Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Ports used by trogens
From: Brian Phillips <brianphillips () onetel com>
Date: Sat, 21 May 2005 14:27:02 +0100

I read some time ago that malicious code when reporting home did not use port 80 or any of the other well known ports used for simple internet work. This means, as I understand it, that the home computer of the malicious code is constantly listening on some port other than port 80.

Is it still the case that the standard ports are not used by malicious code when reporting home?

If malicious code does not used the standard ports, then why not? As far as I can see (and my knowledge is very basic) there seems to be no reason why outgoing traffic from, say, a home computer, should not be directed to port 80 on the IP address of the home computer of the malicious code.

This question is of interest because one frequently see advice to the effect that all outgoing ports other than those which are required for use should be blocked. Clearly, if malicious code now uses, say port 80, then blocking unused ports will not increase the security of a computer.

Any comments (or corrections) would be gratefully received.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]