Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program
From: Jeff McLaughlin <JMclaughlin () springsgov com>
Date: Tue, 3 Feb 2004 11:58:35 -0700 

If I perform a UDP scan of my Raptor firewall, it will return 31337 as open
and identify it as Back Orifice (also happens to Trinoo).  At first this got
my attention and I physically verified that BackOrifice was not present on
the box.  

What I believe it tells me is NMAP got a response from port 31337 which is
typically (not always) used by Back Orifice.  Try a UDP NMAP scan of the
firewall and see if it returns the same result.  Also, look at
http://www.hackfix.org/bofix/fix2.shtml to verify (or not) that backorifice
is on the system.



Hth,
 
Jeff McLaughlin

-----Original Message-----
From: Mr Babak Memari [mailto:memari () myrealbox com] 
Sent: Tuesday, February 03, 2004 5:26 AM
To: security-basics () securityfocus com
Subject: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice trojan
program

Hi
I have found  this file below in Outpost firewall Pro 2.0.238.3121(290) :
C:\Program Files\Agnitum\Outpost Firewall\Service.lst

After opening it with Notepad I found a trace of "Back Orifice trojan 
program"  :

[udp]
7,ECHO,Echo
9,Discard,Discard
13,Daytime,Daytime
17,QOTD,Quote of the Day
19,Chargen,Character Generator
37,Time,Timeserver
53,DNS,Domain name service
67,BOOTPS,Bootstrap Protocol Server
68,BOOTPC,Bootstrap Protocol Client
137,NETBIOS_NS,NETBIOS Name Service
138,NETBIOS_DGM,NETBIOS Datagram Service
161,SNMP,SNMP (Simple Network Management Protocol)
162,SNMPTRAP,SNMPTRAP (Simple Network Management Protocol)
4000,ICQ,ICQ chat program
31337,BackOrifice,Back Orifice trojan program      <<<=====NOTE Please **


What is your Idea? I have downloaded it from agnitum.com  .

-----
Babak
www.voidspace.org.uk/babak




---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program Jeff McLaughlin (Feb 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]