-
Notifications
You must be signed in to change notification settings - Fork 0
/
portdetail.py
4 lines (3 loc) · 2.69 KB
/
portdetail.py
1
2
3
4
def portdetail(port_no):
d={1:"Service: TCP,UDP(TCPMUX) Info:Sockets des Troie remote access trojan uses this port (a.k.a. Backdoor.Sockets23, Lame, Backdoor.Kamikaze, IRC_trojan, TROJ_Backdoor, W32/Cheval.gen,coded in Delphi 3, 06.1998). It might also use ports 1/udp, 5000, 5001, 30303, 50505, 60000 and 65000.",2:"Service: TCP,UDP Info: Scan for this Malicious file:death.exe,config,cfg",3:"Service: TCP,UDP Info:SynDrop trojan uses this port.Delta Force also uses port 3 (TCP)",5:"Service: TCP,UDP(Remote Job Entry) Info:Incoming Routing Redirect Bomb, yo-yo Attacks Possible",27:"Service: TCP,UDP Info: nsw-feNSW User System FE",37:"Service: TCP,UDP(Time) Info:W32.Sober.I@mm (11.19.2004) - mass-mailing worm that uses its own SMTP engine. Affects all current Windows versions. Checks network connectivity by contacting a NTP server on port 37/tcp W32.Sober.J@mm (01.30.2005) W32.Sober.O@mm (05.02.2005) W32.Sober.X@mm (12.12.2005)",42:"Service: UDP (Name Server) Info:W32.Dasher.D (12.19.2005) - a worm that exploits the following MS vulnerabilities: [MS05-051] (on port 53/tcp) and [MS04-045] (on port 42/tcp).Listens for remote commands on port 53/tcp. Connects to an FTP server on port 21211/tcp. Scans for systems vulnerable to the [MS05-051] exploit on port 1025/tcp.",53:"Service: TCP/UDP Info:Tftpd32 is vulnerable to a denial of service, caused by an error when processing requests. If the DNS server is enabled, a remote attacker could send a specially-crafted request to UDP port 53 to cause the server to crash.References: [XFDB-75884] [BID-53704] [SECUNIA-49301]",68:"Service:TCP Info:(Trojans)Backdoor.SubSeven Falco LX-4PRO also uses this port.",69:"Service: UDP TFTP Info:(Threats)W32.Evala.Worm W32.Mockbot W32.Blaster.Worm W32.Bolgi.Worm W32.Zotob (Trojan)BackGate Kit, Nimda, Pasana, Storm, Storm worm, Theef",70:"Service: TCP Gopher Info:threat W32.Evala.Worm",80:"Service:TCP HTTP Info:trojan Penrox threat AckCmd BackEnd BackOrifice2kPlug-Ins Banito Bebshell Cafeini CGIBackdoor Civcat Eaghouse Executor GodMessage GodMessageCreator Hesive Hexem Hooker IISworm Ketch Lodear Mindos MTX Muquest Mydoom NCX ReverseWWWTunnelBackdoor ",88:"Service:TCP Kerberos Info:threat PWSteal.Likmet KDC (Kerberos key distribution center) server.Related ports: 464,543,544,749,751",121:"Service UDP Encore Expedited Remote Pro.Call Info:Trojans/Backdoors that use this port.Recommend :",512:"Service: UDP Remote Process Execution Info:Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port 513 or 514."}
return d[port_no]