[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacked - is it my turn? - interesting

On Mon, Feb 02, 2004 at 05:58:29PM -0500, Noah Meyerhans wrote:
>On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
>> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
>> > this exact behavior, with nothing listening on these ports.
>> 
>> and am wondering, why explicitly reject those ports and not
>> explicity reject other ports that is also not used ...
>
>Perhaps it's because some known back door or rarely used (but often
>running by default) service was one one of those ports.  IIRC, some well
>known back door listened on port 31337.  It's possible that the ISP is
>filtering it on their routers, and thus the scan showed it as filtered
>(assuming that the scan was done from elsewhere and its traffic passed
>through the ISP's routers).

These might come in handy

http://www.networkice.com/advice/Exploits/Ports/
List of frequently seen TCP and UDP ports and what they mean.

http://www.portsdb.org/
internet ports database

http://www.sans.org/resources/idfaq/oddports.php
Default ports used by some known trojan horses

The filter is prob an ISP one...

31337	Back Orifice

// George


-- 
George Georgalis, Admin/Architect   cell: 646-331-2027    <IXOYE><
Linux Infrastructure, Security      mailto:george@galis.org       
Services, Multimedia and Metrics.   http://www.galis.org/george
Reply to: