Could you please explain what do you mean by "they had 31337 udp on a couple dev's/hosts"? especially on cisco... did you do portscan of those devices? what exactly did it (nmap I presume) say? I don't think you were able to connect to those ports, because you say it's udp... or do those devices pass 31337/udp traffic through? or are they sending something from their own 31337/udp? regards, W. ----- Original Message ----- From: "w1re p4ir" <w1rep4irat_private> To: <INCIDENTSat_private> Sent: Wednesday, April 18, 2001 3:54 PM Subject: [INCIDENTS] 31337 udp, on cisco...? > Hello all, > Ok I recently completed an audit of a company. I noticed they had 31337 udp on a couple dev's/hosts... Could this be some type of management (not a backdoor). I say it's not a back door because it existed on 3 cisco's and one Axis StorPoint CDROM Server. I'm completely stumped and i do a search for it and i keep getting "back orifice management port." I'm quite sure this is not the case, unless they coded a BD for ciscos =). Any help would be appreciated so i can finish up this report. Thanks, > ... > > ____________________________________________________ > FREE Disinformation E-book - http://www.disinfo.com
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 08:19:51 PDT