Re: Hacked - is it my turn? - interesting
On Mon, Feb 02, 2004 at 05:58:29PM -0500, Noah Meyerhans wrote:
>On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
>> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
>> > this exact behavior, with nothing listening on these ports.
>>
>> and am wondering, why explicitly reject those ports and not
>> explicity reject other ports that is also not used ...
>
>Perhaps it's because some known back door or rarely used (but often
>running by default) service was one one of those ports. IIRC, some well
>known back door listened on port 31337. It's possible that the ISP is
>filtering it on their routers, and thus the scan showed it as filtered
>(assuming that the scan was done from elsewhere and its traffic passed
>through the ISP's routers).
These might come in handy
http://www.networkice.com/advice/Exploits/Ports/
List of frequently seen TCP and UDP ports and what they mean.
http://www.portsdb.org/
internet ports database
http://www.sans.org/resources/idfaq/oddports.php
Default ports used by some known trojan horses
The filter is prob an ISP one...
31337 Back Orifice
// George
--
George Georgalis, Admin/Architect cell: 646-331-2027 <IXOYE><
Linux Infrastructure, Security mailto:george@galis.org
Services, Multimedia and Metrics. http://www.galis.org/george
Reply to: