Security Basics mailing list archives

RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program

From: "Mike" <mike () superiorholidayadventures ca>
Date: Tue, 3 Feb 2004 13:54:09 -0500

That looks like an internal "port to service" list.  It's the same as
what you'd see at:

http://www.iana.org/assignments/port-numbers

I really don't feel that you have the BackOrifice trojan installed.  If
you need to be sure, on a known clean machine, get TCPView or TDIMon
from sysinternals.com and put it on a cd.  Take that CD to your suspect
computer to see if any ports out of the ordinary are open and listening.

Mike Fetherston

-----Original Message-----
From: Mr Babak Memari [mailto:memari () myrealbox com]
Sent: Tuesday, February 03, 2004 7:26 AM
To: security-basics () securityfocus com
Subject: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice

trojan

program

Hi
I have found  this file below in Outpost firewall Pro

2.0.238.3121(290) :

C:\Program Files\Agnitum\Outpost Firewall\Service.lst

After opening it with Notepad I found a trace of "Back Orifice trojan
program"  :

[udp]
7,ECHO,Echo
9,Discard,Discard
13,Daytime,Daytime
17,QOTD,Quote of the Day
19,Chargen,Character Generator
37,Time,Timeserver
53,DNS,Domain name service
67,BOOTPS,Bootstrap Protocol Server
68,BOOTPC,Bootstrap Protocol Client
137,NETBIOS_NS,NETBIOS Name Service
138,NETBIOS_DGM,NETBIOS Datagram Service
161,SNMP,SNMP (Simple Network Management Protocol)
162,SNMPTRAP,SNMPTRAP (Simple Network Management Protocol)
4000,ICQ,ICQ chat program
31337,BackOrifice,Back Orifice trojan program      <<<=====NOTE Please

**



What is your Idea? I have downloaded it from agnitum.com  .

-----
Babak
www.voidspace.org.uk/babak

------------------------------------------------------------------------
--

-
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off

any

course! All of our class sizes are guaranteed to be 10 students or

less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720

off

any course!

------------------------------------------------------------------------
--

--



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program Mr Babak Memari (Feb 03)
- RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program Joey Peloquin (Feb 04)
- Outpost firewall does NOT have Back Orifice trojan program Mortis (Feb 04)
- <Possible follow-ups>
- RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program Mike (Feb 04)
- RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program Shawn Jackson (Feb 05)