RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program

From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 02/05/04

  • Next message: Tim Ballingall: "RE: File Catching Firewall?"
    Date: Wed, 4 Feb 2004 17:30:31 -0800
    To: "Jeff McLaughlin" <JMclaughlin@springsgov.com>, "Mr Babak Memari" <memari@myrealbox.com>, <security-basics@securityfocus.com>
    
    

    >From: Jeff McLaughlin [mailto:JMclaughlin@springsgov.com]
    >....What I believe it tells me is NMAP got a response from port 31337
    which
    >is typically (not always) used by Back Orifice.....

    On a windows based host any port greater then 1024 is open game for
    dynamic
    assignment, usually by RPC. According to RFC 739/768 any port above
    49152
    should be used for dynamic assignment, but with Microsoft that's just
    not
    the case.

    >>31337,BackOrifice,Back Orifice trojan program <<<=====NOTE Please
    **
    >>What is your Idea? I have downloaded it from agnitum.com .

    Service.lst is just a Port Number to Common Name mapper. Much
    like the /etc/services file in *NIX, as someone else already stated. You
    could follow Jeff's and other instructions to check to see if BO is
    operating
    on your system but I highly doubt the firewall installation placed it
    there.

    But then again.....

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521

    www.horizonusa.com
    Email: sjackson@horizonusa.com
    Phone: (775) 858-2338
           (800) 325-1199 x338

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Tim Ballingall: "RE: File Catching Firewall?"

    Relevant Pages

    • RE: Abnormal activity.
      ... If you ever wanted to know what service/application is linked to a port, ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: Wierd non-http port 80 daemon?
      ... Try using nmap with the newly added -A switch. ... what service is running on each port. ... Many open ports, etc. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • Re: Abnormal activity.
      ... port 4662 is used by the well known p2p application Edonkey. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... Master the skills ...
      (Security-Basics)
    • Outpost firewall does NOT have Back Orifice trojan program
      ... > 31337,BackOrifice,Back Orifice trojan program ... commonly listen on a given TCP port. ... doesn't mean it is http listening. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)
    • Re: ARP spoofing attacks
      ... The best way i know of thus far is to enable "port security" in some form ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... > of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)