Broadcasting on port 31337?
Mike Klinke
lsomike at futzin.com
Mon May 9 21:27:48 UTC 2005
On Monday 09 May 2005 16:14, Richard Crawford wrote:
> Our IT guy tells me that my Linux laptop is broadcasting on port
> 31337. And while I don't trust his competence, I am concerned
> about this. I've looked around and it looks like 31337 is used
> by Back Orifice which, as far as I know, is a Windows beast.
>
> I've added an IPTABLES rule to block outbound traffic to that
> port from my computer but I still need to figure out what's going
> on. Anyone have any ideas?
Broadcasting what?
Run tcpdump/windump or a similar packet capture utility on your lan
to capture the data. Just because you have a PC, Linux or Win,
that uses a particular ephemeral port for outgoing connections is
not an indication of something wrong. Normally a PC will increment
it's port usage and wrap around at port 65535 and begin again so
it's going to run past all ephemeral ports eventually.
Regards, Mike Klinke
More information about the fedora-list
mailing list