Port 1 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
1 |
udp |
tcpmux |
TCP Port Service Multiplexer (IANA registered)
Sockets des Troie remote access trojan uses this port (a.k.a. Backdoor.Sockets23, Lame, Backdoor.Kamikaze, IRC_trojan, TROJ_Backdoor, W32/Cheval.gen, coded in Delphi 3, 06.1998). It might also use ports 1/udp, 5000, 5001, 30303, 50505, 60000 and 65000. |
SG
|
1 |
tcp |
tcpmux |
Scans against this port are commonly used to test if a machine runs SGI Irix (as SGI is the only system that typically has this enabled). This service is almost never used in practice.
RFC1078 - TCPMUX acts much like Sun's portmapper, or Microsoft's end-point mapper in that it allows services to run on arbitrary ports. In the case of TCPMUX, however, after the "lookup" phase, all further communication continues to run over that port.
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 (TCP/UDP).
References: [CVE-2012-0862] [BID-53720] [OSVDB-81774]
Trojans that use this port: Breach.2001, SocketsDeTroie
Also see: CERT: CA-95.15.SGI.lp.vul |
SG
|
1 |
tcp,udp |
|
TCP Port Service Multiplexer (official) |
Wikipedia
|
1 |
udp |
trojan |
[trojan] Sockets des Troie |
Trojans
|
1 |
tcp |
tcpmux |
TCP Port Service Multiplexer [rfc-1078] |
SANS
|
1 |
udp |
SocketsdesTroie |
[trojan] Sockets des Troie |
SANS
|
1 |
udp |
tcpmux |
TCP Port Service Multiplexer |
SANS
|
1 |
tcp |
tcpmux |
TCP Port Service Multiplexer [rfc-1078] |
Nmap
|
1 |
udp |
tcpmux |
TCP Port Service Multiplexer |
Nmap
|
1 |
tcp,udp |
tcpmux |
TCP Port Service Multiplexer |
IANA
|
|
10 records found
Related ports: 5000 5001 30303 50505 60000 65000
|