From owner-freebsd-security  Tue Aug 11 19:29:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA28643
          for freebsd-security-outgoing; Tue, 11 Aug 1998 19:29:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.kt.rim.or.jp (mail.kt.rim.or.jp [202.247.130.53])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA28593
          for <freebsd-security@FreeBSD.ORG>; Tue, 11 Aug 1998 19:29:26 -0700 (PDT)
          (envelope-from daniel@kt.rim.or.jp)
Received: from periscope (ppp174.kt.rim.or.jp [202.247.139.174])
	by mail.kt.rim.or.jp (8.8.5/3.6W-RIMNET-98-06-09) with SMTP id LAA13802;
	Wed, 12 Aug 1998 11:28:50 +0900 (JST)
Message-ID: <004101bdc599$2c6f9420$4100a8c0@periscope.digital-canvas.com>
Reply-To: "Daniel Minoru Saito" <daniel@kt.rim.or.jp>
From: "Daniel Minoru Saito" <daniel@kt.rim.or.jp>
To: <ben@rosengart.com>, "Bruce A. Mah" <bmah@CA.Sandia.GOV>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: UDP port 31337
Date: Wed, 12 Aug 1998 11:30:28 +0900
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Funny that you see this right now..
Although you might want to trace where you see this originating from.

Its the infamous Back Oriface by cDc.  It utilizes port 31337.  It basically
a virus that someone can fully control a win95/98 box remotely.


more information is at the cDc Site: http://www.cultdeadcow.com/tools/

dan

-----Original Message-----
From: Snob Art Genre <benedict@echonyc.com>
To: Bruce A. Mah <bmah@CA.Sandia.GOV>
Cc: freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG>
Date: Wednesday, August 12, 1998 11:23 AM
Subject: Re: UDP port 31337


>31337 spells ELEET if you squint hard enough.
>
>On Tue, 11 Aug 1998, Bruce A. Mah wrote:
>
>> A marginally off-topic question:  Can anyone tell me what service uses
UDP
>> port 31337?  I have a FreeBSD box that has received and logged three
packets
>> on this port in the last 24 hours:
>>
>> Aug 11 04:41:35 hornet /kernel: Connection attempt to UDP
WW.XX.YY.ZZ:31337
>> from AA.BB.CC.DD:1190
>>
>> Give prior experience on the target machine, I wouldn't be surprised if
it's
>> part of a portscan, but I don't know what such a scan would be probing
for.
>>
>> Thanks in advance,
>>
>> Bruce.
>>
>>
>>
>>
>>
>
>
>
> Ben
>
>"You have your mind on computers, it seems."
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message