Security Basics mailing list archives
RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program
From: Jeff McLaughlin <JMclaughlin () springsgov com>
Date: Tue, 3 Feb 2004 11:58:35 -0700
If I perform a UDP scan of my Raptor firewall, it will return 31337 as open and identify it as Back Orifice (also happens to Trinoo). At first this got my attention and I physically verified that BackOrifice was not present on the box. What I believe it tells me is NMAP got a response from port 31337 which is typically (not always) used by Back Orifice. Try a UDP NMAP scan of the firewall and see if it returns the same result. Also, look at http://www.hackfix.org/bofix/fix2.shtml to verify (or not) that backorifice is on the system. Hth, Jeff McLaughlin -----Original Message----- From: Mr Babak Memari [mailto:memari () myrealbox com] Sent: Tuesday, February 03, 2004 5:26 AM To: security-basics () securityfocus com Subject: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program Hi I have found this file below in Outpost firewall Pro 2.0.238.3121(290) : C:\Program Files\Agnitum\Outpost Firewall\Service.lst After opening it with Notepad I found a trace of "Back Orifice trojan program" : [udp] 7,ECHO,Echo 9,Discard,Discard 13,Daytime,Daytime 17,QOTD,Quote of the Day 19,Chargen,Character Generator 37,Time,Timeserver 53,DNS,Domain name service 67,BOOTPS,Bootstrap Protocol Server 68,BOOTPC,Bootstrap Protocol Client 137,NETBIOS_NS,NETBIOS Name Service 138,NETBIOS_DGM,NETBIOS Datagram Service 161,SNMP,SNMP (Simple Network Management Protocol) 162,SNMPTRAP,SNMPTRAP (Simple Network Management Protocol) 4000,ICQ,ICQ chat program 31337,BackOrifice,Back Orifice trojan program <<<=====NOTE Please ** What is your Idea? I have downloaded it from agnitum.com . ----- Babak www.voidspace.org.uk/babak --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program Jeff McLaughlin (Feb 04)