[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BackOrifice on Linux?



On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote:
> I just ran the command "sudo nmap  -sT -sU localhost" which listed the 
> following:
> 
> . . .
> 
> 12345/tcp  open        NetBus                 
> 12346/tcp  open        NetBus                 
> 27665/tcp  open        Trinoo_Master          
> 31335/udp  open        Trinoo_Register        
> 31337/tcp  open        Elite                  
> 31337/udp  open        BackOrifice            
> 32770/udp  open        sometimes-rpc4         
> 
> . . .
> 
> 
> 
> Should I be concerned, or is this maybe part of portsentry or something 
> similar?

No idea.  nmap, amazing as it is, isn't the only tool you need though.
Try running 'netstat -ntuple' to see which programs are actually
listening, according to the kernel.  Of course, netstat could have been
replaced with a trojaned version, and your kernel could have been messed
with, but, otherwise it'll show you what programs are listening on
your ports...

-rob

Attachment: pgp1SZhrnvnsr.pgp
Description: PGP signature


Reply to: