-
May 3rd, 2003, 09:44 PM
#1
Member
AHHHHH CRAP PORT 31337 IS ACTIVE when i netstat...
hello all,
I just ran good old net stat and noticed that port 31337 is active (i think) with the wild card *:*
in its for. address slot. I have read on this forum that port 31337 or 1337 (im not sure, which) is a pretty good sign that you have someone else playing with your machine...
I also have port 3013 connect to some type of hotmail/ messanger. I assume this is just windows messanger, but can anyone give me a REAL answer to my questions here
Free Speach is nothing but a giant noose. If you are dumb enough to stick your neck into it, then you had better be prepared for someone else to choke your mouth shut.
-
May 3rd, 2003, 10:12 PM
#2
Sounds like good old BackOrifice or a derivative, a quick Google turned up this:
Port 31337 Back Orifice
Back Orifice (UDP)
Back Orifice is a backdoor program that commonly runs at this port. Scans on this port are usually looking for Back Orifice.
Back Orifice is a "backdoor" tool developed by the hacking group Cult of the Dead Cow and released in August 1998. Systems are infected in the normal Trojan Horse manner: a person downloads or is sent an executable from the Internet. Once the executable runs, it invisibly runs on the system, providing full access to outside hackers. Hackers regularly scan the Internet looking for people who have been compromised by this program.
For the good oil have a look here: http://www.symantec.com/avcenter/backorifice.html
Most anti-virus software detects BO these days.
Here is another link to a site for detecting the presence of BO: http://www.nwinternet.com/~pchelp/bo/morefindBO.htm
I did note that on another post you are running Back Officer - I am not very familiar with the product, could it be that its sitting there listening on Port 31337 waiting to do its stuff
-
May 3rd, 2003, 10:37 PM
#3
Banned
Yeah and like Phat_Penguin said... your anti-virus should detect that. Im sure there are some other/better trojan removal out there but this was the first URL I caught and it was the first cleaner to come to mind... anyways here it is... http://www.moosoft.com/thecleaner/download.php
Sorry its only a 30day trail but it beats nothing at all...
Besides checking port you might also want to checkout some of the registries on your system and see if BO's is there.
-
May 3rd, 2003, 10:45 PM
#4
Looks to me like it could be Back Officer, I found this on the web,
"BackOfficer Friendly is a spoofing server application that runs on your Windows system, and actively notifies you whenever someone attempts to remotely control your system using Back Orifice. Basically, it pretends to be a Back Orifice server. BackOfficer Friendly gives the attacker false answers that look like they came from Back Orifice, while logging the attacker's IP address and the operations they attempted to perform.
BackOfficer Friendly can interact with the hackers, pretending to be a Back Orifice server or server for other types of requests. Instead of silently discarding their commands, it sends them responses (sometimes humorous) that look somewhat like a real system. Of course, it also notifies you of the commands they tried."
Try turning it off and run Netstat again and see what happens. If port 31337 disappears - there is you answer, it was Back Officer doing its stuff and you should be OK.
-
May 4th, 2003, 12:07 AM
#5
hmm...well...I have 31337 open on my system, but for a totaly different reason, I run some security Honeypots on my system....well.....fake servers any way...so if your AV is not kicking in, then I'm guessing it's some kind of fake server or security measure your running....only other explenation...any way...any hafl decent Firewall should deny any access to that port, and any transmissions from it by default...
If this isn't the case, check out the formentioned links
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
May 4th, 2003, 02:32 AM
#6
Member
MAJOR Kudos to phat_penguin,
I killed back officer and the port closed down nicely.
Thank you for helping me better understand BO penguin
Cheers
Free Speach is nothing but a giant noose. If you are dumb enough to stick your neck into it, then you had better be prepared for someone else to choke your mouth shut.
-
May 4th, 2003, 03:38 AM
#7
31337 what an elite port
/me waits for drum roll....................
still waiting......................................
ok where is it?????
right ok dont appriciate my jokes
/me wanders off muttering 'pah dont know humor when they see it'
v_Ln
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|