[PLUG] Isn't this a lot of ports to have open?

Michael Montagne montagne at boora.com
Wed Sep 11 16:06:12 UTC 2002


>On 11/09/02, from the brain of Mike De La Mater tumbled:

> No, it's the weirdest- No Windows on the PC at all. Nothing 
> to run an exe in sight.
> 
> I've done a bit more research, and downloaded a tool to find 
> the RSTb worm. I don't get a hit on the rstb_detector, 
> claiing it doesn't have that one. 
> 
> I NEVER read e-mail or d/l files from that PC, it's a server, 
> not a workstation. 
> 
> I'm wondering if it's related to the front page stuff I've 
> got running on it. Maybe that cr__ has the ability to get 
> infected on it's own...
> 
> Mike
> 
> 
> 9/11/02 7:20:38 AM, Sandy Herring <sandy at herring.org> wrote:
> Mike,
> 
> 54320/tcp  open        bo2k                                                    
> 54321/udp  open        bo2k
> 
> ..are also Back Orifice. Is this a dual-boot w/Windows?

I once installed portsentry and it made it look like I had open ports
like this.  I didn't like that cause it seemed to call attention to
myself in the wrong circles.  Even if they were all simply traps by
portsentry, I didn't want to attract any undue attention.

-- 
  Michael Montagne  [montagne at boora.com]   503.226.1575 
--    




More information about the PLUG mailing list