From owner-freebsd-security Wed Nov 29 20:45:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from flux.c-zone.net (flux.c-zone.net [216.190.4.216]) by hub.freebsd.org (Postfix) with ESMTP id 8A5DD37B401; Wed, 29 Nov 2000 20:45:11 -0800 (PST) Received: from localhost (bdan@localhost) by flux.c-zone.net (8.11.1/8.11.1) with ESMTP id eAU4j4m38167; Wed, 29 Nov 2000 20:45:04 -0800 (PST) Date: Wed, 29 Nov 2000 20:45:03 -0800 (PST) From: Dan Babb To: "Jonathan M. Slivko" Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org this is right out of the ACL for my core router.. ! reserved networks access-list 110 deny ip 127.0.0.0 0.0.0.255 any log access-list 110 deny ip 10.0.0.0 0.255.255.255 any log access-list 110 deny ip 172.16.0.0 0.15.255.255 any log access-list 110 deny ip 172.31.0.0 0.0.255.255 any log access-list 110 deny ip 192.168.0.0 0.0.255.255 any log ! various exploits, netbios, back orifice, netbus protection access-list 110 deny tcp any any range 137 139 access-list 110 deny tcp any any eq 31337 access-list 110 deny udp any any eq 31337 access-list 110 deny tcp any any range 12345 12350 access-list 110 deny udp any any range 12345 12350 - Dan On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message