Re: [Full-disclosure] .NET REMOTING on port 31337



On 9/28/07, Simon Smith <simon@xxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Right,
It set off alarms with all of my penetration testers hence why
we're
researching it. The question I have is, has anyone seen port 31337
respond with the .NET REMOTING banner? Our nmap -A claims that it is
.NET REMOTING... just seems weird...

Anyone know of any backdoors that do that?


Any decent programmer can write that into their application. Be worried.

Fabrizio
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/