Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 31337 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 31337 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp ADMworm [trojan] ADM worm
tcp cron/crontab [trojan] cron / crontab
tcp DeepBO [trojan] Deep BO
tcp Elite Sometimes interesting stuff can be found here here
tcp Freak2k [trojan] Freak2k
tcp Freak88 [trojan] Freak88
tcp Gummo [trojan] Gummo
tcp icmp_pipe.c [trojan] icmp_pipe.c
tcp LinuxRootkitIV [trojan] Linux Rootkit IV
tcp BOspy [trojan] BO spy
tcp BOFacil [trojan] BO Facil
tcp BOclient [trojan] BO client
tcp BackFire [trojan] Back Fire
tcp BackOrifice1.20patches [trojan] Back Orifice 1.20 patches
tcp BackOrifice(Lm) [trojan] Back Orifice (Lm)
tcp BackOrificerussian [trojan] Back Orifice russian
tcp BaronNight [trojan] Baron Night
tcp Beeone [trojan] Beeone
tcp bindshell [trojan] bindshell
tcp BO2 [trojan] BO2
udp BackOrifice cDc Back Orifice remote admin tool
[get complete service list]
User Comments
Submitted By Date
Comment
Tony 2006-12-22 13:58:41
This is the default port for psyBNC; an IRC relay daemon/server (or BouNCer). It is common to find several instances of the daemon running with ~50 max clients on the same machine. Another port can be used to link psyBNC daemons together, optionaly using SSL encryption. Linking is optional. I cant remember which port it uses by default, something like 7000 I think. See: http://www.psybnc.at/ for more info.
Tim Chase 2004-04-27 23:45:03
According to an update by US-CERT (April 22, 2004), the recent upsurge in activity may be due to a recently released exploit (involving our old friend, the buffer overflow) for Microsoft Private Communications Technology. PCT runs on port 443 using tcp, and the exploit connects a command shell on port 31337, using tcp. See: http://www.us-cert.gov/current/current_activity.html (April 23, 2004)
Add a comment
CVE Links
CVE # Description