Security Incidents mailing list archives
Re: backdoor or bot?
From: Aviram Jenik <aviram () BEYONDSECURITY COM>
Date: Wed, 27 Dec 2000 21:07:47 +0200
nessus (www.nessus.org) scans for known Trojans, and has a cool feature of discovering which service is running on the open ports. So if a backdoor is available at port xxxxx giving immediate shell, nessus will warn you about the port being a backdoor (so if the attacker tries to trick you and run at a port that might seem harmless, nessus will still be smart enough to warn you about the backdoor) -- Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com ----- Original Message ----- From: "Daniel Wittenberg" <daniel-wittenberg () UIOWA EDU> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Wednesday, December 27, 2000 7:46 PM Subject: Re: backdoor or bot?
Are there any good tools out there to scan a network for some of these
known
backdoors/trojans? Preferably something GPL and Linux, but anything known would be nice... DanFrom: Jon Lewis <jlewis () LEWIS ORG> Reply-To: jlewis () LEWIS ORG Date: Tue, 26 Dec 2000 22:23:49 -0500 To: INCIDENTS () SECURITYFOCUS COM Subject: backdoor or bot? I've noticed this on a few systems recently while scanning people back who've been caught scanning for various services on certain networks I manage. $ telnet 211.118.21.87 22546 Trying 211.118.21.87... Connected to 211.118.21.87. Escape character is '^]'. Property of PainKeeper ! Use with extreme care... ...incoming shell... painkeeper login: My guess is, this is a backdoor. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- backdoor or bot? Jon Lewis (Dec 27)
- Re: backdoor or bot? Robert van der Meulen (Dec 27)
- Re: backdoor or bot? Dave Dittrich (Dec 27)
- Re: backdoor or bot? Daniel Wittenberg (Dec 27)
- Re: backdoor or bot? Aviram Jenik (Dec 27)
- Re: backdoor or bot? Mark Symonds (Dec 28)
- Re: backdoor or bot? George Milliken (Dec 28)
- Re: backdoor or bot? Mark Collins (Dec 28)
- <Possible follow-ups>
- Re: backdoor or bot? Jon Lewis (Dec 27)
- Re: backdoor or bot? Patrick Oonk (Dec 28)
- Re: backdoor or bot? Calhoun, Heath (Dec 27)
- Re: backdoor or bot? Robert van der Meulen (Dec 27)