BO2k Port?

• Previous message: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
• Next in thread: Daniel Roethlisberger: "Re: BO2k Port?"
• Reply: Daniel Roethlisberger: "Re: BO2k Port?"
• Reply: H D Moore: "Re: BO2k Port?"
• Reply: H D Moore: "Re: BO2k Port?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <ADA8D8680FDBD2119BE00060083993AF2321F3@dns1.pmsyscorp.com>
From: PM Systems - Rick Woehler <RWoehler@PMSysCorp.com>
To: pen-test@securityfocus.com
Subject: BO2k Port?
Date: Fri, 28 Sep 2001 09:52:50 -0400

Howdy List,
  Doing an audit on a gov agency with a Raptor Firewall. I was shocked to
see nmap repeatedly reporting 31335 and 31337 UDP open on the firewall. I'm
told by my firewall guys that Raptors and VelociRaptors install with all
ports closed and ports have to be specifically opened to allow traffic. I
can't imagine the person that installed this firewall would allow those
ports.

   I haven't been able to connect with my BO2k consolde and am beginning to
wonder if this is a false positive. I've seen Raptor Firewalls report open
ports when they in fact are not and am wondering if anyone has advice on
these high ports.

# Nmap (V. nmap) scan initiated 2.53 as: nmap -sU -oN test.txt
xxx.xxx.xxx.xxx
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1436 ports scanned but not shown below are in state: closed)
Port State Service
19/udp open chargen
53/udp open domain
111/udp open sunrpc
137/udp open netbios-ns
138/udp open netbios-dgm
161/udp open snmp
162/udp open snmptrap
426/udp open smartsdp
445/udp open microsoft-ds
500/udp open isakmp
31335/udp open Trinoo_Register
31337/udp open BackOrifice

# Nmap run completed at Fri Sep 28 09:31:34 2001 -- 1 IP address (1 host up)

scanned in 37 seconds

RW

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Nasir Farhat Khan: "Re: Pen-testing Simatic Data Aquisition Periphery e.g. PLC S5 orS7"
• Next in thread: Daniel Roethlisberger: "Re: BO2k Port?"
• Reply: Daniel Roethlisberger: "Re: BO2k Port?"
• Reply: H D Moore: "Re: BO2k Port?"
• Reply: H D Moore: "Re: BO2k Port?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Trouble accessing Outlook Web Access from behind firewall ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ... (comp.security.firewalls) Re: iptables configuration ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ... (comp.os.linux.security) Re: Norton Personal Firewall 2003 ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ... (comp.security.firewalls) Re: NetBios Names and SP2 ... This will tell you which ports are open in the firewall as well as some ... Run the command (note: you must have the Support Tools from the Windows ... Check that "Enable NetBIOS over TCP/IP" is selected in the network ... (microsoft.public.windowsxp.network_web) Re: What is broken:McAfeee firewall or my router ????? Urgent, ple ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint