[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Ports used by trogens
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Ports used by trogens
- From: Brian Phillips <brianphillips@xxxxxxxxxx>
- Date: Sat, 21 May 2005 14:27:02 +0100
I read some time ago that malicious code when reporting home did not use
port 80 or any of the other well known ports used for simple internet
work. This means, as I understand it, that the home computer of the
malicious code is constantly listening on some port other than port 80.
Is it still the case that the standard ports are not used by malicious
code when reporting home?
If malicious code does not used the standard ports, then why not? As
far as I can see (and my knowledge is very basic) there seems to be no
reason why outgoing traffic from, say, a home computer, should not be
directed to port 80 on the IP address of the home computer of the
malicious code.
This question is of interest because one frequently see advice to the
effect that all outgoing ports other than those which are required for
use should be blocked. Clearly, if malicious code now uses, say port
80, then blocking unused ports will not increase the security of a
computer.
Any comments (or corrections) would be gratefully received.
Regards
Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/