-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Right, It set off alarms with all of my penetration testers hence why we're researching it. The question I have is, has anyone seen port 31337 respond with the .NET REMOTING banner? Our nmap -A claims that it is .NET REMOTING... just seems weird...
Anyone know of any backdoors that do that? The Security Community wrote: > The last time I saw anything on port 31337 (ELEET) it was during a > vulnerability assessment. We shut it down and stopped the assessment. > Management wouldn't let us investigate, then blew the cover on the > assessment a week or two later. > > It's almost always bad, but you may just have an admin with a stupid > sense of humor. > > 31337 should always throw a red flag. > > On 9/28/07, Simon Smith <[EMAIL PROTECTED]> wrote: > > Has anyone ever heard of .NET REMOTING running on port 31337? If so, > have you ever seen it "legitimate"? > > >> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >> - -- - - simon - ---------------------- http://www.snosoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG/UDef3Elv1PhzXgRAjZZAJ4mwrJ0WyvGBUznwbrRu4+/JBd0owCdHcgr aKOuZul4pgLcu4H3Aoo1HuU= =X1Ya -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/