The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Vulnerable Ports

This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats. We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please . Any feedback and suggestions can also be posted to our Security forum.

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |....| 43 
Port(s) Protocol Service Scan level Description
 900 udp games not scanned Command and Conquer Generals Zero Hour, Black and White
 901 tcp trojans Members scan NetDevil - remote access trojan, 02.2002. Affects Windows 9x/Me/NT/2k/XP

Port IANA registered for SMPNAMERES

Also used by VMware Virtual Infrastructure Client, Samba SWAT tool, ISS RealSecure Sensor
 902 tcp trojans Premium scan NetDevil - remote access trojan, 02.2002. Affects Windows 9x/Me/NT/2k/XP

Port IANA registered for self documenting Telnet Door

Also used by VMware Server Console, Ideafarm Chat, ISS RealSecure Sensor
 903 tcp trojans Premium scan NetDevil - remote access trojan, 02.2002. Affects Windows 9x/Me/NT/2k/XP

Port IANA registered for self documenting Telnet Door

Also used by Ideafarm-catch, ISS Console Manager, VMware Remote Console
 905 tcp trojans not scanned Backdoor.NetDevil.B (2002.12.27) - a variant of Backdoor.NetDevil. The trojan allows a hacker to remotely control the infected computer. The trojan opens port 905 for listening.
 910 tcp,udp applications not scanned DATAC RealWin SCADA Server Multiple Remote Buffer Overflow Vulnerabilities
References: [CVE-2011-1563], [BID-46937]

Kerberized Internet Negotiation of Keys (KINK) (IANA official) [RFC 4430]
 911 tcp trojans Premium scan Backdoor.NetCrack (2002.08.28) - a backdoor trojan that gives an attacker unauthorized access to an infected computer. By default it opens port 911 on the compromised computer. Backdoor.NetCrack is a Delphi application, packed using UPX v1.05-1.22.

Port is also used by Dark Shadow trojan.
Port is also IANA registered for xact-backup
 912 tcp apex Members scan Port assigned to the APEX (Application Exchange Core) protocol. It is an XML-based protocol designed for sending instant messages based on the Blocks Extensible Exchange Protocol (BEEP).

APEX also uses TCP port 913 as its endpoint-relay service. The APEX protocol has been replaced by the SIP, SIMPLE and XMPP protocols. Port 912 is used primarily to receive and send messages that are originated via the end-points located in port 913. Information sent and received via port 912 includes the endpoint that created it, a URI reference point, the endpoints that will receive it and other options.

RealFlex RealWin is a SCADA server package for medium and small applications designed to control and monitor real-time applications. The RealWin application runs an HMI service on port 912/tcp. This service is vulnerable to two stack-based buffer overflows. One vulnerability is caused by the use of sprintf() in the SCPC_INITIALIZE() and SCPC_INITIALIZE_RF() functions. The second vulnerability is caused by the use of strcpy() in the SCPC_TXTEVENT() function.
References: [CVE-2010-4142], [BID-44150]
 913 tcp,udp apex-edge not scanned APEX endpoint-relay service (IANA official) [RFC 3340]
 916 udp applications not scanned The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916.
References: [CVE-2007-1585], [BID-23063]
 943 tcp silverlight Members scan Port not officially assigned, used by Silverlight Microsoft plugin. Silverlight can add graphics, interactive and multimedia functionality to the Web browser. Port 943 was first used in Silverlight version 2 beta 2 release.

Websites with Silverlight-compatible content will send requests to the computer and access the policy file on port 943. Once the policy file is read, ports 4502-4534 can be used to send data to the Web browser.
 950 tcp rpc.statd Members scan Port used by rpc.statd background process. This daemon is a part of the Network File System (NFS) protocol. This protocol was developed by Sun Microsystems to allow a client to access files that are shared on a network. The rpc.statd daemon is a subsystem of NFS used mostly on UNIX and Linux platforms.

Port 950 can also be used in a malicious way. The port allows direct access to the syslog() function, which may be manipulated by unauthorized users.

The port has been used historically to start a buffer overflow and launch Distributed Denial of Service attacks.
 953 tcp,udp rdns not scanned Domain Name System (DNS) RDNC Service

IANA registered for: BIND9 remote name daemon controller (TCP)
 956 tcp trojan Premium scan Crat Pro
 959 tcp,udp applications not scanned Mac OS X RPC-based services. Used by NetInfo.
 983 tcp applications not scanned PlayStation Network and SCEA Game Servers use this port
 985 tcp applications not scanned NetInfo Static Port
 990 tcp,udp ftps Premium scan FTPS Protocol (control): FTP over TLS/SSL (official)
 991 tcp trojan Premium scan Snape
 992 tcp trojan Premium scan SoftEther VPN (Ethernet over HTTPS) uses TCP Ports 443, 992 and 5555

Malware using port 992 TCP: Snape trojan
 993 tcp,udp IMAP-SSL Premium scan IMAP over SSL
 995 tcp,udp POP3-SSL not scanned Incoming POP3 mail over SSL
used by Gmail
 999 tcp garcon Members scan Port used by ScimoreDB Database System

Trojans that run on this port: DeepThroat (a.k.a. DTV2, DTV3, BackDoor-J), F0replay (a.k.a. WiNNUke eXtreame), WinSatan

Delta Force game also uses port 999 (TCP/UDP)
 1000 tcp trojans Members scan Trojans using this port: Der Spaeher, Direct Connection, GOTHIC Intruder, Theef
 1000 udp games not scanned Burnout Paradise - The Ultimate Box, developer: Criterion Games
 1001 tcp trojans Members scan Trojans using this port: Der Spaeher, Le Guardien, Silencer, WebEx, GOTHIC Intruder, Lula, One Windows Trojan, Theef

The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001.
References: [CVE-2002-1191], [BID-5974]

Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
References: [CVE-2014-4334]

IANA registered for: HTTP Web Push
 1001 udp games not scanned Tom Clancy's H.A.W.X., developer: Ubisoft Romania
 1002 tcp ms-ils Basic scan Windows Internet Locator Server service, used by MS NetMeeting. ILS is a MS NetMeeting service that is now preferred by MS over the Internet standard LDAP service (port 389). This port does not appear in "netstat" comand listings.
 1003 tcp trojan Premium scan BackDoor 2.0x trojan horse
 1005 tcp trojans Premium scan Trojan.Nitedrem
[trojan] Pest (remote access, keyloger, steals passwords, backdoor)
[trojan] Theef - anti-protection, remote access, keylogger, port proxy, FTP server, a.k.a. Backdoor.Theef, BackDoor.QW, Bkdr_Delf.AX

ipcserver - Mac OS X RPC-based services. Used by NetInfo, for example.
 1008 tcp trojans Premium scan AutoSpY, li0n
 1010 tcp trojans Premium scan Used by Doly trojan (v1.35 uses port 1010, v1.5 uses port 1015) and CafeIni 0.9.
 1011 tcp trojans Premium scan Used by Doly trojan (v1.35 uses port 1010, v1.5 uses port 1015)
 1012 tcp trojan Premium scan Doly Trojan 1.5
 1015 tcp trojans Premium scan Used by Doly trojan (v1.35 uses port 1010, v1.5 uses port 1015)
 1016 tcp trojan Premium scan Doly Trojan
 1020 tcp trojans Premium scan Port used by Vampire remote access trojan, 06.1999. Works on Windows 9x/NT. Uses ports 1020 and 6669.
 1021 tcp trojans Premium scan Trojan.Webus.H (07.12.2005) - trojan horse with backdoor capabilities. It attempts to disable anti-virus programs, connects to an IRC server on ports 1021/tcp or 1088/tcp, and listens for remote commands.
 1023 tcp trojan Premium scan Sasser.e FTP
 1024 tcp kdm Basic scan K Display Manager (KDE version of xdm)

Trojans taht use this port: Jade, Latinus, Lithium, NetSpy, Ptakks, RAT, YAI
Backdoor.Lingosky 04.28.2005 - trojan with backdoor capabilities. Opens a backdoor on port 1024/tcp.

Applications using this port: AIM Video IM, ICUII, NetMeeting with H323, Lingo VoIP, Battlefield 2142, Everquest

The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
References: [CVE-1999-0816]
 1025-1029 tcp,udp NFS, IIS, etc. Basic scan Ports > 1024 are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at 1025.

Ports 1026/udp - 1027/udp are usually used by Messenger Popup Spam as well.
 1026 tcp,udp cap not scanned Calendar Access Protocol [Doug_Royer] (IANA official)
 1027 tcp trojans not scanned Infostealer.ABCHlp (2003.05.06) - a password-stealing, Backdoor trojan horse. The program attempts to send password information from a compromised computer to an address in China. By default it makes use of port 1027.

ICKiller trojan uses this port

Microsoft operating systems tend to allocate one or more publicly exposed services (DCOM, etc.) among the first few ports immediately above the end of the system ports (1024+).
 1027 udp 6a44 not scanned IPv6 Behind NAT44 CPEs [IESG] (IANA official) [RFC 6751]
 1030 tcp trojans Members scan Gibbon, KWM trojans

Need for Speed 3- Hot Pursuit game

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by
extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.
References: [CVE-2014-4686]
 1031 tcp trojans Premium scan KWM, Little Witch, Xanadu, Xot
 1032 tcp trojans Premium scan Akosch4, Dosh, ICQ Trojan, KWM

W32.Grifout.Worm (2002.02.27) - a 32-bit Internet worm. It spreads by using MAPI to send email through Microsoft Outlook.

This worm runs in memory at Windows startup and maintains a socket connection across the Internet. The connection is designed to allow a connection from a controlling client application, which can remotely manipulate the infected system .
 1033 tcp trojans Premium scan Port used by Netspy2, Dosh, ICQ Trojan, KWM, Little Witch, Net Advance, NetSpy trojans
 1034 tcp trojans Members scan Backdoor.Systsec - remote acess trojan, 02.2002. Affects all current Windows versions.
Backdoor.Zincite.A (2004.07.27) - backdoor server program that allows unauthorized access to the compromised computer. It runs and listens for remote commands on port 1034/tcp.
W32.Mydoom.CI@mm (2005.09.27) - mass-mailing worm with backdoor capabilities. Uses its own SMTP engine.

KWM trojan also uses this port.
 1035 tcp trojans Premium scan Backdoor.Sedepex (11.01.2005) - a trojan with backdoor capabilities. It ends various security related processes on the comromised computer. Opens a backdoor and listens for remote commands on port 1035/tcp or 1040/tcp.

Some other trojans using this port: Dosh, KWM, Multidropper, Truva Atl,
RemoteNC
 1036 tcp trojan Premium scan KWM
 1037 tcp trojans Premium scan Arctic , Dosh, KWM, MoSucker
 1038 tcp,udp mtqp not scanned Message Tracking Query Protocol (IANA official) [RFC 3887]
 1039 tcp trojans Members scan Backdoor.Gapin (2003.02.27) - a backdoor trojan that gives an attacker unauthorized access to your computer. By default this backdoor opens TCP port 1039 to allow access to the hacker. This threat is written in the Microsoft Visual Basic programming language.

Dosh trojan uses this port.

Port is also IANA registered for Streamlined Blackhole
 1040 tcp trojans Members scan Backdoor.Sedepex (2005.11.01) - a trojan with backdoor capabilities. It ends various security related processes on the comromised computer. Opens a backdoor and listens for remote commands on port 1035/tcp or 1040/tcp.

Backdoor.Medias (2004.03.27) - a trojan horse that installs itself as a Browser Helper Object.

WebCam Monitor also uses port 1040 (TCP/UDP).
 1041 tcp trojans Premium scan Dosh, RemoteNC
 1042 tcp trojans Premium scan Trojans that use this port: Bla1.1, MyDoom.L
 1042 udp games not scanned Battlestations: Midway
 1043 tcp trojan Premium scan Dosh
 1044 tcp,udp trojan not scanned Ptakks
 1045 tcp trojan Premium scan Rasmin trojan
 1047 tcp trojans Premium scan GateCrasher.b, GateCrasher.c, RemoteNC
 1049 tcp trojans Premium scan [trojan] /sbin/initd - reported on Linux hosts as a hacked backdoor along with tcp port 65534
 1050 tcp trojans Basic scan MiniCommand trojan

MS DNS Server on Windows Server 2003 machines may possibly use this port for DNS if other ports are being blocked by a firewall. See MS KB 198410, registry key "SendOnNonDnsPort" (unconfirmed).

IANA registered for: CORBA Management Agent
 1052 tcp trojans Members scan W32.Reatle.mm@mm (07.15.2005) - mass-mailing worm that exploits the MS Windows LSASS Buffer Overrun Vulnerability ([MS04-011]) on TCP port 445. Opens a backdoor by running an FTP server on port 8885/tcp. Also attempts to perform a denial of service attack against www.symantec.com by targeting port 1052/tcp with randomly generated packets.

W32.Reatle.C@mm (07.19.2005) - another variant of the above mass-mailing worm. Opens a backdoor on port 8885/tcp and attempts to perform a denial of service attack against www.symantec.com on port 1052/tcp.

W32.Reatle.E@mm (08.02.2005) - a mass-mailing worm that opens a backdoor and also spreads by exploiting the MS DCOM RPC Vulnerability ([MS03-026]) on port 135/tcp. It uses its own SMTP engine to email itself to gathered email addresses. Opens an FTP server on port 1155/tcp. Opens a proxy server on port 2005/tcp. It also attempts to perform denial of service (DDoS) attack agains known security websites on port 1052/tcp. Note: port 1052 corresponds to the dynamic DNS service.

Fire HacKer, Slapper, The Hobbit Daemon trojans also use this port.
 1053 tcp trojan Premium scan The Thief
 1054 tcp trojans Premium scan RemoteNC, AckCmd
 1068 udp games not scanned Will Rock, developer: Saber Interactive
 1069 udp games not scanned Will Rock, developer: Saber Interactive
 1071 tcp applications not scanned DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow.
References: [CVE-2005-2305], [BID-14263]

Port is also IANA registered for BSQUARE-VOIP
 1073 tcp applications not scanned DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow.
References: [CVE-2005-2305], [BID-14263]

Port is also IANA registered for Bridge Control
 1080 tcp socks Members scan Socks Proxy is an Internet proxy service, potential spam relay point.

Common programs using this port: Wingate

Trojans/worms that use this port as well:
Bugbear.xx - wide-spread mass-mailing worm, many variants. More info
SubSeven - remote access trojan, 03.2001. Afects all current Windows versions.
WinHole - remote access trojan, 01.2000 (a.k.a. WinGate, Backdoor.WLF, BackGate). Affects Windows 9x.
Trojan.Webus.C - remote access trojan, 10.12.2004. Affects all current Windows versions. Connects to an IRC server (on port 8080) and opens a backdoor on TCP port 10888 or 1080.

Mydoom.B (2004.01.28) - mass-mailing worm that opens a backdoor into the system. The backdoor makes use of TCP ports 80, 1080, 3128, 8080, and 10080.

Backdoor.Lixy (2003.10.08) - a backdoor trojan horse that opens a proxy server on TCP port 1080.

W32.HLLW.Deadhat (2004.02.06) - a worm with backdoor capabilities. It attempts to uninstall the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms, and then it spreads to other systems infected with Mydoom. Also, it spreads through the Soulseek file-sharing program.

WinHole, Wingate, Bagle.AI trojans also use this port.

Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request to TCP port 6588 or a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
References: [CVE-2002-1001] [BID-5139]

Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080.
References: [CVE-2004-0315] [BID-9721]
 1081 tcp trojans Premium scan Backdoor.Zagaban (11.04.2005) - a trojan that allows the compromised computer to be used as a covert proxy. Allows the attacker to modify the hosts file. Starts a covert proxy and listens on port 1081/tcp.

WinHole trojan also uses port 1081.
 1082 tcp trojan Members scan Backdoor.Sincom (2003.10.09) - a backdoor trojan horse that gives the trojan's author unauthorized access to an infected computer. It allows the author to control the system through a TCP connection, through an FTP server, or have the backdoor program reconnect to the attacker's computer.

WinHole trojan

Port is IANA registered for: AMT-ESD-PROT
 1083 tcp trojan Premium scan WinHole trojan
 1088 tcp trojans Premium scan Trojan.Webus.D (11.12.2004) - remote access trojan, affects all current Windows versions. Opens a backdoor by connecting via port 1088 to IRC servers serv.gigaset.org or gimp.robobot.org. It then can receive a range of commands, including downloading and executing remote files. It can also open another random tcp port for incoming connections.

Trojan.Webus.E (04.05.2005) - trojan that opens a backdoor and connects to IRC servers for remote access on port 1088/tcp.

Trojan.Webus.H (07.12.2005) - trojan horse with backdoor capabilities. It attempts to disable anti-virus programs, connects to an IRC server on ports 1021/tcp or 1088/tcp, and listens for remote commands.
 1090 tcp trojans Premium scan Port used by Xtreme remote access trojan with keylogger capabilities. It also installs NetBus 2.1 Pro in the background.

Jana Server is vulnerable to a denial of service attack. A remote attacker could send specially-crafted data to the http-server module listening on TCP port 2506 and the pna-proxy module listening on TCP port 1090 to cause the server to enter into an infinite loop.
References: [BID-11780], [XFDB-18308]

Port is also IANA registered for FF Fieldbus Message Specification (TCP/UDP)
 1092 tcp trojan Premium scan Hvl RAT
 1095-1099 tcp trojans Members scan Some trojans use these ports: Blood Fest Evolution, Hvl RAT (also uses port 2283), Remote Administration Tool - RAT
 1098 tcp rmiactivation not scanned HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
References: [CVE-2012-2561]

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
References: [CVE-2013-3693], [SECUNIA-55187]

RMI Activation (IANA official)
 1099 tcp rmiregistry not scanned HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.
References: [CVE-2012-2561]

RMI Registry (TCP/UDP) (IANA official)
 1100 tcp trojan Premium scan CafeIni 0.9 trojan horse

HP StorageWorks Storage Mirroring (SWSM) software is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the DoubleTake.exe process when handling authentication requests. By sending an encoded authentication request to TCP ports 1100, 1106 and UDP port 1105, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2008-1661]

Port is also IANA registered for MCTP
 1101 tcp applications not scanned ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212.
References: [CVE-2011-4534], [BID-51897]

Backdoor.Hatckel - a backdoor Trojan that gives an attacker unauthorized access to an infected computer. By default it opens 15 ports on the infected computer: 1101 to 1115. Backdoor.Hatckel is written in Visual Basic.
 1104 udp trojan not scanned RexxRave trojan
 1105 udp applications not scanned HP StorageWorks Storage Mirroring (SWSM) software is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the DoubleTake.exe process when handling authentication requests. By sending an encoded authentication request to TCP ports 1100, 1106 and UDP port 1105, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2008-1661]

Port is also IANA registered for FTRANHC
 1106 tcp applications not scanned HP StorageWorks Storage Mirroring (SWSM) software is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the DoubleTake.exe process when handling authentication requests. By sending an encoded authentication request to TCP ports 1100, 1106 and UDP port 1105, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2008-1661]
 1111 tcp trojans Members scan Trojans that use this port:
Backdoor.AIMvision - remote access trojan, 10.2002. Affects all current Windows versions.
Backdoor.Ultor - remote access trojan, 06.2002. Affects Windows, listens on port 1111 or 1234.
Backdoor.Daodan - VB6 remote access trojan, 07.2000. Affects Windows.
W32.Suclove.A@mm (09.26.2005) - a mass-mailing worm with backdoor capabilities that spreads through MS Outlook and MIRC. Opens a backdoor and listens for remote commands on port 1111/tcp.

Daodan, Tport trojans also use this port.

The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
References: [CVE-2005-4216], [BID-15822]

Port is also IANA registered for: LM Social Server
 1113 tcp,udp ltp-deepspace not scanned Licklider Transmission Protocol (IANA official) [RFC 5326]
 1115 tcp trojans Premium scan Lurker, Protoss

Backdoor.Hatckel - a backdoor Trojan that gives an attacker unauthorized access to an infected computer. By default it opens 15 ports on the infected computer: 1101 to 1115. Backdoor.Hatckel is written in Visual Basic.
 1116 tcp trojan Premium scan Lurker trojan
 1117 tcp trojans Premium scan W32.Zotob.D (08.16.2005) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. Conects to IRC servers to listen for remote commands on port 6667/tcp. Also opens an FTP server on port 1117/tcp.
 1118 tcp,udp sacred not scanned SACRED (IANA official) [RFC 3767]
 1119 tcp,udp games not scanned Blizzard Downloader
Starcraft II: Wings of Liberty (Blizzard)
 1120 tcp games not scanned Starcraft II: Wings of Liberty, developer: Blizzard
 1122 tcp,udp trojans Premium scan Trojans that use this port: Last 2000, Singularity (Backdoor.Singu)

Port is also IANA registered for: availant-mgr
 1128 tcp applications not scanned The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.
References: [CVE-2013-3319] [SECUNIA-54277]
 1129 tcp trojans Members scan Backdoor.Anyserv (2004.03.25) - a trojan horse that gives the author unauthorized remote access to an infected computer. Due to bugs in the code of Backdoor.Anyserv, some operations may not complete successfully.

Port is IANA registered for: SAPHostControl over SOAP/HTTPS
 1130 tcp trojan Premium scan Noknok trojan
 1133 tcp trojan Premium scan SweetHeart
 1137 tcp trojan Premium scan MTX trojan horse

Vulnerabilities listed: 100 (some use multiple ports)
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About