By default, the POP3 protocol works on two ports: The Internet Message Access Protocol (IMAP) is a mail protocol used for accessing email on a remote web server from a local client.
Cirebot [Symantec-2003-080214-3019-99] (20) - trojan that exploits the MS DCOM vulnerability, uses ports 445 & 69, opens backdoor on port 57005. MS Security Bulletin [MS03-026] outlines a critical RPC vulnerability that can be exploited via ports 135, 139, 445, 593 (or any other specifically configured RPC port). References: [CVE-2002-0597] [BID-4532] [OSVDB-5179] External Resources SANS Internet Storm Center: port 445 Notes: Well Known Ports: 0 through 1023. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent.
B [Symantec-2005-081415-0741-99] variants of the worm as well. Conects to IRC servers to listen for remote commands on port 6667/tcp. The worm connects to IRC servers and listens for remote commands on port 8080/tcp. It also opens a backdoor on remote compromised computers on port 8594/tcp. References: [CVE-2007-5580] [BID-26723] [SECUNIA-27947] [OSVDB-39521] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data.
D [Symantec-2005-081609-4733-99] (20) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It runs and spreads using all current Windows versions, but only infects Windows 2000. Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 18.104.22.1682, 5.0 before 22.214.171.124, 5.1 before 126.96.36.199, and 5.2 before 188.8.131.52 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. TCP is the most commonly used protocol on the Internet and any TCP/IP network.
E [Symantec-2005-081615-4443-99] (20) - a worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. Mc Afee has named the most recently discovered variant of this worm as W32/gen.d. attacks port 445, the port that Microsoft Directory Service uses, and exploits Microsoft Windows vulnerability [MS08-067].