Date: Wed, 12 Aug 1998 15:51:31 +1000 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: "Bruce A. Mah" <bmah@CA.Sandia.GOV> Cc: freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 Message-ID: <Pine.SOL.4.02.9808121547450.26414-100000@banshee.cs.uow.edu.au> In-Reply-To: <199808120110.SAA14483@stennis.ca.sandia.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Aug 1998, Bruce A. Mah wrote: > A marginally off-topic question: Can anyone tell me what service uses UDP > port 31337? I have a FreeBSD box that has received and logged three packets > on this port in the last 24 hours: > > Aug 11 04:41:35 hornet /kernel: Connection attempt to UDP WW.XX.YY.ZZ:31337 > >from AA.BB.CC.DD:1190 > > Give prior experience on the target machine, I wouldn't be surprised if it's > part of a portscan, but I don't know what such a scan would be probing for. > > Thanks in advance, > > Bruce. > I'm guessing that it's a scan to see whether anyone has installed BO (Back Orifice) on machines in your subnet. By default the port this program listens on is UDP port 31337. However, if you aren't already aware, Back Orifice only affects Windows 95 and 98 machines, with an NT version in the works. There has been some discussion on Bugtraq and other security forums about detecting an installation of BO on your 95/98 networks, have a look in the relevant archives. Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.02.9808121547450.26414-100000>