Re: BackOrifice on Linux?

2003-01-31 Thread Karsten M. Self
on Wed, Jan 29, 2003 at 10:15:23AM -0600, Kent West ([EMAIL PROTECTED]) wrote: > Rob Weir wrote: > >On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: > > > >>I just ran the command "sudo nmap -sT -sU localhost" which listed the > >>following: > >>12345/tcp openNetBus

Re: BackOrifice on Linux?

2003-01-29 Thread Kent West
Dave Sherohman wrote: On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: Should I be concerned, or is this maybe part of portsentry or something similar? That's exactly what it is. portsentry listens on every commonly-recognized port that doesn't already have something running

Re: BackOrifice on Linux?

2003-01-29 Thread Ron Johnson
On Tue, 2003-01-28 at 16:43, Kent West wrote: > I just ran the command "sudo nmap -sT -sU localhost" which listed the > following: > > . . . > > 12345/tcp openNetBus > 12346/tcp openNetBus > 27665/tcp openTrinoo_Master > 31

Re: BackOrifice on Linux?

2003-01-29 Thread Dave Sherohman
On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: > Should I be concerned, or is this maybe part of portsentry or something > similar? That's exactly what it is. portsentry listens on every commonly-recognized port that doesn't already have something running there and reports any connec

Re: BackOrifice on Linux?

2003-01-29 Thread Kent West
Rob Weir wrote: On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: I just ran the command "sudo nmap -sT -sU localhost" which listed the following: . . . 12345/tcp openNetBus 12346/tcp openNetBus 27665/tcp openTrinoo_Mast

Re: BackOrifice on Linux?

2003-01-29 Thread Rob Weir
On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: > I just ran the command "sudo nmap -sT -sU localhost" which listed the > following: > > . . . > > 12345/tcp openNetBus > 12346/tcp openNetBus > 27665/tcp openTrinoo_Master

Re: BackOrifice on Linux?

2003-01-29 Thread UnKnown
You may have install the fakebo package it is design to implemente a fake Back Orifice, to capture attacks of this tipe to your network. Any way run a netstat -p to see wich process is using that port. Cheers, rak On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: > I just ran th

BackOrifice on Linux?

2003-01-28 Thread Kent West
I just ran the command "sudo nmap -sT -sU localhost" which listed the following: . . . 12345/tcp openNetBus 12346/tcp openNetBus 27665/tcp openTrinoo_Master 31335/udp openTrinoo_Register 31337/tcp open