Re: [Full-disclosure] Ports used by trogens

[Who? <shaitan11@xxxxxxxxx>]

Malicious code can be run on any port, and even more malicious code
wont run with TCP ports anyways, it will use icmp or some other form
of ip protocol to bypass filtering software. Blocking ports does
increase the security of a system, but further measures are needed if
you wish to have a "secure" system.

On 5/21/05, Brian Phillips <brianphillips@xxxxxxxxxx> wrote:
> I read some time ago that malicious code when reporting home did not use
> port 80 or any of the other well known ports used for simple internet
> work. This means, as I understand it, that the home computer of the
> malicious code is constantly listening on some port other than port 80.
> 
> Is it still the case that the standard ports are not used by malicious
> code when reporting home?
> 
> If malicious code does not used the standard ports, then why not?   As
> far as I can see (and my knowledge is very basic) there seems to be no
> reason why outgoing traffic from, say, a home computer, should not be
> directed to port 80 on the IP address of the home computer of the
> malicious code.
> 
> This question is of interest because one frequently see advice to the
> effect that all outgoing ports other than those which are required for
> use should be blocked.   Clearly, if malicious code now uses, say port
> 80, then blocking unused ports will not increase the security of a
> computer.
> 
> Any comments (or corrections) would be gratefully received.
> 
> Regards
> 
> Brian
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/