Re: Back Orifice 2K - RedHat 7.1/7.2

From: Neophyte (
Date: 06/27/02

From: "Neophyte" <>
Date: Thu, 27 Jun 2002 23:24:51 +0200

Hi zeroK,

I appreciate your help. I found all of this out after a suggestion from
another posting and a little extra digging on my part. I've come to realize
that the entry...more than likely is being produced by PortSentry which is
giving me an indication of where certain programs run, but does not in fact
say that the program is running. I'm still sifting my way through the
information and finding more each day. I just want to know that I'm not
doing something really boneheaded when I could have either prevented it
myself or asked for help ;^).

Once again. I appreciate your input. I used it and it helped.

Take care,

"zeroK" <> wrote in message
> Hi,
> bo2k for Linux is client only, so you are not backdoor'ed
> by bo2k.
> So, what is the listening prosess on the 56XXX port
> Try :
> netstat -aplt
> to see what is the process listening on port 65XXX
> bye :o)
> Neophyte wrote:
> > Hello All,
> >
> > I'm currently taking my first stabs at creating a firewall for my cable
> > connection. As I've looked into various distributions, I decided to try
> > giving RedHat a go as a workstation on one machine and as a
> > on another. After installing RedHat 7.1 w/o X on the workstation box,
> > purging and adding the programs I required, and then upgrading to RH
7.2, I
> > decided to play a little and run nmap on my own machine to see what it
> > showed...just for curiosity's sake.
> >
> > Now I'm sure you can summise that I'm a newbie, but I'm not totally
> > either. It took nmap approx. 8 seconds to scan my system and returned
> > entry for "bo2k" running open on port 56XXX...soemthing or other. I
> > recognized the name from online so I googlized it on another machine and
> > I suspected, it was the back orifice 2k program. This may not be
> > if you consider that I'm a newbie, but you have to appreciate the fact
> > this system was never put online and had no access to the internet at
all On
> > top of this, the installation was performed with two boxed sets from
> > So the question remains...."Where did my system pick up the "bo2k"
> > If this is a legitimate (albeit dubious) addition to the package, I can
> > accept it, but what I can't accept is it not being indicated in any of
> > documentation or during the installation.
> >
> > I'm trying to be open-minded here, but I don't need my system to be.
> > anyone have an answer to this or seen it themselves?
> >
> > Thanks,
> > Gabriel
> >
> >
> >
> >
> >