From: Mark Grafing [Mark.Grafing@KnowledgeBaseMarketing.com] Sent: Wednesday, August 04, 1999 2:43 PM To: 'Joel Eriksson'; Ng, Christopher Cc: ntsecurity@iss.net Subject: RE: [NTSEC] Back Orifice 2000 TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net Contact ntsecurity-owner@iss.net for help with any problems! --------------------------------------------------------------------------- It seems to me that Back Orifice is dangerous and useful. cDc's Back Orifice IS NOT the only like program out there....here is a short list of some others and the ports they use. I DID NOT compile this list personally. The tHing 6400 NetBus 1.x (avoiding Netbuster) 12346 NetBus Pro 20034 BackOriffice 31337 SubSeven 1243 NetSphere 30100 Deep Throath 6670 Master Paradise 31 Silencer 1001 Millenium 20000 Devil 1.03 65000 NetMonitor 7306 Streaming Audio Trojan 1170 Socket23 30303 Gatecrasher 6969 Telecommando 61466 Gjamer 12076 IcqTrojen 4950 Priotrity 16969 Vodoo 1245 Wincrash 5742 Wincrash2 2583 Netspy 1033 ShockRave 1981 Stealth Spy 555 Pass Ripper 2023 Attack FTP 666 GirlFriend 21554 Fore, Schwindler 50766 Tiny Telnet Server (added 05/10/99) 34324 Kuang (added 05/10/99) 30999 Senna Spy Trojans (added 05/10/99) 11000 WhackJob (added 05/10/99) 23456 Phase0 (added 05/10/99) 555 BladeRunner (added 05/11/99) 5400 IcqTrojan (added 05/11/99) 4950 InIkiller (added 05/11/99) 9989 PortalOfDoom (added 05/11/99) 9872 ProgenicTrojan (added 05/11/99) 11223 Prosiak 0.47 (added 05/11/99) 22222 RemoteWindowsShutdown (added 05/11/99) 53001 RoboHack (added 05/11/99) 5569 Silencer (added 05/11/99) 1001 Striker (added 05/11/99) 2565 TheSpy (added 05/11/99) 40412 TrojanCow (added 05/11/99) 2001 UglyFtp (added 05/11/99) 23456 WebEx (added 05/11/99) 1001 Backdoor (added 05/11/99) 1999 Phineas ( Submitted by Nikhil Gupta http://come.to/pune ) 2801 Psyber Streaming Server ( Submitted by Nikhil Gupta http://come.to/pune ) 1509 Indoctrination (added 05/12/99) 6939 Hackers Paradise (added 05/17/99) 456 Doly Trojan (added 05/17/99) 1011 FTP99CMP (added 05/17/99) 1492 Shiva Burka NOT in our archive (added 05/17/99) 1600 Remote Windows Shutdown (added 05/17/99) 53001 BigGluck, aka TN in our archive (added 05/17/99) 34324 NetSpy DK NOT in our archive (added 05/17/99) 31339 Hack´99 KeyLogger (added 05/17/99) 12223 iNi-Killer (added 05/17/99) 9989 ICQKiller (added 05/17/99) 7789 Portal of Doom (added 05/17/99) 9875 Firehotcker NOT in our archive (added 05/17/99) 5321 Master Paradise 40423 BO jammerkillahV (added 05/19/99) 121 AOLTrojan1.1 (added 05/19/99) 30029 Hack'a'tack (added 05/21/99) 31787 The Invasor (added 05/21/99) ( Submitted by Nikhil Gupta http://come.to/pune ) 2140 SpySender (added 05/21/99) ( Submitted by Nikhil Gupta http://come.to/pune ) 1807 The Unexplained (added 05/23/99) 29891 Bla (added 05/28/99) 20331 FileNail (added 05/28/99) ( Submitted by Danny ) 4567 ShitHeep (added 05/28/99) ( Submitted by Danny ) 69123 Coma (added 05/28/99) ( Submitted by Danny ) 10607 Bla1.1 (added 06/08/99) 1042 HVL Rat5 (added 06/08/99) 2283 BackConstruction1.2 (added 06/08/99) 5400 Kuang2 theVirus (added 06/12/99) 17300 Xtcp (added 06/17/99) 5550 Schwindler 1.82 (added 06/22/99) 21554 Wingate (Socks-Proxy) 1080 DeltaSource (Submitted by DarkStar) 6883 In short, I understand what Joel is saying...and he is right by me! ~MARK~ -----Original Message----- From: Joel Eriksson Sent: Saturday, July 31, 1999 1:28 PM To: Ng, Christopher Cc: ntsecurity@iss.net Subject: Re: [NTSEC] Back Orifice 2000 TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net Contact ntsecurity-owner@iss.net for help with any problems! --------------------------------------------------------------------------- On Wed, Jul 28, 1999 at 01:48:33PM +0100, Ng, Christopher wrote: > To define a hacker or "cracker" as being one thing another is at best, > simplistic, and at worst irrelevant. Every person hacker or not has their > own set of ethics. To describe someone who breaks into remote systems as > simply persons on a `quest for knowledge' is to expect such individuals to > morally conform to a description by which you perceive them. The importance > in this issue is that such persons, labelled or otherwise, should not be > allowed to be in your system, and therefore in a position to make such > taxing ethical decisions, in the first place. He did not define "someone who breaks into remote systems" as a hacker. He mentioned the two stereotypes that most people who break into systems can be labelled as. There are the destructive ones, and the ones who are motivated by a thirst for knowledge and thus has no interest in destroying or modifying anything on the systems. Since the latter know how to cover their tracks, it is usually the "crackers" (using the definitions supplied by Artan) that gets caught and noticed by media, but described as "hackers". But _of_course_ noone should be allowed in to your systems, whether they can be labelled as crackers or hackers. That doesn't mean the definitions are worthless though.. -- Joel Eriksson jen@ettnet.se Security Consultant