From owner-freebsd-questions  Tue Nov 24 14:33:52 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA16166
          for freebsd-questions-outgoing; Tue, 24 Nov 1998 14:33:52 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from omnix.net (omnix.net [194.183.217.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA16145
          for <freebsd-questions@FreeBSD.ORG>; Tue, 24 Nov 1998 14:33:44 -0800 (PST)
          (envelope-from didier@omnix.net)
Received: from localhost (didier@localhost)
          by omnix.net (8.8.7/8.8.7) with SMTP id WAA01601;
          Tue, 24 Nov 1998 22:32:11 GMT
          (envelope-from didier@omnix.net)
Date: Tue, 24 Nov 1998 23:32:11 +0100 (CET)
From: Didier Derny <didier@omnix.net>
To: Vinnie Yesue <vinnie@picketfence.suburbs.net>
cc: "Stephen C. Comoletti" <stevec@delanet.com>,
        "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: udp port 31337
In-Reply-To: <Pine.BSF.4.01.9811241110100.15656-100000@picketfence.suburbs.net>
Message-ID: <Pine.BSF.3.96.981124232937.1577A-100000@omnix.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 24 Nov 1998, Vinnie Yesue wrote:

> 
> On Tue, 24 Nov 1998, Stephen C. Comoletti wrote:
> 
> > Just curious, what is udp port 31337 for? It's not in my /etc/services at all
> > and I got someone steadily pounding away at it on my new 3.0 box. They have not
> > gotten in or done any damage, just spammed my logs is all. 
> 
> the backoriface windows NT backdoor/trojan/whatever runs on port 31337,
> along with other hacker-related stuff.  if I saw a lot of activity on
> 31337 I would see where it was coming from and try and figure out if any
> of the machines on my network were compromised.
> 
> 	vinnie

I made a few tool to detect internal backorifices on my machines
and to trap/block incoming "sweep command" from backorifice

if you want theses tools send me an email to didier@aida.org
to remind me 

It's not even alpha software, it only works for me
no warranty is given but if it can help




> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

--
Didier Derny
didier@omnix.net




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message