From owner-freebsd-security Wed Aug 12 02:32:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA28685 for freebsd-security-outgoing; Wed, 12 Aug 1998 02:32:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from www.scancall.no (www.scancall.no [195.139.183.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA28632 for ; Wed, 12 Aug 1998 02:31:50 -0700 (PDT) (envelope-from Marius.Bendiksen@scancall.no) Received: from super2.langesund.scancall.no [195.139.183.29] by www with smtp id HHMFKVUK; Wed, 12 Aug 98 09:31:23 GMT (PowerWeb version 4.04r6) Message-Id: <3.0.5.32.19980812112915.0092ead0@mail.scancall.no> X-Sender: Marius@mail.scancall.no X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 12 Aug 1998 11:29:15 +0200 To: andrew@squiz.co.nz From: Marius Bendiksen Subject: Re: UDP port 31337 Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <004101bdc599$2c6f9420$4100a8c0@periscope.digital-canvas.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Or it's traceroute of course. Not very likely? Wouldn't a traceroute connect to several ports that high up? >How hard would it be to arrange for a reply to be sent that would cause a >back orifice client to send more and distinguish itself from a traceroute? I got a potentially interesting idea; Imagine a backorificed running on Unix machines, pretending to be a 'legitimate' Back Orifice installation, fully configurable, etc... ? :) --- Marius Bendiksen, IT-Trainee, ScanCall AS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message