgr2 swistrap swistrap swistrap swistrap swispol swispol swispol swispol 2000Cracks [trojan] 2000 Cracks acmsoda Danton [trojan] Danton GateCrasher [trojan] GateCrasher GateCrasher [trojan] GateCrasher IRC3 [trojan] IRC 3 NetController [trojan] Net Controller Priority [trojan] Priority acmsoda GateCrasher [trojan] GateCrasher GateCrasher [trojan] GateCrasher iatp-highpri IATP-highPri iatp-highpri IATP-highPri iatp-normalpri IATP-normalPri iatp-normalpri IATP-normalPri afs3-fileserver file server itself afs3-fileserver file server itself irc2 IRC2 ExploitTranslation [trojan] Exploit Translation Server Kazimas [trojan] Kazimas RemoteGrab [trojan] Remote Grab

7000 7000 7001 7001 7001 7001 7001 7001 7002 7002 7003 7003 7004 7004 7005 7005 7006 7006 7007 7007 7008 7008 7009 7009 7010 7010 7011 7011 7012 7012 7013 7013 7014 7014 7015 7015 7020 7020 7021 7021 7070 7070 7070 7099 7099 7100 7100 7121 7121 7158

tcp tcp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp

SubSeven2.1Gold [trojan] SubSeven 2.1 Gold SubSeven [trojan] SubSeven afs3-callback callbacks to cache managers Freak2k [trojan] Freak2k Freak88 [trojan] Freak88 Freak88 [trojan] Freak88 NetSnooperGold [trojan] NetSnooper Gold afs3-callback callbacks to cache managers afs3-prserver users & groups database afs3-prserver users & groups database afs3-vlserver volume location database afs3-vlserver volume location database afs3-kaserver AFS Kerberos authentication service afs3-kaserver AFS Kerberos authentication service afs3-volser volume managment server afs3-volser volume managment server afs3-errors error interpretation service afs3-errors error interpretation service afs3-bos basic overseer process afs3-bos basic overseer process afs3-update server-to-server updater afs3-update server-to-server updater afs3-rmtsys remote cache manager service afs3-rmtsys remote cache manager service ups-onlinet onlinet uninterruptable power supplies ups-onlinet onlinet uninterruptable power supplies talon-disc Talon Discovery Port talon-disc Talon Discovery Port talon-engine Talon Engine talon-engine Talon Engine microtalon-dis Microtalon Discovery microtalon-dis Microtalon Discovery microtalon-com Microtalon Communications microtalon-com Microtalon Communications talon-webserver Talon Webserver talon-webserver Talon Webserver dpserve DP Serve dpserve DP Serve dpserveadmin DP Serve Admin dpserveadmin DP Serve Admin arcp ARCP arcp ARCP real Real Audio lazy-ptop lazy-ptop lazy-ptop lazy-ptop font-service X Font Service font-service X Font Service virprot-lm Virtual Prototypes License Manager virprot-lm Virtual Prototypes License Manager Lohoboyshik [trojan] Lohoboyshik

7174 tcp 7174 udp 7200 tcp 7200 udp 7201 tcp 7201 udp 7215 tcp 7215 tcp 7215 tcp 7280 tcp 7280 udp 7281 tcp 7281 udp 7300 tcp 7300 tcp 7300 tcp 7300 tcp 7301 tcp 7301 tcp 7301 tcp 7302 tcp 7303 tcp 7304 tcp 7305 tcp 7306 tcp 7306 tcp 7306 tcp 7307 tcp 7307 tcp 7307 tcp Monitor 7307 tcp 7308 tcp 7308 tcp 7308 tcp 7308 tcp 7309 tcp 7310 tcp 7311 tcp 7312 tcp 7313 tcp 7314 tcp 7315 tcp 7316 tcp 7317 tcp 7318 tcp 7319 tcp 7320 tcp 7321 tcp 7322 tcp

clutild Clutild clutild Clutild fodms FODMS FLIP fodms FODMS FLIP dlip dlip SubSeven2.1Gold [trojan] SubSeven 2.1 Gold SubSeven [trojan] SubSeven SubSeven [trojan] SubSeven itactionserver1 ITACTIONSERVER 1 itactionserver1 ITACTIONSERVER 1 itactionserver2 ITACTIONSERVER 2 itactionserver2 ITACTIONSERVER 2 NetMonitor [trojan] NetMonitor NetMonitor [trojan] NetMonitor ODD ODD Packet - Remote Grab swx Swiss Exchange NetMonitor [trojan] NetMonitor NetMonitor [trojan] NetMonitor swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange NetMonitor [trojan] NetMonitor NetMonitor [trojan] NetMonitor swx Swiss Exchange NetMonitor [trojan] NetMonitor NetMonitor [trojan] NetMonitor RemoteProcessMonitor [trojan] Remote Process swx NetMonitor NetMonitor swx XSpy swx swx swx swx swx swx swx swx swx swx swx swx swx swx Swiss Exchange [trojan] NetMonitor [trojan] NetMonitor Swiss Exchange [trojan] X Spy Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange

7323 tcp 7323 tcp 7324 tcp 7325 tcp 7326 tcp 7326 tcp 7327 tcp 7328 tcp 7329 tcp 7330 tcp 7331 tcp 7332 tcp 7333 tcp 7334 tcp 7335 tcp 7336 tcp 7337 tcp 7338 tcp 7339 tcp 7340 tcp 7341 tcp 7342 tcp 7343 tcp 7344 tcp 7345 tcp 7346 tcp 7347 tcp 7348 tcp 7349 tcp 7350 tcp 7351 tcp 7352 tcp 7353 tcp 7354 tcp 7355 tcp 7356 tcp 7357 tcp 7358 tcp 7359 tcp 7360 tcp 7361 tcp 7362 tcp 7363 tcp 7364 tcp 7365 tcp 7366 tcp 7367 tcp 7368 tcp 7369 tcp 7370 tcp

swx sygate swx swx icb swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx swx

Swiss Exchange Sygate Management Console Swiss Exchange Swiss Exchange Internet Citizen's Band Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange Swiss Exchange

7371 tcp 7372 tcp 7373 tcp 7374 tcp 7375 tcp 7376 tcp 7377 tcp 7378 tcp 7379 tcp 7380 tcp 7381 tcp 7382 tcp 7383 tcp 7384 tcp 7385 tcp 7386 tcp 7387 tcp 7388 tcp 7389 tcp 7390 tcp 7391 tcp 7391 udp 7392 tcp 7392 udp 7395 tcp 7395 udp 7424 tcp 7424 tcp 7424 udp 7426 tcp 7426 udp 7427 tcp 7427 udp 7428 tcp 7428 udp 7429 tcp 7429 udp 7430 tcp 7430 udp 7431 tcp 7431 udp 7437 tcp 7437 udp 7491 tcp 7491 udp 7511 tcp 7511 udp 7544 tcp 7544 udp 7545 tcp

swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange swx Swiss Exchange mindfilesys mind-file system server mindfilesys mind-file system server mrssrendezvous mrss-rendezvous server mrssrendezvous mrss-rendezvous server winqedit winqedit winqedit winqedit HostControl [trojan] Host Control HostControl [trojan] Host Control HostControl [trojan] Host Control pmdmgr OpenView DM Postmaster Manager pmdmgr OpenView DM Postmaster Manager oveadmgr OpenView DM Event Agent Manager oveadmgr OpenView DM Event Agent Manager ovladmgr OpenView DM Log Agent Manager ovladmgr OpenView DM Log Agent Manager opi-sock OpenView DM rqt communication opi-sock OpenView DM rqt communication xmpv7 OpenView DM xmpv7 api pipe xmpv7 OpenView DM xmpv7 api pipe pmd OpenView DM ovc xmpv3 api pipe pmd OpenView DM ovc xmpv3 api pipe faximum Faximum faximum Faximum telops-lmd telops-lmd telops-lmd telops-lmd pafec-lm pafec-lm pafec-lm pafec-lm nta-ds FlowAnalyzer DisplayServer nta-ds FlowAnalyzer DisplayServer nta-us FlowAnalyzer UtilityServer

7545 udp nta-us FlowAnalyzer UtilityServer 7566 tcp vsi-omega VSI Omega 7566 udp vsi-omega VSI Omega 7570 tcp aries-kfinder Aries Kfinder 7570 udp aries-kfinder Aries Kfinder 7575 tcp dungeon-keeper Dungeon Keeper 2 game server 7588 tcp sun-lm Sun License Manager 7588 udp sun-lm Sun License Manager 7597 tcp Qaz [trojan] Qaz 7626 tcp Binghe [trojan] Binghe 7626 tcp Glacier [trojan] Glacier 7626 tcp Hyne [trojan] Hyne 7633 tcp pmdfmgt PMDF Management 7633 udp pmdfmgt PMDF Management 7648 udp cucme-1 cucme live video audio server 7649 udp cucme-2 cucme live video audio server 7650 udp cucme-3 cucme live video audio server 7651 udp cucme-4 cucme live video audio server 7718 tcp Glacier [trojan] Glacier 7755 udp RedFaction Red Faction game server 7777 tcp cbt cbt 7777 tcp FWTK-authsvr FWTK-Gauntlet authentication server 7777 tcp GodMessage [trojan] God Message 7777 tcp oracle-portal Oracle 9i Portal - Apache HTTP (default) 7777 tcp TheThing(modified) [trojan] The Thing (modified) 7777 tcp Tini [trojan] Tini 7777 tcp Tini [trojan] Tini 7777 udp cbt cbt 7778 tcp interwise Interwise 7778 udp interwise Interwise 7778 tcp UnReal_UT UnReal_UT (game) 7778 udp UnReal_UT UnReal_UT (game) 7778 tcp Oracle9iAS-OJSP Oracle 9i Application Server Oracle Java Server Pages 7779 tcp vstat VSTAT 7779 udp vstat VSTAT 7781 tcp accu-lmgr accu-lmgr 7781 udp accu-lmgr accu-lmgr 7786 tcp minivend MINIVEND 7786 udp minivend MINIVEND 7789 tcp BackDoorSetup [trojan] Back Door Setup 7789 tcp BackDoorSetup [trojan] Back Door Setup 7789 tcp ICKiller [trojan] ICKiller 7789 tcp Mozilla [trojan] Mozilla 7826 tcp Oblivion [trojan] Oblivion 7891 tcp TheReVeNgEr [trojan] The ReVeNgEr 7913 tcp qo-secure QuickObjects secure port

7913 udp qo-secure QuickObjects secure port 7932 tcp t2-drm Tier 2 Data Resource Manager 7932 udp t2-drm Tier 2 Data Resource Manager 7933 tcp t2-brm Tier 2 Business Rules Manager 7933 udp t2-brm Tier 2 Business Rules Manager 7937 tcp lgtonsrexecd Legato NetWorker nsrexecd listen port 7938 udp lgtomapper Legato NetWorker portmapper 7967 tcp supercell Supercell 7967 udp supercell Supercell 7979 tcp micromuse-ncps Micromuse-ncps 7979 udp micromuse-ncps Micromuse-ncps 7980 tcp quest-vista Quest Vista 7980 udp quest-vista Quest Vista 7983 tcp Mstream [trojan] Mstream 7983 tcp Mstream [trojan] Mstream 7999 tcp irdmi2 iRDMI2 7999 udp irdmi2 iRDMI2 8000 tcp irdmi iRDMI 8000 udp irdmi iRDMI 8001 tcp vcom-tunnel VCOM Tunnel 8001 udp vcom-tunnel VCOM Tunnel 8002 tcp teradataordbms Teradata ORDBMS 8002 udp teradataordbms Teradata ORDBMS 8008 tcp http-alt HTTP Alternate 8008 tcp novell-http Novell Netware Management Protocol 8008 udp http-alt HTTP Alternate 8009 tcp netware-rmgr Novell Netware Remote Manager 8010 tcp wingate wingate protocol 8022 tcp oa-system oa-system 8022 udp oa-system oa-system 8023 tcp cisco-net-mgmt SN 5420 Router 8032 tcp pro-ed ProEd 8032 udp pro-ed ProEd 8033 tcp mindprint MindPrint 8033 udp mindprint MindPrint 8074 tcp gadu-gadu Polish Instant Messanger 8080 tcp BrownOrifice [trojan] Brown Orifice 8080 tcp BrownOrifice [trojan] Brown Orifice 8080 tcp Genericbackdoor [trojan] Generic backdoor 8080 tcp http-alt HTTP Alternate (see port 80) 8080 tcp RemoConChubo [trojan] RemoConChubo 8080 tcp ReverseWWWTunnel [trojan] Reverse WWW Tunnel Backdoor 8080 tcp RingZero [trojan] RingZero 8080 udp http-alt HTTP Alternate (see port 80) 8081 tcp blackice BlackICE ICEcap 8081 tcp nai-epolicy NAI McAfee EPO ePolicy Orchestrator HTTP

8082 8100 8100 8116 8116 8130 8130 8131 8131 8132 8132 8160 8160 8161 8161 8192 8200 8200 8201 8201 8204 8204 8205 8205 8206 8206 8207 8207 8208 8208 8292 8351 8351 8376 8376 8377 8377 8378 8378 8379 8379 8380 8380 8383 8400 8400 8401 8401 8402 8402

tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp

blackice BlackICE ICEcap xprint-server Xprint Server xprint-server Xprint Server cp-cluster Check Point Clustering cp-cluster Check Point Clustering indigo-vrmi INDIGO-VRMI indigo-vrmi INDIGO-VRMI indigo-vbcp INDIGO-VBCP indigo-vbcp INDIGO-VBCP dbabble dbabble dbabble dbabble patrol Patrol patrol Patrol patrol-snmp Patrol SNMP patrol-snmp Patrol SNMP snapstream SnapStream PVS trivnet1 TRIVNET trivnet1 TRIVNET trivnet2 TRIVNET trivnet2 TRIVNET lm-perfworks LM Perfworks lm-perfworks LM Perfworks lm-instmgr LM Instmgr lm-instmgr LM Instmgr lm-dta LM Dta lm-dta LM Dta lm-sserver LM SServer lm-sserver LM SServer lm-webwatcher LM Webwatcher lm-webwatcher LM Webwatcher Bloomberg Bloomberg server-find Server Find server-find Server Find cruise-enum Cruise ENUM cruise-enum Cruise ENUM cruise-swroute Cruise SWROUTE cruise-swroute Cruise SWROUTE cruise-config Cruise CONFIG cruise-config Cruise CONFIG cruise-diags Cruise DIAGS cruise-diags Cruise DIAGS cruise-update Cruise UPDATE cruise-update Cruise UPDATE imail-http IPSwitch IMail http frontend cvd cvd cvd cvd sabarsd sabarsd sabarsd sabarsd abarsd abarsd abarsd abarsd

8403 tcp admind admind 8403 udp admind admind 8443 tcp pcsync-ssl PCSync SSL 8444 tcp pcsync PCSync 8450 tcp npmp npmp 8450 udp npmp npmp 8473 tcp vp2p Virtual Point to Point 8473 udp vp2p Virtual Point to Point 8554 tcp rtsp-alt RTSP Alternate (see port 554) 8554 udp rtsp-alt RTSP Alternate (see port 554) 8685 tcp Unin68 [trojan] Unin68 8733 tcp ibus iBus 8733 udp ibus iBus 8763 tcp mc-appserver MC-APPSERVER 8763 udp mc-appserver MC-APPSERVER 8764 tcp openqueue OPENQUEUE 8764 udp openqueue OPENQUEUE 8765 tcp ultraseek-http Ultraseek HTTP 8765 udp ultraseek-http Ultraseek HTTP 8778 tcp wn-http SGI WhatsNew http protocol 8787 tcp BackOrifice2000 [trojan] Back Orifice 2000 8787 tcp BO2K [trojan] Back Orifice 2000 8804 tcp truecm truecm 8804 udp truecm truecm 8812 tcp FraggleRockLite [trojan] FraggleRock Lite 8880 tcp cddbp-alt CDDBP 8880 udp cddbp-alt CDDBP 8888 tcp ddi-tcp-1 NewsEDGE server TCP (TCP 1) 8888 tcp sun-answerbook Sun Answerbook HTTP server 8888 udp ddi-udp-1 NewsEDGE server UDP (UDP 1) 8889 tcp ddi-tcp-2 Desktop Data TCP 1 8889 udp ddi-udp-2 NewsEDGE server broadcast 8890 tcp ddi-tcp-3 Desktop Data TCP 2 8890 udp ddi-udp-3 NewsEDGE client broadcast 8891 tcp ddi-tcp-4 Desktop Data TCP 3:00 NESS application 8891 udp ddi-udp-4 Desktop Data UDP 3:00 NESS application 8892 tcp ddi-tcp-5 Desktop Data TCP 4:00 FARM product 8892 tcp seosload From the new Computer Associates eTrust ACX ACX 8892 udp ddi-udp-5 Desktop Data UDP 4:00 FARM product 8893 tcp ddi-tcp-6 Desktop Data TCP 5:00 NewsEDGE Web application 8893 udp ddi-udp-6 Desktop Data UDP 5:00 NewsEDGE Web application 8894 tcp ddi-tcp-7 Desktop Data TCP 6:00 COAL application

8894 udp ddi-udp-7 Desktop Data UDP 6:00 COAL application 8900 tcp jmb-cds1 JMB-CDS 1 8900 udp jmb-cds1 JMB-CDS 1 8901 tcp jmb-cds2 JMB-CDS 2 8901 udp jmb-cds2 JMB-CDS 2 8988 tcp BacHack [trojan] BacHack 8988 tcp BacHack [trojan] BacHack 8989 tcp Rcon [trojan] Rcon 8989 tcp Rcon [trojan] Rcon 8989 tcp Recon [trojan] Recon 8989 tcp Xcon [trojan] Xcon 9000 tcp cslistener CSlistener 9000 tcp Netministrator [trojan] Netministrator 9000 tcp Netministrator [trojan] Netministrator 9000 udp cslistener CSlistener 9002 tcp WapPush WAP Push 9003 tcp sidewinder-admin Secure Computing Sidewinder Remote Administration 9084 udp webphone PC-Telephone Webphone 9090 tcp websm WebSM 9090 tcp zeus-admin Zeus admin server 9090 udp websm WebSM 9091 tcp xmltec-xmlmail xmltec-xmlmail 9091 udp xmltec-xmlmail xmltec-xmlmail 9099 tcp jetdirect HP JetDirect 9100 tcp jetdirect HP JetDirect 9111 tcp dragon Dragon console 9160 tcp netlock1 NetLOCK1 9160 udp netlock1 NetLOCK1 9161 tcp netlock2 NetLOCK2 9161 udp netlock2 NetLOCK2 9162 tcp netlock3 NetLOCK3 9162 udp netlock3 NetLOCK3 9163 tcp netlock4 NetLOCK4 9163 udp netlock4 NetLOCK4 9164 tcp netlock5 NetLOCK5 9164 udp netlock5 NetLOCK5 9200 tcp wap-wsp WAP connectionless session service 9200 udp wap-wsp WAP connectionless session service 9201 tcp wap-wsp-wtp WAP session service 9201 udp wap-wsp-wtp WAP session service 9202 tcp wap-wsp-s WAP secure connectionless session service 9202 udp wap-wsp-s WAP secure connectionless session service 9203 tcp wap-wsp-wtp-s WAP secure session service 9203 udp wap-wsp-wtp-s WAP secure session service 9204 tcp wap-vcard WAP vCard 9204 udp wap-vcard WAP vCard

9205 tcp wap-vcal WAP vCal 9205 udp wap-vcal WAP vCal 9206 tcp wap-vcard-s WAP vCard Secure 9206 udp wap-vcard-s WAP vCard Secure 9207 tcp wap-vcal-s WAP vCal Secure 9207 udp wap-vcal-s WAP vCal Secure 9283 tcp callwaveiam CallWaveIAM 9283 udp callwaveiam CallWaveIAM 9292 tcp armtechdaemon ArmTech Daemon 9292 udp armtechdaemon ArmTech Daemon 9321 tcp guibase guibase 9321 udp guibase guibase 9325 udp Mstream [trojan] Mstream 9325 udp Mstream [trojan] Mstream 9343 tcp mpidcmgr MpIdcMgr 9343 udp mpidcmgr MpIdcMgr 9344 tcp mphlpdmc Mphlpdmc 9344 udp mphlpdmc Mphlpdmc 9346 tcp ctechlicensing C Tech Licensing 9346 udp ctechlicensing C Tech Licensing 9374 tcp fjdmimgr fjdmimgr 9374 udp fjdmimgr fjdmimgr 9396 tcp fjinvmgr fjinvmgr 9396 udp fjinvmgr fjinvmgr 9397 tcp mpidcagt MpIdcAgt 9397 udp mpidcagt MpIdcAgt 9400 tcp InCommand [trojan] InCommand 9400 tcp InCommand [trojan] InCommand 9500 tcp ismserver ismserver 9500 udp ismserver ismserver 9535 tcp man 9535 udp man 9594 tcp msgsys Message System 9594 udp msgsys Message System 9595 tcp pds Ping Discovery Service 9595 udp pds Ping Discovery Service 9600 tcp micromuse-ncpw MICROMUSE-NCPW 9600 udp micromuse-ncpw MICROMUSE-NCPW 9753 tcp rasadv rasadv 9753 udp rasadv rasadv 9797 tcp lcfd Tivoli lcfd daemon 9870 tcp RemoteComputerControl [trojan] Remote Computer Control Center 9872 tcp PortalofDoom [trojan] Portal of Doom 9872 tcp PortalofDoom [trojan] Portal of Doom 9873 tcp PortalofDoom [trojan] Portal of Doom 9873 tcp PortalofDoom [trojan] Portal of Doom 9874 tcp PortalofDoom [trojan] Portal of Doom 9874 tcp PortalofDoom [trojan] Portal of Doom 9875 tcp PortalofDoom [trojan] Portal of Doom

9875 9876 9876 9876 9876 9876 9878 9878 9888 9888 9898 9898 9899 9899 9900 9900 9909 9909 9950 9950 9951 9951 9952 9952 9989 9989 9990 9991 9992 9992 9992 9993 9993 9994 9994 9995 9995 9996 9996 9997 9997 9998 9998 9999 9999 9999 9999 10000 10000

tcp tcp tcp tcp tcp udp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp udp tcp udp

PortalofDoom [trojan] Portal of Doom CyberAttacker [trojan] Cyber Attacker CyberAttacker [trojan] Cyber Attacker Rux [trojan] Rux sd Session Director sd Session Director TransScout [trojan] TransScout TransScout [trojan] TransScout cyborg-systems CYBORG Systems cyborg-systems CYBORG Systems monkeycom MonkeyCom monkeycom MonkeyCom sctp-tunneling SCTP TUNNELING sctp-tunneling SCTP TUNNELING iua IUA iua IUA domaintime domaintime domaintime domaintime apcpcpluswin1 APCPCPLUSWIN1 apcpcpluswin1 APCPCPLUSWIN1 apcpcpluswin2 APCPCPLUSWIN2 apcpcpluswin2 APCPCPLUSWIN2 apcpcpluswin3 APCPCPLUSWIN3 apcpcpluswin3 APCPCPLUSWIN3 IniKiller [trojan] Ini-Killer Ini-Killer [trojan] Ini-Killer realsecure RealSecure ISS system scanner realsecure RealSecure ISS system scanner palace-1 OnLive-1 realsecure RealSecure ISS system scanner palace-1 OnLive-1 palace-2 OnLive-2 palace-2 OnLive-2 palace-3 OnLive-3 palace-3 OnLive-3 palace-4 Palace-4 palace-4 Palace-4 palace-5 Palace-5 palace-5 Palace-5 palace-6 Palace-6 palace-6 Palace-6 distinct32 Distinct32 distinct32 Distinct32 distinct distinct ThePrayer [trojan] The Prayer ThePrayer [trojan] The Prayer distinct distinct ndmp Network Data Management Protocol ndmp Network Data Management Protocol

10000 tcp webmin Webmin (http://www.webmin.com) 10000 tcp securenetpro-mgmt SecureNet Pro IDS Management 10000 tcp OpwinTRojan [trojan] OpwinTRojan 10005 tcp OpwinTRojan [trojan] OpwinTRojan 10005 tcp stel Secure telnet 10007 tcp mvs-capacity MVS Capacity 10007 udp mvs-capacity MVS Capacity 10008 tcp Cheeseworm [trojan] Cheese worm 10008 tcp Lion [trojan] Lion 10008 tcp LionWorm [trojan] Lion Worm (exploits Solaris saadmind) 10067 udp PortalofDoomPOD [trojan] Portal of Doom - POD 10067 udp PortalofDoom [trojan] Portal of Doom 10080 tcp amanda Amanda 10080 udp amanda Amanda 10082 tcp amandaidx Amanda indexing 10083 tcp amidxtape Amanda tape indexing 10085 tcp Syphillis [trojan] Syphillis 10085 tcp Syphillis [trojan] Syphillis 10086 tcp Syphillis [trojan] Syphillis 10086 tcp Syphillis [trojan] Syphillis 10100 tcp ControlTotal [trojan] Control Total 10100 tcp GiFttrojan [trojan] GiFt trojan 10101 tcp BrainSpy [trojan] BrainSpy 10101 tcp BrainSpy [trojan] BrainSpy 10101 tcp Silencer [trojan] Silencer 10113 tcp netiq-endpoint NetIQ Endpoint 10113 udp netiq-endpoint NetIQ Endpoint 10114 tcp netiq-qcheck NetIQ Qcheck 10114 udp netiq-qcheck NetIQ Qcheck 10115 tcp netiq-endpt NetIQ Endpoint 10115 udp netiq-endpt NetIQ Endpoint 10128 tcp bmc-perf-sd BMC-PERFORM-SERVICE DAEMON 10128 udp bmc-perf-sd BMC-PERFORM-SERVICE DAEMON 10167 udp PortalofDoomPOD [trojan] Portal of Doom - POD 10167 udp PortalofDoom [trojan] Portal of Doom 10288 tcp blocks Blocks 10288 udp blocks Blocks 10520 tcp AcidShivers [trojan] Acid Shivers 10520 tcp AcidShivers [trojan] Acid Shivers 10528 tcp HostControl [trojan] Host Control 10528 tcp HostControl [trojan] Host Control 10607 tcp Coma [trojan] Coma 10607 tcp Coma [trojan] Coma 10666 udp Ambush [trojan] Ambush 10666 udp Ambush [trojan] Ambush

11000 tcp SennaSpyTrojanGenerator [trojan] Senna Spy Trojan Generator 11000 tcp SennaSpy [trojan] Senna Spy 11000 udp irisa IRISA 11001 tcp metasys Metasys 11001 udp metasys Metasys 11050 tcp HostControl [trojan] Host Control 11050 tcp HostControl [trojan] Host Control 11051 tcp HostControl [trojan] Host Control 11051 tcp HostControl [trojan] Host Control 11111 tcp vce Viral Computing Environment (VCE) 11111 udp vce Viral Computing Environment (VCE) 11201 tcp smsqp smsqp 11201 udp smsqp smsqp 11223 tcp Progenictrojan [trojan] Progenic trojan 11223 tcp Progenictrojan [trojan] Progenic trojan 11223 tcp SecretAgent [trojan] Secret Agent 11319 tcp imip IMIP 11319 udp imip IMIP 11367 tcp atm-uhas ATM UHAS 11367 udp atm-uhas ATM UHAS 11371 tcp pksd PGP Public Key Server 11600 tcp tempest-port Tempest Protocol Port 11600 udp tempest-port Tempest Protocol Port 11720 tcp h323callsigalt h323 Call Signal Alternate 11720 udp h323callsigalt h323 Call Signal Alternate 11831 tcp Latinus [trojan] Latinus 11999 tcp yahoo-games Yahoo Games 12000 tcp entextxid IBM Enterprise Extender SNA XID Exchange 12000 udp entextxid IBM Enterprise Extender SNA XID Exchange 12001 tcp entextnetwk IBM Enterprise Extender SNA COS Network Priority 12001 udp entextnetwk IBM Enterprise Extender SNA COS Network Priority 12002 tcp entexthigh IBM Enterprise Extender SNA COS High Priority 12002 udp entexthigh IBM Enterprise Extender SNA COS High Priority 12003 tcp entextmed IBM Enterprise Extender SNA COS Medium Priority 12003 udp entextmed IBM Enterprise Extender SNA COS Medium Priority 12004 tcp entextlow IBM Enterprise Extender SNA COS Low Priority 12004 udp entextlow IBM Enterprise Extender SNA COS Low Priority 12076 tcp Gjamer [trojan] Gjamer 12076 tcp Gjamer [trojan] Gjamer

12172 12172 12223 12223 12310 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12345 12346 12346 12346 12346 12346 12348 12349 12349 12349 12361 12361 12362 12362 12363 12468 12469 12623 12623 12624 12624 12631 12631 12701 12753 12753 12754 12754

tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp udp tcp tcp tcp tcp tcp tcp udp tcp tcp

hivep HiveP hivep HiveP Hack99KeyLogger [trojan] Hack99 KeyLogger Hack99KeyLogger [trojan] Hack99 KeyLogger PreCursor [trojan] PreCursor Adoresshd [trojan] Adore sshd Ashley [trojan] Ashley cron/crontab [trojan] cron / crontab FatBitchtrojan [trojan] Fat Bitch trojan GabanBus [trojan] GabanBus icmp_client.c [trojan] icmp_client.c icmp_pipe.c [trojan] icmp_pipe.c Mypic [trojan] Mypic NetBusToy [trojan] NetBus Toy NetBus [trojan] NetBus NetBus [trojan] NetBus backdoor trojan NetBusworm [trojan] NetBus worm PieBillGates [trojan] Pie Bill Gates TMListen TrendMicro OfficeScan TMListen ValvNet [trojan] ValvNet WhackJob [trojan] Whack Job X-bill [trojan] X-bill FatBitchtrojan [trojan] Fat Bitch trojan GabanBus [trojan] GabanBus NetBus [trojan] NetBus NetBus [trojan] NetBus backdoor trojan X-bill [trojan] X-bill BioNet [trojan] BioNet BioNet [trojan] BioNet BioNet [trojan] BioNet Webhead [trojan] Webhead Whackamole [trojan] Whack-a-mole Whack-a-mole [trojan] Whack-a-mole Whackamole [trojan] Whack-a-mole Whack-a-mole [trojan] Whack-a-mole Whack-a-mole [trojan] Whack-a-mole webtheater WebTheater webtheater WebTheater DUNControl [trojan] DUN Control DUNControl [trojan] DUN Control ButtMan [trojan] ButtMan ButtMan [trojan] ButtMan WhackJob [trojan] Whack Job WhackJob [trojan] Whack Job Eclipse2000 [trojan] Eclipse 2000 tsaf tsaf port tsaf tsaf port Mstream [trojan] Mstream Mstream [trojan] Mstream

12973 tcp access 12975 tcp access 13000 tcp 13010 tcp 13010 tcp 13010 tcp 13013 tcp 13014 tcp 13139 udp 13160 tcp 13160 udp 13223 tcp 13223 tcp 13223 udp 13224 tcp 13224 udp 13473 tcp 13720 tcp 13720 udp 13721 tcp NetBackup) 13721 udp NetBackup) 13722 tcp 13722 udp 13724 tcp 13724 udp 13782 tcp 13782 udp 13783 tcp 13783 udp 13818 tcp 13818 udp 13819 tcp 13819 udp 13820 tcp 13820 udp 13821 tcp 13821 udp 13822 tcp 13822 udp 14001 tcp 14001 udp 14002 tcp 14237 tcp 14238 tcp 14238 udp 14500 tcp

Backdoor-QR Backdoor-QR

[trojan] [trojan]

QR QR

keylogger/remote keylogger/remote

SennaSpy [trojan] Senna Spy BitchController [trojan] BitchController HackerBrasilHBR [trojan] Hacker Brasil - HBR HackerBrasil [trojan] Hacker Brasil - HBR PsychWard [trojan] PsychWard PsychWard [trojan] PsychWard game-ping GameSpy Arcade custom udp pings i-zipqd I-ZIPQD i-zipqd I-ZIPQD Hack99KeyLogger [trojan] Hack99 KeyLogger powwow-client PowWow Client powwow-client PowWow Client powwow-server PowWow Server powwow-server PowWow Server Chupacabra [trojan] Chupacabra bprd BPRD Protocol (VERITAS NetBackup) bprd BPRD Protocol (VERITAS NetBackup) bpbrm BPBRM Protocol (VERITAS bpbrm BPBRM Protocol (VERITAS

bpjava-msvc BP Java MSVC Protocol bpjava-msvc BP Java MSVC Protocol vnetd Veritas Network Utility vnetd Veritas Network Utility bpcd VERITAS NetBackup bpcd VERITAS NetBackup vopied VOPIED Protnocol vopied VOPIED Protocol dsmcc-config DSMCC Config dsmcc-config DSMCC Config dsmcc-session DSMCC Session Messages dsmcc-session DSMCC Session Messages dsmcc-passthru DSMCC Pass-Thru Messages dsmcc-passthru DSMCC Pass-Thru Messages dsmcc-download DSMCC Download Protocol dsmcc-download DSMCC Download Protocol dsmcc-ccp DSMCC Channel Change Protocol dsmcc-ccp DSMCC Channel Change Protocol itu-sccp-ss7 ITU SCCP (SS7) itu-sccp-ss7 ITU SCCP (SS7) tanne Tanne Daemon palm-hotsync Palm HotSync palm-hotsync-manage Palm HotSync Manager palm-hotsync Palm HotSync PCInvader [trojan] PC Invader

14500 tcp 14501 tcp 14502 tcp 14503 tcp 14936 tcp 14936 udp 14937 tcp 14937 udp 15000 tcp 15000 tcp 15000 udp 15077 tcp server 15078 tcp server 15092 tcp 15092 tcp 15104 tcp 15104 tcp 15163 tcp 2002 15164 tcp 2002 15164 udp 2002 15165 tcp 2002 15166 tcp 2002 15166 udp 2002 15345 tcp 15345 udp 15382 tcp 15858 tcp 15858 tcp 15871 tcp Message port 16360 tcp 16360 udp 16361 tcp 16361 udp 16367 tcp 16367 udp 16368 tcp 16368 udp 16384 tcp 16484 tcp 16660 tcp 16772 tcp

PCInvader [trojan] PC Invader PCInvader [trojan] PC Invader PCInvader [trojan] PC Invader PCInvader [trojan] PC Invader hde-lcesrvr-1 hde-lcesrvr-1 hde-lcesrvr-1 hde-lcesrvr-1 hde-lcesrvr-2 hde-lcesrvr-2 hde-lcesrvr-2 hde-lcesrvr-2 hydap Hypack Data Aquisition NetDemon [trojan] NetDemon hydap Hypack Data Aquisition enterasys-mpoa Enterasys ATM enterasys-mpoa HostControl HostControl Mstream Mstream PCAudit PCAudit PCAudit PCAudit PCAudit PCAudit Enterasys ATM

MPOA MPOA

[trojan] Host Control [trojan] Host Control [trojan] Mstream [trojan] Mstream PCAudit Activity Monitor PCAudit Activity Monitor PCAudit Activity Monitor PCAudit Activity Monitor PCAudit Activity Monitor PCAudit Activity Monitor

xpilot XPilot Contact Port xpilot XPilot Contact Port SubZero [trojan] SubZero CDK [trojan] CDK CDK [trojan] CDK websense-msg Websense Server Blocked Page netserialext1 netserialext1 netserialext2 netserialext2 netserialext3 netserialext3 netserialext4 netserialext4 connected-online Mosucker Stacheldraht ICQRevenge netserialext1 netserialext1 netserialext2 netserialext2 netserialext3 netserialext3 netserialext4 netserialext4 ConnectedOnline [trojan] Mosucker [trojan] Stacheldraht [trojan] ICQ Revenge

16959 tcp SubSeven 16969 tcp Priority 16991 tcp intel-rci-mp 16991 udp intel-rci-mp 17007 tcp isode-dua 17007 udp isode-dua 17166 tcp Mosaic 17185 tcp soundsvirtual 17185 udp soundsvirtual 17219 tcp chipper 17219 udp chipper 17300 tcp Kuang2TheVirus 17300 tcp Kuang2thevirus 17449 tcp KidTerror 17449 tcp KidTerror 17499 tcp CrazzyNet 17499 tcp CrazzyNet 17500 tcp CrazzyNet 17569 tcp Infector 17593 tcp AudioDoor 17777 tcp Nephron 17777 tcp Nephron 18000 tcp biimenu 18000 udp biimenu 18009 tcp http_rwbs chat server 18080 tcp puremessage 18181 tcp opsec-cvp Vectoring Protocol 18181 udp opsec-cvp Vectoring Protocol 18182 tcp opsec-ufp Protocol 18182 udp opsec-ufp Protocol 18183 tcp opsec-sam Activity Monitor API 18183 udp opsec-sam Activity Monitor API 18184 tcp opsec-lea 18184 udp opsec-lea 18185 tcp opsec-omi Management Interface 18185 udp opsec-omi Management Interface 18187 tcp opsec-ela 18187 udp opsec-ela 18207 tcp fw1-pslogon Protocol 18463 tcp ac-cluster

[trojan] SubSeven [trojan] Priority INTEL-RCI-MP INTEL-RCI-MP [trojan] Mosaic Sounds Virtual Sounds Virtual Chipper Chipper [trojan] Kuang2 The Virus [trojan] Kuang2 the virus [trojan] Kid Terror [trojan] Kid Terror [trojan] CrazzyNet [trojan] CrazzyNet [trojan] CrazzyNet [trojan] Infector [trojan] AudioDoor [trojan] Nephron [trojan] Nephron Beckman Instruments Inc. Beckman Instruments Inc. HTTP Server by Roger Wilco voice PureMessage Manager Check Point OPSEC Content Check Point OPSEC Content Check Point OPSEC URL Filtering Check Point OPSEC URL Filtering Check Point OPSEC Suspicious Check Point OPSEC Suspicious Check Point OPSEC Log Export API Check Point OPSEC Log Export API Check Point OPSEC Objects Check Point OPSEC Objects Check Point OPSEC ELA Check Point OPSEC ELA Check Point Policy Server Logon AC Cluster

18463 udp ac-cluster AC Cluster 18667 tcp Knark [trojan] Knark 18753 udp Shaft [trojan] Shaft 18753 udp Shaft [trojan] Shaft 18888 tcp apc-necmp APCNECMP 18888 udp apc-necmp APCNECMP 19191 tcp opsec-uaa opsec-uaa 19191 udp opsec-uaa opsec-uaa 19283 tcp keysrvr Key Server for SASSAFRAS 19283 udp keysrvr Key Server for SASSAFRAS 19315 tcp keyshadow Key Shadow for SASSAFRAS 19315 udp keyshadow Key Shadow for SASSAFRAS 19398 tcp mtrgtrans mtrgtrans 19398 udp mtrgtrans mtrgtrans 19410 tcp hp-sco hp-sco 19410 udp hp-sco hp-sco 19411 tcp hp-sca hp-sca 19411 udp hp-sca hp-sca 19412 tcp hp-sessmon HP-SESSMON 19412 udp hp-sessmon HP-SESSMON 19541 tcp jcp JCP Client 19541 udp jcp JCP Client 19864 tcp ICQRevenge [trojan] ICQ Revenge 19864 tcp ICQRevenge [trojan] ICQ Revenge 20000 tcp Millenium [trojan] Millenium 20000 tcp Millenium [trojan] Millenium 20000 udp dnp DNP 20001 tcp Insect [trojan] Insect 20001 tcp Millenium(Lm) [trojan] Millenium (Lm) 20001 tcp Millenium [trojan] Millenium 20001 tcp Millenium [trojan] Millenium 20002 tcp AcidkoR [trojan] AcidkoR 20002 tcp AcidkoR [trojan] AcidkoR 20005 tcp btx xcept4 (Interacts with German Telekom's CEPT videotext service) 20005 tcp Mosucker [trojan] Mosucker 20023 tcp VPKiller [trojan] VP Killer 20023 tcp VPKiller [trojan] VP Killer 20034 tcp NetBus2.0ProHidden [trojan] NetBus 2.0 Pro Hidden 20034 tcp NetBus2.0Pro [trojan] NetBus 2.0 Pro 20034 tcp NetBus2Pro [trojan] NetBus 2 Pro 20034 tcp NetRex [trojan] NetRex 20034 tcp WhackJob [trojan] Whack Job 20139 tcp Aristotle [trojan] #skanbotz IRC-SubSeven Trojan 20203 tcp Chupacabra [trojan] Chupacabra 20222 tcp ipulse-ics iPulse-ICS 20222 udp ipulse-ics iPulse-ICS 20331 tcp BLAtrojan [trojan] BLA trojan 20331 tcp BLAtrojan [trojan] BLA trojan

20432 tcp 20432 tcp 20433 udp 20433 udp 20670 tcp 20670 udp 20999 tcp 20999 udp 21544 tcp 21544 tcp 21544 tcp 21544 tcp 21554 tcp 21554 tcp 21554 tcp 21554 tcp 21554 tcp 21554 tcp 21579 tcp 21590 tcp 21590 udp 21845 tcp 21845 udp 21846 tcp 21846 udp 21847 tcp 21847 udp 21848 tcp Distribution 21848 udp Distribution 21849 tcp System 21849 udp System 21957 tcp 22000 tcp 22000 udp 22001 tcp 22001 udp 22222 tcp 22222 tcp 22222 tcp 22222 tcp 22222 tcp 22273 tcp 22273 udp 22289 tcp 22305 tcp 22321 tcp

Shaft [trojan] Shaft Shaft [trojan] Shaft Shaft [trojan] Shaft Shaft [trojan] Shaft track Track track Track athand-mmp At Hand MMP athand-mmp AT Hand MMP GirlFriend [trojan] GirlFriend GirlFriend [trojan] GirlFriend KidTerror [trojan] Kid Terror Matrix [trojan] Matrix Exploiter [trojan] Exploiter FreddyK [trojan] FreddyK KidTerror [trojan] Kid Terror Schwindler [trojan] Schwindler Schwindler [trojan] Schwindler Winsp00fer [trojan] Winsp00fer Breach [trojan] Breach vofr-gateway VoFR Gateway vofr-gateway VoFR Gateway webphone webphone webphone webphone netspeak-is NetSpeak Corp. Directory Services netspeak-is NetSpeak Corp. Directory Services netspeak-cs NetSpeak Corp. Connection Services netspeak-cs NetSpeak Corp. Connection Services netspeak-acd NetSpeak Corp. Automatic Call netspeak-acd netspeak-cps netspeak-cps Latinus snapenetio snapenetio optocontrol optocontrol DonaldDick DonaldDick Prosiak Ruler RUXTheTIc.K wnn6 wnn6 wnn6_Cn wnn6_Kr wnn6_Tw NetSpeak Corp. Automatic Call NetSpeak Corp. Credit Processing NetSpeak Corp. Credit Processing [trojan] Latinus SNAPenetIO SNAPenetIO OptoControl OptoControl [trojan] Donald Dick [trojan] Donald Dick [trojan] Prosiak [trojan] Ruler [trojan] RUX The TIc.K Wnn6 (Japanese input) wnn6 Wnn6 (Chinese input) Wnn6 (Korean input) Wnn6 (Taiwanse input)

22450 22450 22555 22555 22800 22800 22951 22951 23005 23005 23005 23005 23006 23023 23023 23032 23032 23321 23432 23432 23456 23456 23456 23456 23476 23476 23476 23476 23477 23477 23777 24000 24000 24000 24001 24001 24002 24002 24003 24003 24004 24004 24005 24005 24006 24006 24242 24242 24249 24249

tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp udp udp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp

SiN SiN vocaltec-wconf vocaltec-phone aws-brf aws-brf brf-gw brf-gw NetTrash NetTrash Olive Oxon NetTrash Logged Logged Amanda Amanda Konik Asylum Asylum EvilFTP EvilFTP UglyFTP WhackJob DonaldDick DonaldDick DonaldDick DonaldDick DonaldDick DonaldDick InetSpy Infector med-ltp med-ltp med-fsp-rx med-fsp-rx med-fsp-tx med-fsp-tx med-supp med-supp med-ovw med-ovw med-ci med-ci med-net-svc med-net-svc filesphere filesphere vista-4gl vista-4gl

SiN (game) SiN (game) Vocaltec Web Conference Vocaltec Internet Phone Telerate Information Platform LAN Telerate Information Platform LAN Telerate Information Platform WAN Telerate Information Platform WAN [trojan] NetTrash [trojan] NetTrash [trojan] Olive [trojan] Oxon [trojan] NetTrash [trojan] Logged [trojan] Logged [trojan] Amanda [trojan] Amanda [trojan] Konik [trojan] Asylum [trojan] Asylum [trojan] Evil FTP [trojan] Evil FTP [trojan] Ugly FTP [trojan] Whack Job [trojan] Donald Dick [trojan] Donald Dick [trojan] Donald Dick [trojan] Donald Dick [trojan] Donald Dick [trojan] Donald Dick [trojan] InetSpy [trojan] Infector med-ltp med-ltp med-fsp-rx med-fsp-rx med-fsp-tx med-fsp-tx med-supp med-supp med-ovw med-ovw med-ci med-ci med-net-svc med-net-svc fileSphere fileSphere Vista 4GL Vista 4GL

24289 24386 24386 24554 24554 24677 24677 25000 25000 25001 25001 25002 25002 25003 25003 25004 25004 25005 25005 25006 25006 25007 25007 25008 25008 25009 25009 25123 25555 25685 25686 25793 25793 25901 25901 25903 25903 25982 26000 26000 26208 26208 26262 26263 26264 26264 26274 26274 26681 26681

tcp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp udp tcp tcp tcp tcp tcp udp tcp udp tcp udp tcp tcp udp tcp udp tcp udp tcp udp udp udp tcp tcp

Latinus [trojan] Latinus intel_rci Intel RCI intel_rci Intel RCI binkp BINKP binkp BINKP flashfiler FlashFiler flashfiler FlashFiler icl-twobase1 icl-twobase1 icl-twobase1 icl-twobase1 icl-twobase2 icl-twobase2 icl-twobase2 icl-twobase2 icl-twobase3 icl-twobase3 icl-twobase3 icl-twobase3 icl-twobase4 icl-twobase4 icl-twobase4 icl-twobase4 icl-twobase5 icl-twobase5 icl-twobase5 icl-twobase5 icl-twobase6 icl-twobase6 icl-twobase6 icl-twobase6 icl-twobase7 icl-twobase7 icl-twobase7 icl-twobase7 icl-twobase8 icl-twobase8 icl-twobase8 icl-twobase8 icl-twobase9 icl-twobase9 icl-twobase9 icl-twobase9 icl-twobase10 icl-twobase10 icl-twobase10 icl-twobase10 Goy'ZTroJan [trojan] Goy'Z TroJan FreddyK [trojan] FreddyK MoonPie [trojan] MoonPie MoonPie [trojan] MoonPie vocaltec-hos Vocaltec Address Server vocaltec-hos Vocaltec Address Server niobserver NIObserver niobserver NIObserver niprobe NIProbe niprobe NIProbe MoonPie [trojan] MoonPie quakeworld QuakeWorld Master Server quakeworld QuakeWorld Master Server wnn6-ds wnn6-ds wnn6-ds wnn6-ds k3software-svr K3 Software-Server k3software-cli K3 Software-Client gserver Gserver gserver Gserver DeltaSource [trojan] Delta Source DeltaSource [trojan] Delta Source VoiceSpyOBS [trojan] Voice Spy - OBS!!! VoiceSpy [trojan] Voice Spy

27000 tcp flex-lm FlexLM (1-10) 27000 tcp quakeworld QuakeWorld Master Server 27000 udp quakeworld QuakeWorld Master Server 27001 tcp flex-lm FlexLM (1-10) 27002 tcp flex-lm FlexLM (1-10) 27003 tcp flex-lm FlexLM (1-10) 27004 tcp flex-lm FlexLM (1-10) 27005 tcp flex-lm FlexLM (1-10) 27006 tcp flex-lm FlexLM (1-10) 27007 tcp flex-lm FlexLM (1-10) 27008 tcp flex-lm FlexLM (1-10) 27009 tcp flex-lm FlexLM (1-10) 27015 udp halflife Half-Life Game Server 27160 tcp MoonPie [trojan] MoonPie 27345 tcp imagepump ImagePump 27345 udp imagepump ImagePump 27374 tcp BadBlood [trojan] Bad Blood 27374 tcp EGO [trojan] EGO 27374 tcp FakeSubSeven [trojan] Fake SubSeven 27374 tcp Lion [trojan] Lion 27374 tcp Ramen [trojan] Ramen 27374 tcp Seeker [trojan] Seeker 27374 tcp Subseven2.1.4DefCon8 [trojan] Subseven 2.1.4 DefCon 8 27374 tcp SubSeven2.1Gold [trojan] SubSeven 2.1 Gold 27374 tcp SubSeven2.2 [trojan] SubSeven 2.2 27374 tcp SubSevenMuie [trojan] SubSeven Muie 27374 tcp SubSeven [trojan] SubSeven 27374 tcp TheSaint [trojan] The Saint 27374 tcp Ttfloader [trojan] Ttfloader 27374 tcp Webhead [trojan] Webhead 27444 udp Trinoo_Bcast [trojan] Trinoo distributed attack tool 27444 udp Trinoo [trojan] Trinoo 27500 tcp quakeworld QuakeWorld 27500 udp quakeworld QuakeWorld 27573 tcp SubSeven [trojan] SubSeven 27660 udp quake3server Quake 3 Arena Server (for first player) 27665 tcp Trinoo_Master Trinoo distributed attack tool 27665 tcp Trinoo [trojan] Trinoo 27900 udp game-heartbeat GameSpy Arcade master server udp heartbeat 27910 udp quake2server Quake 2 Server 27960 tcp quake3server Quake 3 Arena Server 27960 udp Quake3Server Quake 3 Arena Server 27999 tcp tw-auth-key TW Authentication Key Distribution and 27999 udp tw-auth-key Attribute Certificate Services 28001 tcp tribes Tribes (game)

28001 udp 28431 tcp 28431 udp 28432 udp 28678 tcp 28900 tcp request 28910 tcp 29000 udp 29000 tcp manager 29001 udp port) 29001 tcp 29002 udp port) 29003 udp port) 29004 udp port) 29005 udp port) 29006 udp port) 29007 udp port) 29008 udp port) 29009 udp port) 29104 tcp 29104 tcp 29292 tcp 29369 tcp 29559 tcp 29891 tcp 29891 tcp 29891 udp 30000 tcp 30001 tcp 30001 tcp 30003 tcp 30003 tcp 30005 tcp 30029 tcp 30029 tcp 30100 tcp 30100 tcp 30101 tcp 30101 tcp

tribes HackaTack HackaTack HackaTack Exploiter game-list heretic2 starsiege game-connect starsiege game-search starsiege starsiege starsiege starsiege starsiege starsiege starsiege starsiege

Tribes (game) [trojan] HackaTack [trojan] Hack'a'Tack 2K [trojan] Hack'a'Tack 2K [trojan] Exploiter GameSpy Arcade master server list Heretic II Game Server Starsiege (game - main default port) GameSpy Arcade connection Starsiege (game - possible default GameSpy Arcade search manager Starsiege (game - possible default Starsiege (game - possible default Starsiege (game - possible default Starsiege (game - possible default Starsiege (game - possible default Starsiege (game - possible default Starsiege (game - possible default Starsiege (game - possible default

NetTrojan [trojan] NetTrojan NetTrojan [trojan] NetTrojan BackGate [trojan] BackGate ovasOn [trojan] ovasOn Latinus [trojan] Latinus TheUnexplained [trojan] The Unexplained TheUnexplained [trojan] The Unexplained TheUnexplained [trojan] The Unexplained Infector [trojan] Infector ErrOr32 [trojan] ErrOr32 ErrOr32 [trojan] ErrOr32 LamersDeath [trojan] Lamers Death LamersDeath [trojan] Lamers Death BackdoorJZ [trojan] Backdoor JZ AOLTrojan [trojan] AOL Trojan AOLtrojan [trojan] AOL trojan NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere

30102 tcp 30102 tcp 30103 tcp 30103 tcp 30103 udp 30103 udp 30133 tcp 30133 tcp 30303 tcp 30303 tcp 30700 tcp 30947 tcp 30947 tcp 30999 tcp 30999 tcp 31221 tcp 31335 tcp 31335 tcp 31335 udp 31336 tcp 31336 tcp 31336 tcp 31337 tcp 31337 tcp 31337 tcp patches 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 tcp 31337 udp admin tool 31337 udp 31337 tcp 31338 tcp 31338 tcp 31338 tcp 31338 udp

NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere NetSphere [trojan] NetSphere SocketsdesTroie [trojan] Sockets des Troie SocketsdeTroie [trojan] Sockets de Troie Mantis [trojan] Mantis Intruse [trojan] Intruse Intruse [trojan] Intruse Kuang2 [trojan] Kuang2 Kuang2 [trojan] Kuang2 Knark [trojan] Knark Trinoo [trojan] Trinoo Trinoo [trojan] Trinoo Trinoo_Register Trinoo distributed attack tool BoWhack [trojan] Bo Whack BoWhack [trojan] Bo Whack ButtFunnel [trojan] Butt Funnel ADMworm [trojan] ADM worm BackFire [trojan] Back Fire BackOrifice1.20patches [trojan] Back Orifice 1.20 BackOrifice(Lm) BackOrificerussian BaronNight Beeone bindshell BO2 BOclient BOFacil BOspy cron/crontab DeepBO Freak2k Freak88 Gummo icmp_pipe.c LinuxRootkitIV BackOrifice BackOrifice psybnc BackOrifice ButtFunnel ButtFunnel BackOrifice [trojan] Back Orifice (Lm) [trojan] Back Orifice russian [trojan] Baron Night [trojan] Beeone [trojan] bindshell [trojan] BO2 [trojan] BO client [trojan] BO Facil [trojan] BO spy [trojan] cron / crontab [trojan] Deep BO [trojan] Freak2k [trojan] Freak88 [trojan] Gummo [trojan] icmp_pipe.c [trojan] Linux Rootkit IV [trojan] cDc Back Orifice remote [trojan] Back Orifice [trojan] psybnc [trojan] Back Orifice [trojan] Butt Funnel [trojan] Butt Funnel [trojan] Back Orifice

31338 udp DeepBO [trojan] Deep BO 31339 tcp NetSpyDK [trojan] NetSpy (DK) 31339 tcp NetSpy(DK) [trojan] NetSpy (DK) 31510 tcp KingPin KingPin (game) 31510 udp KingPin KingPin (game) 31557 tcp NetBus [trojan] NetBus 31557 tcp Xanadu [trojan] Xanadu 31666 tcp BOWhack [trojan] BOWhack 31666 tcp BOWhack [trojan] BOWhack 31745 tcp BuschTrommel [trojan] BuschTrommel 31785 tcp HackaTack [trojan] HackaTack 31785 tcp HackaTack [trojan] HackaTack 31787 tcp HackaTack [trojan] HackaTack 31787 tcp HackaTack [trojan] HackaTack 31788 tcp HackaTack [trojan] HackaTack 31788 tcp HackaTack [trojan] HackaTack 31789 udp HackaTack [trojan] HackaTack 31789 udp HackaTack [trojan] HackaTack 31790 tcp HackaTack [trojan] HackaTack 31790 tcp HackaTack [trojan] HackaTack 31791 udp HackaTack [trojan] HackaTack 31791 udp HackaTack [trojan] HackaTack 31792 tcp HackaTack [trojan] HackaTack 31792 tcp HackaTack [trojan] HackaTack 32000 tcp merak-webmail Merak WebMail server 32001 tcp DonaldDick [trojan] Donald Dick 32001 tcp DonaldDick [trojan] Donald Dick 32100 tcp PeanutBrittle [trojan] Peanut Brittle 32100 tcp PeanutBrittle [trojan] Peanut Brittle 32100 tcp ProjectnEXT [trojan] Project nEXT 32418 tcp AcidBattery [trojan] Acid Battery 32418 tcp AcidBattery [trojan] Acid Battery 32768 tcp HackersParadise [trojan] Hacker's Paradise 32768 udp filenet-tms Filenet TMS 32769 tcp filenet-rpc Filenet RPC 32769 udp filenet-rpc Filenet RPC 32769 tcp sgi-iphone SGI InPerson Phone 32770 tcp filenet-nch Filenet NCH 32770 udp filenet-nch Filenet NCH 32771 tcp sometimes-rpc5 Sometimes an RPC port on Solaris box (rusersd) 32771 udp sometimes-rpc6 Sometimes an RPC port on Solaris box (rusersd) 32772 tcp sometimes-rpc7 Sometimes an RPC port on Solaris box (status) 32772 udp sometimes-rpc8 Sometimes an RPC port on Solaris box (status) 32773 tcp sometimes-rpc9 Sometimes an RPC port on Solaris box (rquotad)

my my my my my

32773 udp sometimes-rpc10 Solaris box (rquotad) 32774 tcp sometimes-rpc11 Solaris box (rusersd) 32774 udp sometimes-rpc12 Solaris box (rusersd) 32775 tcp sometimes-rpc13 Solaris box (status) 32775 udp sometimes-rpc14 Solaris box (status) 32776 tcp sometimes-rpc15 Solaris box (sprayd) 32776 udp sometimes-rpc16 Solaris box (sprayd) 32777 tcp sometimes-rpc17 Solaris box (walld) 32777 udp sometimes-rpc18 Solaris box (walld) 32778 tcp sometimes-rpc19 Solaris box (rstatd) 32778 udp sometimes-rpc20 Solaris box (rstatd) 32779 tcp sometimes-rpc21 Solaris box 32779 udp sometimes-rpc22 Solaris box 32780 tcp sometimes-rpc23 Solaris box 32780 udp sometimes-rpc24 Solaris box 32786 tcp sometimes-rpc25 32786 udp sometimes-rpc26 32787 tcp sometimes-rpc27 (DMI Service Provider) 32787 udp sometimes-rpc28 32791 tcp Acropolis 33270 tcp Trinity 33333 tcp Blakharaz 33333 tcp Prosiak 33334 udp EmpireEarth 33335 tcp EmpireEarth 33567 tcp Lion 33567 tcp T0rnRootkit 33568 tcp Lion 33568 tcp T0rnRootkit 33577 tcp SonofPsychWard 33777 tcp SonofPsychWard 33911 tcp Spirit2000 33911 tcp Spirit2001 34324 tcp BigGluck

Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port on my Sometimes an RPC port (mountd) Sometimes an RPC port Sometimes an RPC port dmispd Sometimes an RPC port [trojan] Acropolis [trojan] Trinity [trojan] Blakharaz [trojan] Prosiak Empire Earth Empire Earth [trojan] Lion [trojan] T0rn Rootkit [trojan] Lion [trojan] T0rn Rootkit [trojan] Son of PsychWard [trojan] Son of PsychWard [trojan] Spirit 2000 [trojan] Spirit 2001 [trojan] Big Gluck

34324 tcp TinyTelnetServer [trojan] Tiny Telnet Server 34324 tcp TN [trojan] TN 34444 tcp DonaldDick [trojan] Donald Dick 34555 udp Trinoo(forWindows) [trojan] Trinoo (for Windows) 35555 udp Trinoo(forWindows) [trojan] Trinoo (for Windows) 37237 tcp Mantis [trojan] Mantis 37266 tcp TheKillerTrojan [trojan] The Killer Trojan 37651 tcp YetAnotherTrojan [trojan] Yet Another Trojan - YAT 37849 tcp officescan OfficeScan webserver 37852 udp linkproof Radware LinkProof Content Mgmt 38293 udp NortonAntiVirus Norton Anti-Virus host discovery 38741 tcp CyberSpy [trojan] CyberSpy 39507 tcp Busters [trojan] Busters 40412 tcp TheSpy [trojan] The Spy 40421 tcp Agent40421 [trojan] Agent 40421 40421 tcp MastersParadise [trojan] Masters Paradise 40422 tcp MastersParadise [trojan] Masters Paradise 40423 tcp MastersParadise [trojan] Masters Paradise 40423 tcp MastersParadise [trojan] Masters Paradise 40425 tcp MastersParadise [trojan] Masters Paradise 40426 tcp MastersParadise [trojan] Masters Paradise 40841 tcp cscp CSCP 40841 udp cscp CSCP 40842 tcp csccredir CSCCREDIR 40842 udp csccredir CSCCREDIR 40843 tcp csccfirewall CSCCFIREWALL 40843 udp csccfirewall CSCCFIREWALL 41337 tcp Storm [trojan] Storm 41524 udp ArcServe Arc Serve (looks for license violations) 41666 tcp RemoteBootTool [trojan] Remote Boot Tool RBT 43188 tcp reachout 43188 udp reachout REACHOUT 43189 tcp ndm-agent-port NDM-AGENT-PORT 43189 udp ndm-agent-port NDM-AGENT-PORT 43190 tcp ip-provision IP-PROVISION 43190 udp ip-provision IP-PROVISION 43330 udp litmus-3.0-cmd [trojan] Litmus Trojan v3.0 command channel 43594 tcp runescape Runescape (game) 43981 udp vicar Vicar networks X10 mgmt 44333 tcp winroute WinRoute Pro (admin port) 44333 udp winroute WinRoute Pro (admin port) 44444 tcp Prosiak [trojan] Prosiak 44575 tcp Exploiter [trojan] Exploiter 44767 udp SchoolBus [trojan] School Bus 44818 tcp rockwell-encap Rockwell Encapsulation 44818 udp rockwell-encap Rockwell Encapsulation

45000 tcp 45054 tcp 45054 udp 45559 tcp 45673 tcp 45678 tcp 45678 udp 45966 tcp 45966 udp 46626 tcp 46882 tcp 47000 tcp 47000 udp 47017 tcp 47262 udp 47262 udp 47557 tcp 47557 udp 47624 tcp 47624 udp 47806 tcp 47806 udp 47808 tcp Networks 47808 udp Networks 48000 tcp 48000 udp 48001 tcp 48001 udp 48002 tcp 48002 udp 48003 tcp 48003 udp 48004 tcp 48006 tcp 48556 tcp 48556 udp 49000 tcp 49301 tcp 50000 tcp 50000 tcp 50000 tcp 50130 tcp 50505 tcp 50505 tcp 50766 tcp 50766 tcp 50766 tcp

cisco-ids CiscoSecure IDS communication invision-ag InVision AG invision-ag InVision AG Maniacrootkit [trojan] Maniac rootkit Acropolis [trojan] Acropolis eba EBA PRISE eba EBA PRISE ssr-servermgr SSRServerMgr ssr-servermgr SSRServerMgr Psychward [trojan] Psychward Psychward [trojan] Psychward mbus Message Bus mbus Message Bus T0rnRootkit [trojan] T0rn Rootkit DeltaSource [trojan] Delta Source DeltaSource [trojan] Delta Source dbbrowse Databeam Corporation dbbrowse Databeam Corporation directplaysrvr Direct Play Server directplaysrvr Direct Play Server ap ALC Protocol ap ALC Protocol bacnet Building Automation and Control bacnet Building Automation and Control

nimcontroller Nimbus Controller nimcontroller Nimbus Controller nimspooler Nimbus Spooler nimspooler Nimbus Spooler nimhub Nimbus Hub nimhub Nimbus Hub nimgtw Nimbus Gateway nimgtw Nimbus Gateway FraggleRock [trojan] Fraggle Rock FraggleRock [trojan] Fraggle Rock com-bardac-dw com-bardac-dw com-bardac-dw com-bardac-dw FraggleRock [trojan] Fraggle Rock OnLineKeyLogger [trojan] OnLine KeyLogger SubSARI [trojan] SubSARI ibm-db2 IBM DB2 generic listener Terrarium MS .NET Terrarium Enterprise [trojan] Enterprise SocketsdesTroie [trojan] Sockets des Troie SocketsdeTroie [trojan] Sockets de Troie Fore [trojan] Fore Fore [trojan] Fore Schwindler [trojan] Schwindler

51100 tcp freedom ZeroKnowledge Freedom Firewall 51100 udp freedom ZeroKnowledge Freedom Firewall 51101 udp freedom ZeroKnowledge Freedom Firewall 51102 tcp freedom ZeroKnowledge Freedom Firewall 51107 tcp freedom ZeroKnowledge Freedom Firewall 51109 udp freedom ZeroKnowledge Freedom Firewall 51140 tcp freedom ZeroKnowledge Freedom Firewall 51966 tcp Cafeini [trojan] Cafeini 51966 tcp Cafeini [trojan] Cafeini 52317 tcp AcidBattery2000 [trojan] Acid Battery 2000 52317 tcp AcidBattery2000 [trojan] Acid Battery 2000 53001 tcp RemoteWindowsShutdown [trojan] Remote Windows Shutdown 53001 tcp RemoteWindowsShutdown [trojan] Remote Windows Shutdown - RWS 54283 tcp SubSeven2.1Gold [trojan] SubSeven 2.1 Gold 54283 tcp SubSeven [trojan] SubSeven 54283 tcp SubSeven [trojan] SubSeven 54320 tcp BackOrifice2000 [trojan] Back Orifice 2000 54320 tcp BackOrifice2000 [trojan] Back Orifice 2000 54321 tcp BackOrifice2000 [trojan] Back Orifice 2000 54321 tcp SchoolBus [trojan] School Bus 54321 tcp SchoolBus [trojan] School Bus 54321 udp BackOrifice2000 [trojan] Back Orifice 2000 55165 tcp WMTrojanGenerator [trojan] WM Trojan Generator 55166 tcp WMTrojanGenerator [trojan] WM Trojan Generator 57341 tcp NetRaider [trojan] NetRaider 57341 tcp NetRaider [trojan] NetRaider 58339 tcp ButtFunnel [trojan] Butt Funnel 58339 tcp ButtFunnel [trojan] Butt Funnel 60000 tcp DeepThroat [trojan] Deep Throat 60000 tcp DeepThroat [trojan] Deep Throat 60000 tcp Foreplay [trojan] Foreplay 60000 tcp SocketsdesTroie [trojan] Sockets des Troie 60001 tcp Trinity [trojan] Trinity 60008 tcp Lion [trojan] Lion 60008 tcp T0rnRootkit [trojan] T0rn Rootkit 60068 tcp Xzip6000068 [trojan] Xzip 6000068 60068 tcp Xzip6000068 [trojan] Xzip 6000068 60411 tcp Connection [trojan] Connection 60411 tcp Connection [trojan] Connection 61348 tcp BunkerHill [trojan] Bunker-Hill 61348 tcp Bunker-Hill [trojan] Bunker-Hill

61439 tcp 61440 tcp 61441 tcp 61466 tcp 61466 tcp 61603 tcp 61603 tcp 63333 tcp 63485 tcp 63485 tcp 64101 tcp Manager 64101 tcp 65000 tcp 65000 tcp 65000 tcp 65000 tcp 65000 tcp 65301 tcp 65390 tcp 65421 tcp 65432 tcp 65432 tcp 65432 udp 65432 udp 65530 tcp 65534 tcp 65534 tcp 65535 tcp 65535 tcp 65535 tcp 65535 tcp

netprowler Axent NetProwler manager netprowler Axent NetProwler manager netprowler Axent NetProwler sensor TeleCommando [trojan] TeleCommando TeleCommando [trojan] TeleCommando BunkerHill [trojan] Bunker-Hill Bunker-Hill [trojan] Bunker-Hill TrippLite Tripp Lite PowerAlert UPS BunkerHill [trojan] Bunker-Hill Bunker-Hill [trojan] Bunker-Hill TaskmanTaskManager [trojan] Taskman / Task Taskman [trojan] Taskman Devil [trojan] Devil Devil [trojan] Devil SocketsdesTroie [trojan] Sockets des Troie Stacheldrahtagent [trojan] Stacheldraht agent - handler Stacheldraht [trojan] Stacheldraht pcanywhere Eclypse [trojan] Eclypse Jade [trojan] Jade TheTraitor=th3tr41t0r [trojan] The Traitor (= th3tr41t0r) TheTraitor [trojan] The Traitor (= th3tr41t0r) TheTraitor=th3tr41t0r [trojan] The Traitor (= th3tr41t0r) TheTraitor [trojan] The Traitor (= th3tr41t0r) WindowsMite [trojan] Windows Mite sbininitd [trojan] /sbin/initd /sbin/initd [trojan] /sbin/initd Adoreworm [trojan] Adore worm RC1trojan [trojan] RC1 trojan RC1trojan [trojan] RC1 trojan Sins [trojan] Sins

BuSiNdRe