Re: Strange back-orifice looking scan...

From: Jeff Kell (jeff-kellat_private)
Date: Wed Sep 04 2002 - 19:32:09 PDT

Next message: Russell Fulton: "new type of formmail probes"

Previous message: KoRe MeLtDoWn: "Re: Strange back-orifice looking scan..."
In reply to: KoRe MeLtDoWn: "Re: Strange back-orifice looking scan..."
Next in thread: Neil Dickey: "Re: Strange back-orifice looking scan..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

KoRe MeLtDoWn wrote:
> 
> Hey Jeff,
> Port 1214 used by Kazaa aka Morpheus, this is obviously the remote port that
> the "scanner" is using. Port 31336 IS used by Back Orifice 2000 aka BO2k aka
> DeepBO (this is a special release of BO btw).

But this is UDP, not TCP.

> however they are
> actively portscanning either your network I wasnt sure if it was a network
> you had) or just your lone box.

It is an overloaded NAT, not a lone box.

Jeff

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Russell Fulton: "new type of formmail probes"
Previous message: KoRe MeLtDoWn: "Re: Strange back-orifice looking scan..."
In reply to: KoRe MeLtDoWn: "Re: Strange back-orifice looking scan..."
Next in thread: Neil Dickey: "Re: Strange back-orifice looking scan..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 09:01:49 PDT