lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 28 Sep 2007 14:42:51 -0400
From: Simon Smith <simon@...soft.com>
To: Fabrizio <staticrez@...il.com>
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: .NET REMOTING on port 31337

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unfortunately I do not have the control or authority to dig into it
further... but your input has been helpful...

Fabrizio wrote:
> If you think it's that critical, (i think it's that critical) start by
> blocking any connections from anywhere to that machine/port. See if
> anyone complains. Check any old firewall logs for that port while you're
> at it. Then continue your investigation!!
> 
> Fabrizio
> 
> On 9/28/07, *Simon Smith* <simon@...soft.com <mailto:simon@...soft.com>>
> wrote:
> 
> Got output... and it was... no idea what it was... can't paste it due to
> confidentiality though.
> 
> Fabrizio wrote:
>> .NET Remoting is "a generic system for different applications to
> use to
>> communicate with one another." It's part of the .NET framework,
>> obviously. (not trying to be a smart ass)
> 
>> I'm gonna take a wild guess and say it's not a good thing......
> 
>> Connect to it, and see if you get any output, if you haven't already
>> done so.
> 
>> Fabrizio
> 
> 
> 
>> On 9/28/07, * Simon Smith* < simon@...soft.com
> <mailto:simon@...soft.com>
>> <mailto:simon@...soft.com <mailto:simon@...soft.com>>> wrote:
> 
> 
>> Has anyone ever heard of .NET REMOTING running on port 31337? If so,
>> have you ever seen it "legitimate"?
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> <http://lists.grok.org.uk/full-disclosure-charter.html>
> <http://lists.grok.org.uk/full-disclosure-charter.html>
> Hosted and sponsored by Secunia - http://secunia.com/
> <http://secunia.com/>
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 

> ------------------------------------------------------------------------

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


- --

- - simon

- ----------------------
http://www.snosoft.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFG/Usqf3Elv1PhzXgRAh5AAJ0RxE4tIngEn8UEEI4zAcegyrwpWgCfV/So
VujlHHNApdBkb4oyl9n698I=
=Xp4i
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ