From owner-freebsd-security Tue Aug 11 22:39:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA22773 for freebsd-security-outgoing; Tue, 11 Aug 1998 22:39:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from beeblebrox.cc.jyu.fi (beeblebrox.cc.jyu.fi [130.234.41.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA22767 for ; Tue, 11 Aug 1998 22:39:30 -0700 (PDT) (envelope-from kallio@beeblebrox.cc.jyu.fi) Received: (from kallio@localhost) by beeblebrox.cc.jyu.fi (8.8.7/8.8.7) id IAA03333; Wed, 12 Aug 1998 08:43:35 +0300 Message-ID: <19980812084335.G605@beeblebrox.cc.jyu.fi> Date: Wed, 12 Aug 1998 08:43:35 +0300 From: Seppo Kallio To: bmah@CA.Sandia.GOV, freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 References: <199808120110.SAA14483@stennis.ca.sandia.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1 In-Reply-To: <199808120110.SAA14483@stennis.ca.sandia.gov>; from Bruce A. Mah on Tue, Aug 11, 1998 at 06:10:00PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Aug 11, 1998 at 06:10:00PM -0700, Bruce A. Mah wrote: > A marginally off-topic question: Can anyone tell me what service uses UDP > port 31337? I have a FreeBSD box that has received and logged three packets > on this port in the last 24 hours: BO has same udp port: ---------------------------------------cut---------------------------- ISS Security Alert Advisory August 6th, 1998 Cult of the Dead Cow Back Orifice Backdoor Synopsis: A hacker group known as the Cult of the Dead Cow has released a Windows 95/98 backdoor named 'Back Orifice' (BO). Once installed this backdoor allows unauthorized users to execute privileged operations on the affected machine. ... * The server will begin listening on UDP port 31337, or a UDP port specified by the installer. You can configure RealSecure to monitor for network traffic on the default UDP 31337 port for possible warning signs. In order to determine if you are vulnerable: 1. Start the regedit program (c:\windows\regedit.exe). 2. Access the key ... ----------------------------------------------------------------------- -- Seppo Kallio kallio@cc.jyu.fi http://www.jyu.fi/~kallio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message