Re: Strange back-orifice looking scan...

From: Jeff Kell (
Date: 09/05/02

Date: Wed, 04 Sep 2002 22:32:09 -0400
From: Jeff Kell <>
To: KoRe MeLtDoWn <>

KoRe MeLtDoWn wrote:
> Hey Jeff,
> Port 1214 used by Kazaa aka Morpheus, this is obviously the remote port that
> the "scanner" is using. Port 31336 IS used by Back Orifice 2000 aka BO2k aka
> DeepBO (this is a special release of BO btw).

But this is UDP, not TCP.

> however they are
> actively portscanning either your network I wasnt sure if it was a network
> you had) or just your lone box.

It is an overloaded NAT, not a lone box.


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: