If you think it's that critical, (i think it's that critical) start by blocking any connections from anywhere to that machine/port. See if anyone complains. Check any old firewall logs for that port while you're at it. Then continue your investigation!!
<br><br>Fabrizio<br><br><div><span class="gmail_quote">On 9/28/07, <b class="gmail_sendername">Simon Smith</b> <<a href="mailto:simon@snosoft.com">simon@snosoft.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Got output... and it was... no idea what it was... can't paste it due to<br>confidentiality though.<br><br>Fabrizio wrote:<br>> .NET Remoting is "a generic system for different applications to use to
<br>> communicate with one another." It's part of the .NET framework,<br>> obviously. (not trying to be a smart ass)<br>><br>> I'm gonna take a wild guess and say it's not a good thing......<br>
><br>> Connect to it, and see if you get any output, if you haven't already<br>> done so.<br>><br>> Fabrizio<br>><br>><br>><br>> On 9/28/07, * Simon Smith* <<a href="mailto:simon@snosoft.com">
simon@snosoft.com</a><br>> <mailto:<a href="mailto:simon@snosoft.com">simon@snosoft.com</a>>> wrote:<br>><br>><br>> Has anyone ever heard of .NET REMOTING running on port 31337? If so,<br>> have you ever seen it "legitimate"?
<br>><br>><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br><<a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a>><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/
</a><br><br><br><br>> ------------------------------------------------------------------------<br><br>> _______________________________________________<br>> Full-Disclosure - We believe in it.<br>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>> Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br><br><br>- --<br><br>- - simon<br><br>- ----------------------<br>
<a href="http://www.snosoft.com">http://www.snosoft.com</a><br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.5 (Darwin)<br><br>iD8DBQFG/UY+f3Elv1PhzXgRAs/BAJ42Vwk5+cvWfoYo4wUl74LDnUtz7wCgzW9s<br>O/+SDoZYgZ1r1oDjKpKzZIo=
<br>=n54j<br>-----END PGP SIGNATURE-----<br></blockquote></div><br>