From owner-freebsd-security  Tue Aug 11 19:48:09 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA02924
          for freebsd-security-outgoing; Tue, 11 Aug 1998 19:48:09 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA02909
          for <freebsd-security@FreeBSD.ORG>; Tue, 11 Aug 1998 19:48:05 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id TAA25226;
	Tue, 11 Aug 1998 19:47:42 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Tue, 11 Aug 1998 19:47:41 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: "Bruce A. Mah" <bmah@CA.Sandia.GOV>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: UDP port 31337
In-Reply-To: <199808120110.SAA14483@stennis.ca.sandia.gov>
Message-ID: <Pine.BSF.3.96.980811194150.23988A-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


	HAHAHAHAHAHAHAHAHA.
	We are going to see a lot of them. You see, someone from cDc made
this thingie called Back Orifice: www.cultdeadcow.com for more info.
	It is basically a tool which backdoors Win95/98 systems and allows
you manipulate them remotely: sniff keyboard, capture screen, shutdown,
start apps, use speakers.. basically, your average windows crap.
	By default it uses UDP and yes, it run on port 31337. Since you
are running UDP, you have nothing to worry about. I am however curios how
lame it will get and how soon someone will get pissed and create a
winnuked running on port 31337 for someone trying to connect to you on
port 31337 via UDP. *sigh*
	

-- Yan

www.best.com/~jkb/         Unix users of the world unite:
www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com
"Turn up the lights, I don't want to go home in the dark."

On Tue, 11 Aug 1998, Bruce A. Mah wrote:

>A marginally off-topic question:  Can anyone tell me what service uses UDP 
>port 31337?  I have a FreeBSD box that has received and logged three packets 
>on this port in the last 24 hours:
>
>Aug 11 04:41:35 hornet /kernel: Connection attempt to UDP WW.XX.YY.ZZ:31337 
>from AA.BB.CC.DD:1190
>
>Give prior experience on the target machine, I wouldn't be surprised if it's 
>part of a portscan, but I don't know what such a scan would be probing for.
>
>Thanks in advance,
>
>Bruce.
>
>
>
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message