On 4 Aug 99, at 10:39, Sam James wrote:
> Back Orifice traffic is UDP port 31337
> Log and block incoming traffic destined for this port
>
> BO2K is not as easy to detect, as it can be configured to use TCP or UDP as
> the transport and can be configured for any port. You actually have to look
> at traffic on the wire.
The original Back Orifice could also be configured to use any port.
[If you watch for scans on port 31337, you *will* catch a certain number of
script-kiddies seeking "low-hanging fruit".]
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
