Port No. | Protocol | Service | Description |
40000-40840 | tcp/udp | # | Unassigned |
40193 |
tcp/udp |
# | Novell servers
can be crashed by sending
random data to this port. |
40403-40404 |
tcp |
# |
W32.Randex |
40412 |
tcp |
# |
The Spy |
40421 |
tcp |
# |
Agent 40421, Masters Paradise |
40422-40426 |
tcp |
# |
Masters Paradise |
40841 | tcp/udp | cscp | CSCP |
40842 | tcp/udp | csccredir | CSCCREDIR |
40843 | tcp/udp | csccfirewall | CSCCFIREWALL |
40844-41110 | tcp/udp | # | Unassigned |
41111 | tcp/udp | fs-qos | Foursticks QoS Protocol |
41112-41793 | tcp/udp | # | Unassigned |
41337 |
tcp |
# |
Storm |
41666 |
tcp |
# |
Remote Boot Tool - RBT |
41524 |
tcp/udp |
# | arcserve
Runs a discovery protocol on this port. |
41794 | tcp/udp | crestron-cip | Crestron Control Port |
41795 | tcp/udp | crestron-ctp | Crestron Terminal Port |
41796-42507 | tcp/udp | # | Unassigned |
41934 |
tcp |
# |
Ranky |
42321 |
tcp |
# |
Ranky |
42508 | tcp/udp | candp | Computer Associates network discovery protocol |
42509 | tcp/udp | candrp | CA discovery response |
42510 | tcp/udp | caerpc | CA eTrust RPC |
42511-43187 | tcp/udp | # | Unassigned |
43188 | tcp/udp | reachout | REACHOUT |
43189 | tcp/udp | ndm-agent-port | NDM-AGENT-PORT |
43190 | tcp/udp | ip-provision | IP-PROVISION |
43191-43440 | tcp/udp | # | Unassigned |
43287 |
tcp/udp |
# |
W32.Mytob |
43441 | tcp/udp | ciscocsdb | Cisco NetMgmt DB Ports |
43442-44320 | tcp/udp | # | Unassigned |
43958 |
tcp/udp |
# |
IRC.Aladinz |
44280 |
tcp/udp |
# |
Amitis |
44321 | tcp/udp | pmcd | PCP server (pmcd) |
44322 | tcp/udp | pmcdproxy | PCP server (pmcd) proxy |
43323-44552 | tcp/udp | # | Unassigned |
44390 |
tcp/udp |
# |
Amitis |
44444 |
tcp |
# |
Prosiak, W32.Kibuv |
44445-44446 |
tcp |
# |
W32.Kibuv |
44553 | tcp/udp | rbr-debug | REALbasic Remote Debug |
43554-44817 | tcp/udp | # | Unassigned |
44575 |
tcp |
# |
Exploiter |
44818 | tcp/udp | rockwell-encap | Rockwell Encapsulation |
44819-45053 | tcp/udp | # | Unassigned |
45000 |
tcp/udp |
# |
Cisco SAFE IDS / NetRanger
NetRanger (and IDS probe) regularly
communicates to the "Director"
(management console) via port 45000.
Among other things, this acts as a
hearbeat so that the console knows
the agent is alive. |
45054 | tcp/udp | invision-ag | InVision AG |
45055-45677 | tcp/udp | # | Unassigned |
45672 |
tcp/udp |
# |
Delf |
45678 | tcp/udp | eba | EBA PRISE |
45679-45965 | tcp/udp | # | Unassigned |
45836 |
tcp/udp |
# |
W32.HLLW.Graps |
45966 | tcp/udp | ssr-servermgr | SSRServerMgr |
45967-46998 | tcp/udp | # | Unassigned |
46999 | tcp/udp | mediabox | MediaBox Server |
47000 | tcp/udp | mbus | Message Bus |
47001-47017 | tcp/udp | # | Unassigned |
47017 |
tcp/udp |
# |
Part of rootkit "t0rn", a program
called "in.amqd" might run on this. |
47018-47556 | tcp/udp | # | Unassigned |
47262 |
udp |
# |
Delta Source |
47387 |
tcp/udp |
# |
Amitis |
47557 | tcp/udp | dbbrowse | Databeam Corporation |
47558-47623 | tcp/udp | # | Unassigned |
47624 | tcp/udp | directplaysrvr | Direct Play Server |
47625-47805 | tcp/udp | # | Unassigned |
47806 | tcp/udp | ap | ALC Protocol |
47807 | tcp/udp | # | Unassigned |
47808 | tcp/udp | bacnet | Building Automation and Control Networks |
47809-47999 | tcp/udp | # | Unassigned |
48000 | tcp/udp | nimcontroller | Nimbus Controller |
48001 | tcp/udp | nimspooler | Nimbus Spooler |
48002 | tcp/udp | nimhub | Nimbus Hub |
48003 | tcp/udp | nimgtw | Nimbus Gateway |
48004-48555 | tcp/udp | # | Unassigned |
48094 |
tcp |
# |
Nibu |
48556 | tcp/udp | com-bardac-dw | com-bardac-dw |
48557-48618 | tcp/udp | # | Unassigned |
48619 | tcp/udp | iqobject | iqobject |
48620-49150 | tcp/udp | # | Unassigned |
49151 | tcp/udp | # | IANA Reserved |
49301 |
tcp |
# |
OnLine KeyLogger |
49495 |
tcp |
# |
Danrit |
50021 |
tcp/udp |
# |
OptixPro |
50130 |
tcp |
# |
Enterprise |
50505 |
tcp/udp |
# |
Sockets de Troie
(A French Trojan Horse and virus) |
50766 |
tcp |
# |
Fore, Schwindler |
51966 |
tcp |
# |
Cafeini |
51234 |
tcp |
# |
Cyn |
51435 |
tcp |
# |
W32.Kalel |
52031 |
tcp/udp |
# |
Graybird |
52317 |
tcp |
# |
Acid Battery 2000 |
52559 |
tcp |
# |
AntiLam |
52901 |
udp |
# |
Possibly the Omega DDoS tool. |
53001 |
tcp |
# |
Remote Windows Shutdown - RWS |
53201 |
tcp |
# |
Backdoor.Ranck |
54112 |
tcp |
# |
Ranky |
54283 |
tcp |
# |
SubSeven, SubSeven 2.1 Gold |
54312 |
tcp/udp |
# |
Niovadoor |
54320 |
tcp |
# |
Back Orifice 2000 |
54321 |
tcp |
# |
Back Orifice 2000, School Bus |
54321 |
udp |
# |
A service that replies with the load
average of a machine. |
55000 |
tcp |
# |
Roxe |
55808 |
udp |
# |
Randex |
55165 |
tcp |
# |
File Manager trojan, File Manager trojan,
WM Trojan Generator |
55166 |
tcp |
# |
WM Trojan Generator |
55168 |
tcp |
# |
Haxdoor |
55665-55666 |
tcp/udp |
# |
Latinus |
57005 |
tcp |
# |
IRC.Cirebot |
57123 |
tcp |
# |
Mprox |
57341 |
tcp |
# |
NetRaider |
58339 |
tcp |
# |
Butt Funnel |
58343 |
tcp |
# |
Prorat |
58641 |
tcp |
# |
W32.Kalel |
58666 |
tcp/udp |
# |
Redkod |
60000 |
tcp |
# |
Deep Throat, Foreplay, Sockets des Troie |
60001 |
tcp |
# |
Trinity |
60068 |
tcp |
# |
Xzip 6000068 |
60101 |
tcp |
# |
Stealer |
60411 |
tcp |
# |
Connection |
61000 |
tcp/udp |
# |
Mite |
61001-61003 |
tcp |
# |
Chimo |
61137 |
tcp |
# |
W32.Mytob |
61282 |
tcp |
# |
W32.Squirm@mm, W32.Pandem.B.Worm |
61348 |
tcp |
# |
Bunker-Hill |
61466 |
tcp |
# |
TeleCommando |
61603 |
tcp |
# |
Bunker-Hill |
62514 |
udp |
# |
Cisco Systems, Inc. VPN Service to Cisco Systems IPSec Driver |
62515 |
udp |
# |
Cisco Systems IPSec Driver to Cisco Systems, Inc. VPN Service |
62516 |
udp |
# |
Cisco Systems, Inc. VPN Service to XAUTH |
62517 |
udp |
# |
XAUTH to Cisco Systems, Inc. VPN Service |
62518 |
udp |
# |
Cisco Systems, Inc. VPN Service to CLI |
62519 |
udp |
# |
CLI to Cisco Systems, Inc VPN Service |
62520 |
udp |
# |
Cisco Systems, Inc. VPN Service to UI |
62521 |
udp |
# |
UI to Cisco Systems, Inc. VPN Service |
62522 |
udp |
# |
Cisco Systems, Inc. Log Messages |
62523 |
udp |
# |
Connection Manager to Cisco Systems, Inc. VPN Service |
62524 |
udp |
# |
PPPTool to Cisco Systems, Inc. VPN Service |
63000-63001 |
tcp |
# |
W32.Gaobot |
63485 |
tcp |
# |
Bunker-Hill |
63809 |
tcp |
# |
Gaobot |
64101 |
tcp |
# |
Taskman |
64429 |
tcp |
# |
Amitis |
64444 |
tcp |
# |
Sdbot |
65000 |
tcp |
# |
Devil, Sockets des Troie, Stacheldraht, Roxrat |
65010 |
tcp |
# |
Roxrat |
65111 |
tcp |
# |
Microkos |
65301 |
udp |
# |
PCanywhere |
65390 |
tcp |
# |
Eclypse |
65421 |
tcp |
# |
Jade |
65432 |
tcp/udp |
# |
The Traitor (= th3tr41t0r) |
65475 |
tcp/udp |
# |
W32.Gaobot |
65528-65529 |
tcp |
# |
W32.Spybot |
65534 |
tcp |
# |
/sbin/initd |
65535 |
tcp |
# |
RC1 trojan |