Socket 23

**Cyb3RSoldi3R** · April 15, 2003, 09:34

Here's what a quick google search found.

Telnet Server Port 23
If you run a Telnet server, this port is required for the Telnet Client to connect to your server. Telnet can be used for other ports to check services, but in order to use telnet for remote admin and login, port 23 must be open.

**converge** · April 15, 2003, 11:00

I can only guess that he meant the Socket23 trojan that is common to port 5000/5001 or 30303... not port 23

It could be that they are using one of the ports for some sort of common service, but your scanner is configured to recognize usage of that port to mean the trojan exists... when it may in fact not

**Chris** · April 15, 2003, 11:54

c0n is probably right.

Which scanner were you using? What type of scan were you doing? TCP? UDP? I ask because TCP 5000 is used by Windows ME Simple Service Discover Protocol Server, which is used for Universal Plug and Play and TCP 5001 is used by Ultima Online whereas Sockets de Troie is UDP 5000, 5001.

The ME service has a tendancy to show up in some scans as Sockets de Troie.

**Grifter** · April 15, 2003, 12:36

I agree with Chris, If you are picking up a lot of 5000 ports, it is more than likely people with UPnP still enabled.

It is enabled by default and is open to a DoS attack that locks up the machine. So those people should close that shiat.

For more info, check out:
http://www.packetstormsecurity.org/0...loits/XPloit.c

**pezz** · April 15, 2003, 13:28

I agree though Sockets de troie in my experience has massive port 5k openings.(correct me if im wrong)
Perhaps you will like this security administrator help tool. www.solarwinds.net

Either edition will do.

Socket 23

Socket 23

Comment

Comment

Comment

Comment

Comment