[Techtalk] Trojans or not (What to do when disaster strikes)

Raven, corporate courtesan raven at oneeyedcrow.net
Mon Apr 1 18:38:14 EST 2002


Heya --

Quoth phiber2001 (Fri, Mar 29, 2002 at 12:43:50PM +0600):
> All gave me the same result - those ports (31337, 12345, 12346) were
> listened by Portsentry (something I recently installed).  My question
> is why Portsentry is listening for those ports. I mean, so far I know
> these trojans are only for Windows platforms.

	They are primarily designed for attacking Windows platforms.
(Back Orifice has some limited Linux support now -- look at their page
on sourceforge for details.  http://sourceforge.net/projects/bo2k/ )
However, do you care if you're being scanned for these vulnerabilities?
After all, unless they've done their homework, the attacker won't know
what kind of OS you're running.  Most portscan first, and then OS
fingerprint later if at all.

	Portsentry will let you know when someone's looking at your box
for that sort of compromise; it's up to you whether you care or not.  I
run Apache, but I still get hit with attempts at IIS exploits all the
time, and I log them and send them to the appropriate ISP.  None of the
FTP servers that I run were vulnerable to the file-globbing exploit, but
I still kept an eye out for attempts to break into my system that way.
Even if an attack wouldn't work against my box, I still like to know
about it.  The same person might try something that has more of a chance
of success.

Cheers,
Raven 
 
"That should be: "If cryptography is outlawed, only bhgynjf jvyy unir
 pelcgb!" Or maybe, for maximum effect, "...only pvumbxt xjmm ibwf
 dszqup!""
 -- Kai, on 'better' cryptography

MD5 (outlaws) = 4c86ccf216da19edcc4b80e3824b67ab
 -- my response



More information about the Techtalk mailing list