Full Disclosure mailing list archives
Ports used by trogens
From: Brian Phillips <brianphillips () onetel com>
Date: Sat, 21 May 2005 14:27:02 +0100
I read some time ago that malicious code when reporting home did not use port 80 or any of the other well known ports used for simple internet work. This means, as I understand it, that the home computer of the malicious code is constantly listening on some port other than port 80.
Is it still the case that the standard ports are not used by malicious code when reporting home?
If malicious code does not used the standard ports, then why not? As far as I can see (and my knowledge is very basic) there seems to be no reason why outgoing traffic from, say, a home computer, should not be directed to port 80 on the IP address of the home computer of the malicious code.
This question is of interest because one frequently see advice to the effect that all outgoing ports other than those which are required for use should be blocked. Clearly, if malicious code now uses, say port 80, then blocking unused ports will not increase the security of a computer.
Any comments (or corrections) would be gratefully received. Regards Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability, (continued)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ZATAZ.net (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
- Content detection in html payload with snort ? Frederic Charpentier (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ZATAZ.net (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Message not available
- Message not available
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Ports used by trogens Who? (May 21)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)