Re: Back Orifice 2K - RedHat 7.1/7.2

From: Neophyte (neophyte@news.snel.net)
Date: 06/27/02


From: "Neophyte" <neophyte@news.snel.net>
Date: Thu, 27 Jun 2002 23:29:13 +0200

Hi Nada,

Sure as shootin, it does seem that the answer does lead back to my
installation of PortSentry. Now that I understand a bit more about how it
works, I can better understand how to apply it. Like I said in another
posting, I'm not in any rush to put my Linux box online. I want to learn a
few things before I do. Doesn't mean it will stop anything from happening,
but I'd just like to know that I'm doing the best I can.

I appreciate your help,

Gabriel

"Nada Lada" <nadalada@spamfree.cox.net> wrote in message
news:5GKS8.95960$3R2.3585279@news1.west.cox.net...
> I ask because portsentry does the same thing. Perhaps on IDS systems do
the
> same thing. Check for one of those...
> "Neophyte" <neophyte@news.snel.net> wrote in message
> news:1025135310.82815@news.knoware.nl...
> > Hi Nada,
> >
> > No not yet. I just reinstalled using SuSE 8.0. I ran nmap again on the
box
> > (still not online) and I've not seen that entry again, so my original
> > question still remains. I'm in the process of installing RedHat again on
> my
> > other box to see what it produces. I'll let you know what happened.
> Believe
> > me, I find this all just as bizarre as you do.
> >
> > Gabriel
> >
> >
> > "Nada Lada" <nadalada@spamfree.cox.net> wrote in message
> > news:SLjS8.91650$3R2.3297367@news1.west.cox.net...
> > > Are you running portsentry?
> > >
> > > "Neophyte" <neophyte@news.snel.net> wrote in message
> > > news:1025096460.74477@news.knoware.nl...
> > > > Hello All,
> > > >
> > > > I'm currently taking my first stabs at creating a firewall for my
> cable
> > > > connection. As I've looked into various distributions, I decided to
> try
> > > > giving RedHat a go as a workstation on one machine and as a
> > > firewall/router
> > > > on another. After installing RedHat 7.1 w/o X on the workstation
box,
> > > > purging and adding the programs I required, and then upgrading to RH
> > 7.2,
> > > I
> > > > decided to play a little and run nmap on my own machine to see what
it
> > > > showed...just for curiosity's sake.
> > > >
> > > > Now I'm sure you can summise that I'm a newbie, but I'm not totally
> > blind
> > > > either. It took nmap approx. 8 seconds to scan my system and
returned
> > and
> > > > entry for "bo2k" running open on port 56XXX...soemthing or other. I
> > > > recognized the name from online so I googlized it on another machine
> and
> > > as
> > > > I suspected, it was the back orifice 2k program. This may not be
> > > surprising,
> > > > if you consider that I'm a newbie, but you have to appreciate the
fact
> > > that
> > > > this system was never put online and had no access to the internet
at
> > all
> > > On
> > > > top of this, the installation was performed with two boxed sets from
> > > RedHat.
> > > > So the question remains...."Where did my system pick up the "bo2k"
> > > program?
> > > > If this is a legitimate (albeit dubious) addition to the package, I
> can
> > > > accept it, but what I can't accept is it not being indicated in any
of
> > the
> > > > documentation or during the installation.
> > > >
> > > > I'm trying to be open-minded here, but I don't need my system to be.
> > Does
> > > > anyone have an answer to this or seen it themselves?
> > > >
> > > > Thanks,
> > > > Gabriel
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>