Page 381 - StudyBook.pdf

P. 381

Infrastructure Security: Devices and Media • Chapter 6 365

notice that even Trojan horse applications have well-known port numbers.A few of
these have been listed in Table 6.2.

Table 6.2 Well-known Ports of Trojan Horses

Trojan Horse Port

AimSpy 777
Back Oriﬁce 31337 and 31338 (modiﬁable)

Back Oriﬁce 2000 8787, 54320, and 54321 (modiﬁable)
OpwinTrojan 10000 and 10005
SubSeven 1243, 1999, 2773, 2774, 6667, 6711, 6712, 6713, 6776,
7000, 7215, 16959, 27374, 27573, and 54283 (depending
on the version)

WinSatan 999 and 6667

Unfortunately, for nearly every possible port number, there is a virus or Trojan
horse application that could be running there. For a more comprehensive list of
Trojans listed by the port they use, go to the SANS Institute Web site at
www.sans.org/resources/idfaq/oddports.php.

EXAM WARNING

The Security+ exam puts a great deal of weight on your knowledge of
speciﬁc well-known ports for common network services. The most
important ports to remember are:
20 FTP Active Mode Control Port (see the Security+ exam warning
on FTP for further information)
21 FTP Active Mode Data Port (see the Security+ exam warning on
FTP for further information)
22 Secure Shell (SSH)
23 Telnet
25 Simple Mail Transfer Protocol (SMTP)
80 Hypertext Transfer Protocol (HTTP)
110 Post Ofﬁce Protocol 3 (POP3)
119 Network News Transfer Protocol (NNTP)
143 Internet Message Access Protocol (IMAP)
443 SSL (HTTPS)
Memorizing these ports and the services that run on them will help
you with ﬁrewall and network access questions on the Security+ exam.

www.syngress.com

376 377 378 379 380 381 382 383 384 385 386