From owner-freebsd-isp Fri Feb 12 04:46:06 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA05223 for freebsd-isp-outgoing; Fri, 12 Feb 1999 04:46:06 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from carme.eclipse.net.uk (carme.eclipse.net.uk [195.188.32.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA05197 for ; Fri, 12 Feb 1999 04:45:58 -0800 (PST) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (luna.eclipse.net.uk [195.188.32.31] (may be forged)) by carme.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id MAA75314 for ; Fri, 12 Feb 1999 12:43:23 GMT Message-ID: <36C422B4.7177D4DA@eclipse.net.uk> Date: Fri, 12 Feb 1999 12:46:44 +0000 From: Stuart Henderson Organization: Eclipse Networking Ltd. X-Mailer: Mozilla 4.5 [en] (WinNT; U) X-Accept-Language: en-GB MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Someone sent me a security notice References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rowan Crowe wrote: > > I have UDP port 31337 blocked here (and also Netbus which is a similar > nasty, TCP ports 12340-12345) and see either isolated probes to a single > IP (probably gathered from IRC or ICQ) or scans of my entire IP block > almost daily. As BO can be set to use any UDP port you would have to filter all UDP or look inside packets for BO fingerprints to see what to allow if you need to block it completely. Apparently the encryption scheme used is(was?) weak and the BO passwords can be obtained fairly easily from the packets. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message