RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan program

["Shawn Jackson" <sjackson () horizonusa com>]

> From: Jeff McLaughlin [mailto:JMclaughlin () springsgov com] 
> ....What I believe it tells me is NMAP got a response from port 31337
which 
> is typically (not always) used by Back Orifice.....  

On a windows based host any port greater then 1024 is open game for
dynamic
assignment, usually by RPC. According to RFC 739/768 any port above
49152
should be used for dynamic assignment, but with Microsoft that's just
not
the case. 

> > 31337,BackOrifice,Back Orifice trojan program      <<<=====NOTE Please
**
> > What is your Idea? I have downloaded it from agnitum.com  .

Service.lst is just a Port Number to Common Name mapper. Much
like the /etc/services file in *NIX, as someone else already stated. You
could follow Jeff's and other instructions to check to see if BO is
operating
on your system but I highly doubt the firewall installation placed it
there.

But then again.....

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------