Re: 31337 udp, on cisco...?

From: Vitaly Osipov (vosipovat_private)
Date: Thu Apr 19 2001 - 01:35:53 PDT

  • Next message: Mike Fetherston: "Re: Increase in Sun RPC Scans"

    Could you please explain what do you mean by "they had 31337 udp on a couple
    dev's/hosts"? especially on cisco... did you do portscan of those devices?
    what exactly did it (nmap I presume) say? I don't think you were able to
    connect to those ports, because you say it's udp... or do those devices pass
    31337/udp traffic through? or are they sending something from their own
    31337/udp?
    
    regards,
    W.
    
    ----- Original Message -----
    From: "w1re p4ir" <w1rep4irat_private>
    To: <INCIDENTSat_private>
    Sent: Wednesday, April 18, 2001 3:54 PM
    Subject: [INCIDENTS] 31337 udp, on cisco...?
    
    
    > Hello all,
    > Ok I recently completed an audit of a company. I noticed they had 31337
    udp on a couple dev's/hosts... Could this be some type of management (not a
    backdoor). I say it's not a back door because it existed on 3 cisco's and
    one Axis StorPoint CDROM Server. I'm completely stumped and i do a search
    for it and i keep getting "back orifice management port." I'm quite sure
    this is not the case, unless they coded a BD for ciscos =). Any help would
    be appreciated so i can finish up this report. Thanks,
    > ...
    >
    > ____________________________________________________
    > FREE Disinformation E-book - http://www.disinfo.com
    



    This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 08:19:51 PDT