On Mon, Feb 02, 2004 at 05:58:29PM -0500, Noah Meyerhans wrote: >On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote: >> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get >> > this exact behavior, with nothing listening on these ports. >> >> and am wondering, why explicitly reject those ports and not >> explicity reject other ports that is also not used ... > >Perhaps it's because some known back door or rarely used (but often >running by default) service was one one of those ports. IIRC, some well >known back door listened on port 31337. It's possible that the ISP is >filtering it on their routers, and thus the scan showed it as filtered >(assuming that the scan was done from elsewhere and its traffic passed >through the ISP's routers).
These might come in handy http://www.networkice.com/advice/Exploits/Ports/ List of frequently seen TCP and UDP ports and what they mean. http://www.portsdb.org/ internet ports database http://www.sans.org/resources/idfaq/oddports.php Default ports used by some known trojan horses The filter is prob an ISP one... 31337 Back Orifice // George -- George Georgalis, Admin/Architect cell: 646-331-2027 <IXOYE>< Linux Infrastructure, Security mailto:[EMAIL PROTECTED] Services, Multimedia and Metrics. http://www.galis.org/george
