this port is for version 1 of back oriface
jim k
"Craig T. Hancock" wrote:
> Hello all I am doing some reasearch for a friend for a DOS attack on an IRIX 6.5 the attack from what I was told can be ported to
> an unix machine. So I am trying here this is the info that I have on the attack. It is called Hack a Tick.
>
> Hello all a machine that I administer has been involved in a DOS attack on my subnet. THe networking monitor group as told me that
> a person was connecting to my machine via prt 31789 which is a udp port that cause a huge amount of overhead on the network.
> The thing I don't understand is how is this attacked is cause also I don't understand how the person could have gotten in.
> I didn't see any relevant info from the logs, but then again those could have been doctored.
> Port State Protocol Service
> 22 open tcp ssh
> 111 open tcp sunrpc
> 515 open tcp printer
> 620 open tcp unknown
> 800 open tcp mdbs_daemon
> 801 open tcp device
> 1024 open tcp unknown
> 1025 open tcp listen
> 1026 open tcp nterm
> 1030 open tcp iad1
> 1455 open tcp esl-lm
> 2049 open tcp nfs
> 4321 open tcp rwhois
> 6000 open tcp X11
>
> I would like to know exactly how is this attack done, I mean I haven't been able to find out any specifics and how
> is this prevented. I have checked the logs but I haven't been able to find out if the person ever got in. It looks
> like no one was logged in at the time, but then again the logs could have been doctored. Here is a reference to the attack
> this is the only info that I have been able to find.
>
> --
> _______________________________________________________________________
> If life is a dream then I am real I exist in smoke and shadow I see all
> and know nothing beware my mist I am kindred feel thy wraith if tho is
> wronged.
Received on Oct 10 2000
Intro
