Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Ports used by trogens
From: Who? <shaitan11 () gmail com>
Date: Sat, 21 May 2005 20:40:52 -0500

Malicious code can be run on any port, and even more malicious code
wont run with TCP ports anyways, it will use icmp or some other form
of ip protocol to bypass filtering software. Blocking ports does
increase the security of a system, but further measures are needed if
you wish to have a "secure" system.

On 5/21/05, Brian Phillips <brianphillips () onetel com> wrote:
I read some time ago that malicious code when reporting home did not use
port 80 or any of the other well known ports used for simple internet
work. This means, as I understand it, that the home computer of the
malicious code is constantly listening on some port other than port 80.

Is it still the case that the standard ports are not used by malicious
code when reporting home?

If malicious code does not used the standard ports, then why not?   As
far as I can see (and my knowledge is very basic) there seems to be no
reason why outgoing traffic from, say, a home computer, should not be
directed to port 80 on the IP address of the home computer of the
malicious code.

This question is of interest because one frequently see advice to the
effect that all outgoing ports other than those which are required for
use should be blocked.   Clearly, if malicious code now uses, say port
80, then blocking unused ports will not increase the security of a
computer.

Any comments (or corrections) would be gratefully received.

Regards

Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault