Upon port scanning our linux server for security holes it responds on port 31337 (back Orifice ) this was a fresh load no 3rd party software loaded on. there is no entry in services or inetd.conf for this port.. i could be wrong but it looks to me like someone have buried a back door into RHL at some point.. Very disturbing...
This does not happen here for us in our test installation of a 5.2 box.