[Full-disclosure] .NET REMOTING on port 31337
Fabrizio
staticrez at gmail.com
Fri Sep 28 19:18:18 BST 2007
On 9/28/07, Simon Smith <simon at snosoft.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Right,
> It set off alarms with all of my penetration testers hence why
> we're
> researching it. The question I have is, has anyone seen port 31337
> respond with the .NET REMOTING banner? Our nmap -A claims that it is
> .NET REMOTING... just seems weird...
>
> Anyone know of any backdoors that do that?
>
>
Any decent programmer can write that into their application. Be worried.
Fabrizio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070928/8ff670fd/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.