NOTE: This listing is meant to act as a sort of clearinghouse for legitimate (yes, even ads) use of listening ports identified "in the wild". Trojans, worms, etc. are NOT listed here except as a reference point. For trojans, worms and such, Joakim Von Braun maintains an excellent list of those at http://www.simovits.com/trojans. Terms Adport - Identified as being used for ad banners on web pages Unknown- Function not identified. If suspected, will be described Keyword Decimal Description References ------- ------- ----------- ---------- Pointcast 9/tcp Unofficially used by pointcast tgcmd 641/tcp /TGCMD is Remote Configuration and troubleshooting software from\ tgcmd 653/tcp \ tioga.com (now support.com). Used by home.com Cable networks / cddbp 888/tcp CD Database Protocol (Unofficial port #) Adport 1127/tcp Used by Quote.com (Stock Quote site) Morpheus 1214/tcp Peer-to-peer music/file sharing service (Kazaa, Grokster) SerialGateway 1243/tcp Also trojans SubSeven, Backdoor-G, Apocalypse RADIUS_Auth 1645/tcp Unofficial RADIUS Authentication Service (see port 1812) RADIUS_Acct 1646/tcp Unofficial RADIUS Accounting Service (see port 1813) Adport 1775/tcp Banner Ads and popups Unknown 1863/tcp Only seen w/hotmail.com - probably banner ads, but not known Adport 1975/tcp Banner Ads Usually radiate.com and aureate.com Adport 2064/tcp Banner Ads and popups Exchange 2629-2631/tcp Exchange Server ADMIN program MS-SMS 2701/tcp SMS (Systems Management Server) (Remote Control/Push app) MS-SMS 2702/tcp SMS (Systems Management Server) (Remote Control/Push app) OctelVM 4000/tcp Octel Voicemail system OctelVM 4001/tcp Octel Voicemail system OctelVM 4002/tcp Octel Voicemail system ? 4500/udp ? Bagel.U 4751/tcp ? Backdoor for Bagel.U virus Radmin 4899/tcp Remote Admin utility for PC's (Official port is PowerGem Plus) Unknown 5535/tcp Seen going to omburo.com (Namibian Safari agency) Unknown 5552/tcp Chat or Banner Ad - not sure WCESCOMM 5679/tcp Active Sync process for PDAs (Dell Axim, Blackberry, Palm, etc.) Dameware 6129/tcp Mini Remote Control program (helpdesk software) FreePeers 6346/tcp BearShare - P2P file sharing by FreePeers RADMIND 6662/tcp Radmind Access Protocol (Remote Admin Daemon) Unix, Linux, MacOSX IRC/INova 6666/tcp Internet Relay Chat AND INova Display Systems IRC/UPS 6667/tcp Internet Relay Chat AND UPS software (APC for sure, maybe others) IRC/UPS 6668/tcp Internet Relay Chat AND UPS software (APC for sure, maybe others) IRC/UPS 6669/tcp Internet Relay Chat AND UPS software (APC for sure, maybe others) RealAudio 6770/tcp Usually people trying to listen to radio (start of range of unknown size) RealAudio 6770/udp Usually people trying to listen to radio (start of range of unknown size) Unknown 7778/tcp Found on firewall logs. Probably an advertising window javaw 8000/tcp Used by Microsoft Java Developer's Kit javaw.exe See also 57860 Unknown 8004/tcp Found being sent to AOL Unknown 8006/tcp Found being sent to AOL naimas 8081/tcp Network Associates Anti-virus EPO Agent napster 8875/tcp Napster - Found in firewall logs Adport 9000/tcp Banner Ads on classmates.com, www.lenta.ru Adport? 9009/tcp Possibly banner ads. Seen only on ICQ.COM HP JetDirect 9100/tcp JetDirect Printing Unknown 12343/tcp Only seen with WebSideStory.com OfficeScan 12345/tcp Trend Micro OfficeScan (anti-virus product) (as well as NetBus) Unknown 17027/tcp Unknown - Thousands of tries to Exodus Unknown 17300/tcp Kuang2 - Password stealing trojan Unknown 27374/tcp Many Trojans - See Treachery.net or neohapsis drivemonitor 31001/tcp Drive Monitor by Executive Software part of DiskAlert danotification 31002/tcp DiskAlert by Executive Software part of DiskAlert NortonAV 38293/udp Norton Anti Virus Discovery protocol Inoculan 41508/tcp Inoculan ArcServe 41523/tcp Listening port on ArcServe servers - possibly tied to SQL backups ArcServe 41524/udp Broadcast port used by ArcServe servers to find clients (?) CiscoWorks 42342/udp Ciscoworks discovery protocol Reachout 43188/tcp Possible unofficial use here. Reachout from Stac Electronics / Rivio.com javaw 57860/tcp Used by Microsoft Java Developer's Kit javaw.exe See also 8000 List last updated 04/28/2003 (C) 2001,2002,2003 Bob Konigsberg - Comments and analysis are the only copyrighted part. Feel free to copy, distribute, and use as long as this notice is left intact. Contact me at bobk@networkeval.com if you have questions or enhancements on this.