Beware 'Brown Orifice'

Beware 'Brown Orifice'
Kevin Poulsen, SecurityFocus 2000-08-07

The latest in backdoor programs comes in through your web browser.

What ports does Brown orifice use, how can it be detected? 2000-08-08
Sean Boran (2 replies)

What ports does Brown orifice use, how can it be detected? 2000-08-08
morphon (at) yahoo (dot) com [email concealed]

If you check on his site, you will notice that the port is user-specifiable, so it could run on ANY port. However, it defaults to port 8080 (a port well known for running httpd on a box not owned as root), so it shouldn't be that hard to track as default. Anyone wanting to cover their tracks would naturally not use 8080. The best defense is to know exactly which ports should be open and look for anomalies rather than have a red light come on when a particular port is scanned as open.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/70/2949#2949

What ports does Brown orifice use, how can it be detected? 2000-08-08
Henri Torgemane <henri_torgemane (at) yahoo (dot) com [email concealed]>

Re: Beware 'Brown Orifice' 2000-08-09
Lori Carrig (2 replies)

Re: Beware 'Brown Orifice' 2000-08-09
Bruce

Re: Beware 'Brown Orifice' 2000-08-11
netapi (2 replies)

IP not snatchable from IE? well sorta. 2000-08-11
henri torgemane

Re: Beware 'Brown Orifice' 2000-08-17
Orca_sniff