Bugtraq mailing list archives

Back Orifice detection and removal

From: ia () ST-ANDREWS AC UK (The Late Ian Angles)
Date: Thu, 3 Sep 1998 20:28:02 +0100


-----BEGIN PGP SIGNED MESSAGE-----

Hey Everybody,

I'm just back on the bugtraq list so apologies if anyone's already done
this and we don't know about it....

One of my colleagues, Simon Smith, has written a Back Orifice detection
and removal program called B.O.R.E.D (which stands for something less
obscene than the working title...) and can be obtained from
http://www.st-andrews.ac.uk/~sjs/bored/bored.html with a few
explanations.

Any (uh, most :-) comments and criticism will be appreciated (then
deleted, restored from backup, printed off and recycled as
firelighters)

ian
- -

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNe7tw238tEG3GXvhAQEQ/wQA0F9KcTMCY9s01QUCU4ijPda6YStOdIhi
T+VMLsRiVoEECcsOVYl04Jc+JMrB59kCPZgVjQhTG2LZTfUtrbT7yuywVQTTIoWM
4DbVdd+o93AvsOrUlWQCNpUBtDieosDOcm4R1K++qHVlL+BWKLbn8VXQBuqb+b2X
DSF/ZtyCdJk=
=9egj
-----END PGP SIGNATURE-----

Current thread:

Borderware predictable initial TCP, (continued)
- - Borderware predictable initial TCP racer-x () ALTAVISTA NET (Sep 02)
    - Re: Borderware predictable initial TCP Aggelos P. Varvitsiotis (Sep 03)
    - Web servers / possible DOS Attack / mime header flooding Laurent FACQ (Sep 03)
    - Re: Web servers / possible DOS Attack / mime header flooding Vanja Hrustic (Sep 03)
    - wwwboard.pl vulnerability bugtraq (Sep 03)
    - Re: Web servers / possible DOS Attack / mime header flooding Rich Wood (Sep 03)
    - Re: Web servers / possible DOS Attack / mime header flooding Daniel Leeds (Sep 03)
    - Re: Web servers / possible DOS Attack / mime header flooding Lars Eilebrecht (Sep 03)
    - Fwd: [ISN] Another BO detector that is actually a trojan Reuben Yau (Sep 03)
    - Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Sep 03)
    - Back Orifice detection and removal The Late Ian Angles (Sep 03)
  - Cisco Security Notice: PIX Firewall Manager File Exposure psirt () CISCO COM (Sep 02)
- Re: Security Hole in Axent ESM Jim Dennis (Sep 03)
- Re: Security Hole in Axent ESM dcupp () SNAKEBITE COM (Sep 24)