From owner-freebsd-security  Tue Aug 11 20:17:13 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA06984
          for freebsd-security-outgoing; Tue, 11 Aug 1998 20:17:13 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from iq.org (polysynaptic.iq.org [203.4.184.222])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA06977
          for <freebsd-security@FreeBSD.ORG>; Tue, 11 Aug 1998 20:17:09 -0700 (PDT)
          (envelope-from proff@iq.org)
Received: (qmail 27725 invoked by uid 110); 12 Aug 1998 03:16:29 -0000
To: bmah@CA.Sandia.GOV
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: UDP port 31337
References: <199808120110.SAA14483@stennis.ca.sandia.gov>
From: Julian Assange <proff@iq.org>
Date: 12 Aug 1998 13:16:29 +1000
In-Reply-To: bmah@CA.Sandia.GOV's message of "Tue, 11 Aug 1998 18:10:00 -0700"
Message-ID: <wxogtqkhyq.fsf@polysynaptic.iq.org>
Lines: 24
X-Mailer: Gnus v5.6.23/XEmacs 20.4 - "Emerald"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

bmah@CA.Sandia.GOV (Bruce A. Mah) writes:

> [1  <text/plain; us-ascii (7bit)>]
> A marginally off-topic question:  Can anyone tell me what service uses UDP 
> port 31337?  I have a FreeBSD box that has received and logged three packets 
> on this port in the last 24 hours:
> 
> Aug 11 04:41:35 hornet /kernel: Connection attempt to UDP WW.XX.YY.ZZ:31337 
> from AA.BB.CC.DD:1190
> 
> Give prior experience on the target machine, I wouldn't be surprised if it's 
> part of a portscan, but I don't know what such a scan would be probing for.
> 
> Thanks in advance,
> 
> Bruce.
> 

Remember 31337 (eleet) is prime.

It's sprobably a scan for Back Orifice, which uses that port, but don't bet
the farm on it.

Julian.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message