Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BO Was:Do I need to worry about this?



Being on an "always on" connection in the cable subnet I get scanned at
least once a day for this. So I was bored one day and set up fakebo. It is
a honey pot sort of and shows you what people do when they find a open bo
port, you can customize it to make it reply anything you want. Most people
that find open bo ports will just use the redirect utility and use you as
a bounce port for more malicious activities. If anyone wants I could send
you a log of past sessions with this, kinda funny but also a look into the
cracker mentality.

http://cvs.linux.hr/fakebo/


Kris Loranger
Network Systems Engineer
Belenosinc.com
kris at kancer.978.org
IRC:efnet, #978 AIM:KancerKris
Run Linux, keep the net free!

On Mon, 17 Jul 2000, David Lapointe wrote:

> On Sun, 16 Jul 2000, Bill Horne wrote:
> > From my messages file on my firewall:
> > 
> > Jul 16 21:05:26 server kernel: Packet log: input REJECT ppp0 
> > PROTO=17 200.210.110.18:31338 \
> > 32.101.212.18:31337 L=47 S=0x00 I=38386 F=0x0000 T=111
> > 
> > The 32... address is my IBM network dialup.  This looks like 
> > NetBios/Back Orifice.  IIRC, they use those ports, but my 
> > memory's hazy.
> 
> 31337 is the BO port. Maybe write to abuse at tecsat.com.br or do a whois and see who is responsible for those
> addresses.  It's harmless to UNIX ( unless you are runnng a BO port ;-) and you did reject it.  
> 
> I get scanned for these and others frequently.  They are all rejected by hte FW.
> 
> > The IP goes to stc18.tecsat.com.br, which is probably an owned 
> > machine.  Who do I tell about it?
> > 
> > TIA.
> > 
> > Bill Horne
> > -
> 
> -- 
>  .david
>  David Lapointe
> There are two priorities: what you're doing right now, and everything else. Change
> what you are doing based on intuitive surrender to the part of you that knows best.
> David Allen
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org