1 AOL TCP 5190 #AOL Instant Messanger
2 AP-Defender TCP 2626 #Defender Authentication Service
3 BackDoor-Setup TCP 5000 #Use by Boinet Lite, Blazer 5, Bubbel Trojans
4 Backage TCP 411 #Backage Trojan
5 BackDoor-G TCP 1243 #Also used by Subseven, Tiles Trojans
6 Citrix-ICA TCP 1494 #ICA Gerneral Service
7 Connect-BackDoor TCP 4000 #Also used by SkyDance Trojan
8 CrackDown TCP 4444 #Crackdown Trojan
9 DaCryptic TCP 1074 #DaCryptic Trojan
10 DameWare TCP 6129 #DameWare Mini Remote Control Protocol
11 DayTime TCP 13 UDP 13 #DayTime Server Protocol
12 DerSphere TCP 1000 #Also used by Insane Network Trojans
13 DerSphere-II TCP 2000 #Also used by SennaSpy Trojan Generator
14 Direct-Connect TCP 411-412 #Direct Connect P2P Application
15 Discard TCP 9 #Discard Server Protocol
16 DNS TCP 53 UDP 53 #Domain Name Service
17 Echo TCP 7 #Echo Protocol
18 eDonkey-4661 TCP 4661 #eDonkey Protocol
19 eDonkey-4662 TCP 4662 #eDonkey Protocol
20 nTrust-Admin TCP 710 #nTrust CA Administration Service
21 nTrust-Key-Mgmt TCP 709 #nTrust Key Management Service
22 ERP-1 TCP 12345-12349 #ERP Service
23 Exec TCP 512 #Remote Execution
24 Finger TCP 79 #UNIX Finger Protocol
25 Freak2K TCP 7001 #Also used by Freak88, NetSnooper Gold Trojans
26 FTP TCP 21 #File Transfer Protocol
27 GateCrasher TCP 6970 #GateCrasher Trojan
28 GNUtella-RTR TCP 6347 UDP 6347 #Also used by BearShare, ToadNode, LimeWire
29 GNUtella TCP 6346 UDP 6346 #Also used by BearShare, ToadNode, LimeWire
30 Gopher TCP 70 #Internet Gopher Protocol
31 GoToMyPC TCP 8200 #GotoMy PC
32 H323 TCP 1720 #Video Conference Transmission over IP
33 HackaTACK-31785 TCP 31785 #HackAttack
34 HackaTACK-31787 TCP 31787 #HackAttack
35 HackaTACK-31788 TCP 31788 #HackAttack
36 HackaTACK-31790 TCP 31790 #HackAttack
37 HackaTACK-31792 TCP 31792 #HackAttack
38 HotLine-Client TCP 5500-5503 #HotLine Client Connection
39 HTTP TCP 80 #Hyper-Text Transfer Protocol
40 HTTPS TCP 443 #TLS/SSL
41 ICKiller TCP 1027 #ICKiller
42 IDENT TCP 113 #Identify RCS Keyword String in Files
43 IKE TCP 500 UDP 500 #IPSec Internet Key Exchange
44 IMAP TCP 143 #Interactive Mail Protocol
45 iMesh TCP 5000 #Also used by many Trojans and UPNP Service
46 InCommand TCP 1029 #Also used by ICQ Nuke 98 Trojan
47 IPSO-CMP TCP 1111 #IPSO Clustering Management Protocol
48 IRC-1 TCP 6660-6670 #Internet Relay Chat
49 IRC-2 TCP 7000 #Internet Relay Chat
50 Jade TCP 1024 #Also used by Latinus, NetSPY, Rat Trojans
51 Kaos TCP 1212 #Kaos Trojan
52 KazzaA TCP 1214 #Fast Track P2P Protocol
53 Kerberos-v5 TCP 88 UDP 88 #Kerberos Authentication Version 5
54 Kerberos TCP 750 UDP 750 #Kerberos Authentication
55 Kuang2 TCP 17300 #Kuang2 Trojan
56 LDAP TCP 389 #Lightweight Directory Access Protocol
57 LDAP-SSL TCP 636 #Lightweight Directory Access Protocol over TLS/SSL
58 Rlogin TCP 513 #Rlogin
59 iNotes TCP 1352 #Lotus iNotes Web Access Protocol
60 lpdw0rm TCP 515 #Used by Ramen Trojans and Printer Service
61 Madster TCP 5025 #Formally called Aimster
62 ####Microsoft-TS TCP 445 #Microsoft CIFS's over TCP
63 Mneah TCP 4666 #The Mneah Trojan
64 MSN-File Transfer TCP 6891-6900 #MSN File Tranfer
65 MSN-Messenger TCP 1863 #MSN Instant Messenger
66 MSSQL-Mon TCP 1434 #MSSQL Monitor
67 MSSQL TCP 1433 #MSSQL Server
68 mysql TCP 3306 #MySQL Server
69 MultiDropper TCP 1035 #MultiDropper Trojan
70 Napster-Client TCP 6600-6699 #Napster Client also used by WinMX
71 Napster-Dir4 TCP 4444 #Napster Directory Connections
72 Napster-Dir5 TCP 5555 #Napster Directory Connections
73 Napster-Dir6 TCP 6666 #Napster Directory Connections
74 Napster-Dir7 TCP 7777 #Napster Directory Connections
75 Napster-Dir8 TCP 8888 #Napster Directory Connections
76 Napster-Redirector TCP 8875 #Napster Redirector
77 NBSession TCP 139 #NetBios Session Service
78 NCP TCP 524 #Novell Netware Core Protocol
79 NetShow TCP 1755 #Microsoft NetShow-Windows Media Player
80 NetSTAT TCP 15 #UNIX NetSTAT Protocol
81 NFSD TCP 2049 UDP 2049 #Network File System Deamon
82 NNTP TCP 119 #Network News Tranfer Protocol
83 NTP TCP 123 UDP 123 #Network Time Protocol
84 OAS-NameServer TCP 2649 #Oracle Application Server
85 OAS-ORB TCP 2651 #Oracle Application Server
86 OpenWindows TCP 2000 #Open Windows
87 ####Orbix-1570 TCP 1570 #IONA Orbix Deamon
88 ####Orbix-1571 TCP 1571 #IONA Orbix Deamon
89 PcAnywhere-Date TCP 5631 #pcAnywhere
90 PcTele-FileSync TCP 2299 #Symantec PcTelecommute File Syncronization
91 POP2 TCP 109 #Post Office Protocol Verion 2
92 POP3 TCP 110 #Post Office Protocol Verion 3
93 667-Trojans TCP 667 #Misc Trojans
94 PPTP TCP 1723 #Point 2 Point Tunnelling Protocol
95 Quake TCP 26000 UDP 26000 #Quake
96 RainWall Command TCP 6374 #RainWall High Avaiablility Deamon
97 RAT TCP 1097-1098 #Remote Administration Tool Trojan
98 ####Real-Audio TCP 7070 #Real Audio
99 Remote-Strom TCP 1025 #Used by Fraggle Rock, NetSPY and MD5 BackDoor Trojans
100 ####RTSP TCP 554 #RealTime Streaming Protocol
101 Secure-ID-Prop TCP 5510 #Token based Authentication Service
102 ShadyShell TCP 1337 #ShadyShell Trojan
103 ####RSH TCP 514 #Remote Shell
104 SMTP TCP 25 #Simple Mail Tranfer Protocol
105 Sockets-DES TCP 1 #Also used by the TCP MUX Service
106 SQLNET-1 TCP 1521 #Oracle SQL Net Verison 1 Service
107 SQLNET-2-1521 TCP 1521 #Part of Oracle SQLNet Verison 2 Service
108 SQLNET-2-1525 TCP 1525 #Part of Oracle SQLNet Verison 2 Service
109 SQLNET-2-1526 TCP 1526 #Part of Oracle SQLNet Verison 2 Service
110 SSH TCP 22 #Secure Shell
111 ####SSH2 TCP 22 #Secure Shell Version 2 also blocks version 1
112 Safe-T-Net TCP 32557 #Safe-T-Net Configuration
113 Squid TCP 3128 #Squid Proxy
114 StoneBeat-Control TCP 3002 #StoneBeat Control
115 StoneBeat-Deamon TCP 3001 #StoneBeat Deamon HeartBeat
116 SubSeven TCP 27374 #Also used by BadBlood, EGO, Lion and WebHead Trojans
117 T120 TCP 1503 #H323 Application Sharing Protocol
118 TACACS+ TCP 49 #Terminal Access Control Access Control System
119 Term-Serv TCP 3389 #Terminal Server
120 High-Ports TCP 1024-65535 #TCP High Ports
121 Telnet TCP 23 #Telnet Protocol
122 TerrorTrojan TCP 3456 #Terror Trojan
123 TheFLU TCP 5534 #The FLU Trojan
124 Time TCP 37 #Time Server Protocol
125 TransScout TCP 2004-2005 #TransScout Trojan
126 Trinoo TCP 1524 #Trinoo Trojan
127 UltorsTrojan TCP 1234 #Also used by SubSeven Java Client
128 UUCP TCP 540 #Unix 2 Unix Copy Program
129 WAIS TCP 210 #Wide Area Information Servers
130 ####Winframe TCP 1494 #Winframe
131 X11 TCP 6000-6063 #XWindows System
132 Yahoo-Messenger TCP 5050 #Yahoo Messenger
133 Yahoo-Voice TCP 5000-5001 #Yahoo Voice
134 Yahoo-WebCam TCP 5100 #Yahoo WebCam
139 Archie UDP 1525 #Archie Internet Protocol
140 Biff UDP 512 #Give notice of incoming mail messages
141 Blubster UDP 41170 #Uses Manolito Protocol P2P
142 Bootp UDP 67 #Bootstrap Protocol Server
143 Citrix-ICABrowse UDP 1640 #Citrix ICA Browsing
144 CU-SeeMe UDP 7648-7652 #Video Conferencing
145 DHCP-Reply UDP 68 #DHCP Reply
146 DHCP-Request UDP 67 #DHCP Request
147 DirectConnect UDP 411-412 #DirectConnect P2p Application
148 Discard UDP 9 #Discard Server Protocol
150 eDonkey-4665 UDP 4665 #eDonkey
151 FreeTel-out UDP 21300 #RealTime Full Duplex Voice Communication
152 H323-RAS UDP 1719 #RAS and Associated connection H323
153 H323-RASOnly UDP 1719 #Endpoint to Gatekeeper communications
154 HackaTack-31789 UDP 31789 #HackaTack Trojan
155 HackaTack-31791 UDP 31791 #HackaTack Trojan
156 HotLine-Tracker UDP 5499 #HotLine Tracker Connections
157 ICQ-Locator UDP 4000 #Mirabilis ICQ Version
158 Interphone UDP 22555 #VocalTec Internet Phone
159 L2TP UDP 1701 #Layer 2 Tunnelling Protocol
160 Microsoft-DS UDP 445 #CIFS over UDP
161 MSN-1863 UDP 1863 #MSN
162 MSN-1590 UDP 5190 #MSN
163 MSN-Voice UDP 6901 #MSN Voice
164 MSSQL-MON UDP 1434 #MSSQL Monitor
165 MSSQL-Server UDP 1433 #MSSQL Server
166 Name UDP 42 #HostName Server
167 NBDatagram UDP 138 #NetBIOS Datagram Service
168 NBName UDP 137 #NetBIOS Name Service
169 RADIUS-2 UDP 1812 #Remote Authentication Dial-In User Service V2
170 NoBackO UDP 1201 #NoBackO Trojan
171 OnTime UDP 1622 #OnTime
172 PcAnywhere UDP 5632 #PcAnywhere
173 RADIUS UDP 1645 #Remote Authentication Dial-In User Service
174 RainWall-Deamon UDP 6372 #RainWall Deamon
175 RailWall-Status UDP 6374 #RainWall Remote Management Status
176 RainWall-Stop UDP 6373 #RainWall Monitoring
177 RexxRave UDP 1104 #RexxRave Trojan
178 RIP UDP 520 #Routing Information Protocol
179 SecureID UDP 5500 #Token Based Authentication
180 SIP UDP 5060 #Shared Whiteboard and Instant Messenger Apps
181 SNMP UDP 161 #Simple Network Management Protocol
182 SNMP-Trap UDP 162 #SNMP Trap
183 SteamWorks UDP 1558 #Steamworks
184 SWTP-SMS UDP 9282 #Software Management Server
185 Syslog UDP 514 #UNIX Syslog Protocol
186 TACACS UDP 49 #Terminal Access Control Access Control System
187 TFTP UDP 69 #Trivial File Transfer Protocol
188 TIME UDP 37 #Time Server Protocol
189 High-Ports UDP 1024-65535 #High Ports
190 Vosaic-Data UDP 20000-20030 #Vosaic Data
191 Who UDP 513 #UNIX Who Protocol
192 WinMX UDP 6257 #Also uses Napster Ports
193 Yahoo V-Chat UDP 5000-5010 #Yahoo Voice Chat
195 Dest-Unreach ICMP 3 #ICMP Destination Unreachable
196 Echo-Reply ICMP 0 #ICMP Echo-Reply
197 Echo-Request ICMP 8 #ICMP Echo-Request
198 Info-Reply ICMP 16 #ICMP Info Reply
199 Info-Request ICMP 15 #ICMP Info Request
200 Mask-Reply ICMP 18 #ICMP Mask Reply
201 Mask-Request ICMP 17 #ICMP Mask Request
202 Param-Prblm ICMP 12 #ICMP Parameter Problem
203 Redirect ICMP 5 #ICMP Route Redirect
204 Source-Quench ICMP 4 #ICMP Source Quench
205 Time-exceeded ICMP 11 #ICMP Time to Live Exceeded
206 TimeStamp ICMP 13 #ICMP Time Stamp
207 TimeStamp-Reply ICMP 14 #ICMP TimeStamp Reply
209 AH IP 51 #IPSec Authentication Header Protocol
210 BackWeb IP 17 #Push Web Application Directly to Desktops
211 EGP IP 8 #Exterior Gateway Protocol
212 ESP IP 50 #IPsec Encapsulation Security Paylod Protocol
213 WEB_Mapped IP 6 #HTTP and FTP Port Mapping Service
214 IGMP IP 2 #Internet Group Management Protocol
215 IGRP IP 9 #Cisco Interior Gateway Routing Protocol
216 MSSQL_Resolver IP 17 #Block MSSQL Sapphire/Slammer Worms
217 OSPF IP 89 #Open Shortest Path First
218 RIP-Response IP 17 #RIP Routing Response
219 SMTP_Mapped IP 6 #SMTP Port Mapping Service
220 SSH_V2 IP 6 #SSH Version 2
221 TraceRoute IP 17 #Unix TraceRoute
222 VRRP IP 112 #Virtual Router Redundancy Protocol