RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program

From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 02/05/04

  • Next message: Tim Ballingall: "RE: File Catching Firewall?"
    Date: Wed, 4 Feb 2004 17:30:31 -0800
    To: "Jeff McLaughlin" <JMclaughlin@springsgov.com>, "Mr Babak Memari" <memari@myrealbox.com>, <security-basics@securityfocus.com>
    
    

    >From: Jeff McLaughlin [mailto:JMclaughlin@springsgov.com]
    >....What I believe it tells me is NMAP got a response from port 31337
    which
    >is typically (not always) used by Back Orifice.....

    On a windows based host any port greater then 1024 is open game for
    dynamic
    assignment, usually by RPC. According to RFC 739/768 any port above
    49152
    should be used for dynamic assignment, but with Microsoft that's just
    not
    the case.

    >>31337,BackOrifice,Back Orifice trojan program <<<=====NOTE Please
    **
    >>What is your Idea? I have downloaded it from agnitum.com .

    Service.lst is just a Port Number to Common Name mapper. Much
    like the /etc/services file in *NIX, as someone else already stated. You
    could follow Jeff's and other instructions to check to see if BO is
    operating
    on your system but I highly doubt the firewall installation placed it
    there.

    But then again.....

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521

    www.horizonusa.com
    Email: sjackson@horizonusa.com
    Phone: (775) 858-2338
           (800) 325-1199 x338

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Tim Ballingall: "RE: File Catching Firewall?"