Shortcuts
|
Port 25 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
25 |
tcp |
SMTP |
SMTP (Simple Mail Transfer Protocol). Many worms contain their own SMTP engine and use it to propagate by mass-mailing the payload, often also spoofing the "From: ..." field in emails. If you are not running a mail server that you're aware of, there is a possibility your system is infected.
Integer overflow in Apple Safari [CVE-2010-1099], Arora [CVE-2010-1100], Alexander Clauss iCab [CVE-2010-1101], OmniWeb [CVE-2010-1102], Stainless [CVE-2010-1103] allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
List of some trojan horses/backdoors that use this port: Ajan, Antigen, Barok, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy, Aji, Email Worms, Haebu Coceda, Loveletter, Neabi, Shtrilitz.
W32.Sober.I@mm [Symantec-2004-111900-1451-99] (2004.11.19) - mass-mailing worm that uses its own SMTP engine. Affects all current Windows versions. Checks network connectivity by contacting a NTP server on port 37/tcp.
Trojan.Mitglieder.R [Symantec-2005-070117-2559-99] (2005.07.01) - trojan with backdoor capabilities. It runs a SOCKS4 proxy server and periodically contacts websites with information about the compromised computer. Attempts to open a back door on port 9040/tcp. Might also initiate a SMTP spam relay server on port 25/tcp.
W32.Beagle.CX@mm [Symantec-2005-121511-1751-99] (2005.12.15) - mass-mailing worm that uses its own SMTP engine to spread Trojan.Lodear.E [Symantec-2005-110111-3344-99]. Also opens a backdoor on port 80/tcp and lowers security settings on the compromised computer.
Backdoor.Rustock [Symantec-2006-060111-5747-99] (2006.06.01) - backdoor program that allows the compromised computer to be used as a proxy, uses rootkit techniques to hide its files and registry entries.
NJStar Communicator is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the MiniSMTP server when processing packets. By sending a specially-crafted request to TCP port 25, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2011-4040], [XFDB-71086], [BID-50452]
Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended.
References: [CVE-2021-43270]
Trojan.Win32.Barjac / Remote Stack Buffer Overflow - Trojan.Win32.Barjac makes SMTP connection to Port 25, upon processing the server response we control, we overwrite instruction pointer (EIP), undermining the integrity of the trojan.
References: [MVID-2021-0011] |
SG
|
25 |
udp |
games |
Final Fantasy XI |
SG
|
25 |
tcp |
|
Simple Mail Transfer Protocol (SMTP) - used for e-mail routing between mail servers (official) |
Wikipedia
|
25 |
tcp |
trojan |
Antigen, Barok, BSE, Email Password Sender , Gip, Laocoon, Magic Horse, MBT , Moscow Email trojan, Nimda, Shtirlitz, Stukach, Tapiras, WinPC |
Trojans
|
25 |
tcp,udp |
applications |
SMTP |
Portforward
|
25 |
tcp |
Ajan |
[trojan] Ajan |
Neophasis
|
25 |
tcp |
Antigen |
[trojan] Antigen |
Neophasis
|
25 |
tcp |
Barok |
[trojan] Barok |
Neophasis
|
25 |
tcp |
BSE |
[trojan] BSE |
Neophasis
|
25 |
tcp |
EmailPasswordSender |
[trojan] Email Password Sender - EPS |
Neophasis
|
25 |
tcp |
EPSII |
[trojan] EPS II |
Neophasis
|
25 |
tcp |
Gip |
[trojan] Gip |
Neophasis
|
25 |
tcp |
Gris |
[trojan] Gris |
Neophasis
|
25 |
tcp |
Happy99 |
[trojan] Happy99 |
Neophasis
|
25 |
tcp |
Hpteammail |
[trojan] Hpteam mail |
Neophasis
|
25 |
tcp |
Hybris |
[trojan] Hybris |
Neophasis
|
25 |
tcp |
Iloveyou |
[trojan] I love you |
Neophasis
|
25 |
tcp |
Kuang2 |
[trojan] Kuang2 |
Neophasis
|
25 |
tcp |
MagicHorse |
[trojan] Magic Horse |
Neophasis
|
25 |
tcp |
MBTMailBombingTrojan |
[trojan] MBT (Mail Bombing Trojan) |
Neophasis
|
25 |
tcp |
MBT |
[trojan] MBT (Mail Bombing Trojan) |
Neophasis
|
25 |
tcp |
MoscowEmailtrojan |
[trojan] Moscow Email trojan |
Neophasis
|
25 |
tcp |
Naebi |
[trojan] Naebi |
Neophasis
|
25 |
tcp |
NewAptworm |
[trojan] NewApt worm |
Neophasis
|
25 |
tcp |
ProMailtrojan |
[trojan] ProMail trojan |
Neophasis
|
25 |
tcp |
Shtirlitz |
[trojan] Shtirlitz |
Neophasis
|
25 |
tcp |
Stealth |
[trojan] Stealth |
Neophasis
|
25 |
tcp |
Stukach |
[trojan] Stukach |
Neophasis
|
25 |
tcp |
Tapiras |
[trojan] Tapiras |
Neophasis
|
25 |
tcp |
Terminator |
[trojan] Terminator |
Neophasis
|
25 |
tcp |
WinPC |
[trojan] WinPC |
Neophasis
|
25 |
tcp |
WinSpy |
[trojan] WinSpy |
Neophasis
|
25 |
tcp |
threat |
Ajan |
Bekkoame
|
25 |
tcp |
threat |
Antigen |
Bekkoame
|
25 |
tcp |
threat |
Bancos |
Bekkoame
|
25 |
tcp |
threat |
Barok |
Bekkoame
|
25 |
tcp |
threat |
Chimo |
Bekkoame
|
25 |
tcp |
threat |
Email Password Sender - EPS |
Bekkoame
|
25 |
tcp |
threat |
EPS II |
Bekkoame
|
25 |
tcp |
threat |
Gip |
Bekkoame
|
25 |
tcp |
threat |
Gris |
Bekkoame
|
25 |
tcp |
threat |
Happy99 |
Bekkoame
|
25 |
tcp |
threat |
Hpteam mail |
Bekkoame
|
25 |
tcp |
threat |
Hybris |
Bekkoame
|
25 |
tcp |
threat |
I love you |
Bekkoame
|
25 |
tcp |
threat |
Kuang2 |
Bekkoame
|
25 |
tcp |
threat |
Magic Horse |
Bekkoame
|
25 |
tcp |
threat |
MBT (Mail Bombing Trojan) |
Bekkoame
|
25 |
tcp |
threat |
Mitglieder |
Bekkoame
|
25 |
tcp |
threat |
Moscow Email trojan |
Bekkoame
|
25 |
tcp |
threat |
Naebi |
Bekkoame
|
25 |
tcp |
threat |
NewApt worm |
Bekkoame
|
25 |
tcp |
threat |
ProMail trojan |
Bekkoame
|
25 |
tcp |
threat |
Rustock |
Bekkoame
|
25 |
tcp |
threat |
Shtirlitz |
Bekkoame
|
25 |
tcp |
threat |
Stealth |
Bekkoame
|
25 |
tcp |
threat |
Tapiras |
Bekkoame
|
25 |
tcp |
threat |
Terminator |
Bekkoame
|
25 |
tcp |
threat |
W32.Beagle |
Bekkoame
|
25 |
tcp |
threat |
W32.HLLP.Sality |
Bekkoame
|
25 |
tcp |
threat |
WinPC |
Bekkoame
|
25 |
tcp |
threat |
WinSpy |
Bekkoame
|
25 |
tcp,udp |
smtp |
Simple Mail Transfer [RFC5321] , modified: 2017-06-05 |
IANA
|
|
63 records found
|
jump to:
|
Related ports: 26 110 143 125 465 2525 110 443
« back to SG Ports
External Resources
SANS ISC: port 25
Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify
a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly
used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
TCP ports use the Transmission Control Protocol, the most commonly used protocol
on the Internet and any TCP/IP network. TCP enables two hosts
to establish a connection and exchange streams of data. TCP guarantees delivery of data
and that packets will be delivered in the same order in which they were sent.
Guaranteed communication/delivery is the key difference between TCP and UDP.
UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol)
and facilitates the transmission of datagrams from one computer to applications on another computer,
but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received
the message to process any errors and verify correct delivery. UDP is often used with time-sensitive
applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.
When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.
This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command.
We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software.
For more detailed and personalized help please use our forums.
Please use the "Add Comment" button below to provide additional information or comments about port 25.
|
|
|
|