Re: Hacked - is it my turn? - interesting
On Mon, Feb 02, 2004 at 05:58:29PM -0500, Noah Meyerhans wrote:
>On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
>> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
>> > this exact behavior, with nothing listening on these ports.
>> and am wondering, why explicitly reject those ports and not
>> explicity reject other ports that is also not used ...
>Perhaps it's because some known back door or rarely used (but often
>running by default) service was one one of those ports. IIRC, some well
>known back door listened on port 31337. It's possible that the ISP is
>filtering it on their routers, and thus the scan showed it as filtered
>(assuming that the scan was done from elsewhere and its traffic passed
>through the ISP's routers).
These might come in handy
List of frequently seen TCP and UDP ports and what they mean.
internet ports database
Default ports used by some known trojan horses
The filter is prob an ISP one...
31337 Back Orifice
George Georgalis, Admin/Architect cell: 646-331-2027 <IXOYE><
Linux Infrastructure, Security mailto:firstname.lastname@example.org
Services, Multimedia and Metrics. http://www.galis.org/george