lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CH+cUJBmczjCFwbm@clara.net>
Date: Sat May 21 18:31:29 2005
From: brianphillips at onetel.com (Brian Phillips)
Subject: Ports used by trogens

I read some time ago that malicious code when reporting home did not use 
port 80 or any of the other well known ports used for simple internet 
work. This means, as I understand it, that the home computer of the 
malicious code is constantly listening on some port other than port 80.

Is it still the case that the standard ports are not used by malicious 
code when reporting home?

If malicious code does not used the standard ports, then why not?   As 
far as I can see (and my knowledge is very basic) there seems to be no 
reason why outgoing traffic from, say, a home computer, should not be 
directed to port 80 on the IP address of the home computer of the 
malicious code.

This question is of interest because one frequently see advice to the 
effect that all outgoing ports other than those which are required for 
use should be blocked.   Clearly, if malicious code now uses, say port 
80, then blocking unused ports will not increase the security of a 
computer.

Any comments (or corrections) would be gratefully received.

Regards

Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ