Re: Strange back-orifice looking scan...

From: Jeff Kell (jeff-kell@utc.edu)
Date: 09/05/02


Date: Wed, 04 Sep 2002 22:32:09 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: KoRe MeLtDoWn <koremeltdown@hotmail.com>

KoRe MeLtDoWn wrote:
>
> Hey Jeff,
> Port 1214 used by Kazaa aka Morpheus, this is obviously the remote port that
> the "scanner" is using. Port 31336 IS used by Back Orifice 2000 aka BO2k aka
> DeepBO (this is a special release of BO btw).

But this is UDP, not TCP.

> however they are
> actively portscanning either your network I wasnt sure if it was a network
> you had) or just your lone box.

It is an overloaded NAT, not a lone box.

Jeff

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com