TDS-3 Backdoor Knock help, please

Greetings all,

I've got a simple question I was hoping someone here could help me with. I recently did a backdoor knock scan on my local computer and got the following reply/result from the TDS-3 backdoor plugin:

UDP Port 31337 --> (o)
UDP Port 60000 --> (o)

I was wondering if the " (o) " in this case means that these two ports are open. I can't find any documentation on this...

Thanks everyone,

Ted

 

Hi TEd, those are UDP connections, seems on an XP system TDS doesn't show them as expected, as on my Win98 system they just are "didn't respond" and on the XP i have the same like you.
But i suppose you have for port UDP 31666 "didn't respond" as well.
With the plugin Trojan Ports check you might see other ports open.

If you activated the Sockets in the upper right corner you have TDS listening on those ports so eventual malware can never use those same ports.

 

Thanks, Jooske! I'll try out port explorer and see what turns up as well. I appreciate your help!

 

My Port Explorer shows me nicely the TDS sockets listening on those ports, the TCP as well as their corresponding UDP ports.
You see that port 60000 as TCP and UDP both in the Backdoor Knock, good for this one
RAT: DeepThroat 2.0 & 3.0, Foreplay or Reduced Foreplay, Sockets des Troie
Port Explorer will show you some of the UDP connected to your computer name, others to the localhost name.
In my HOSTS file i added an extra line like
127.0.0.1 www.jooskesdomain.com (something not existing anyway)
so Port Explorer will show in several cases that name in stead of localhost, giving an idea what exactly is connected to where.
Also very nice if you networked your system!