TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
It certainly looks that way. I know of no legitimate applications which
hold port 12345 open for sessions, besides NetBus. Have you informed the
various victims of the problem?
Gary McIntyre
Network Consultant
LGS Group Inc.
[EMAIL PROTECTED]
This user's PGP Public Keys can be
obtained from certserver.pgp.com
----- Original Message -----
From: "Data_surge <[EMAIL PROTECTED]>@LGS"
<[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Sent: Friday, January 21, 2000 2:40 PM
Subject: Netbus ?
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
--
>
> Hey there all,
> Lately i have been scanning a number of host for record purposes, and on a
> number of large isp and e-commerce sites i have found a port open for
netbus
> the
> port is 12345 i did not beleive it at first and got my port listing docs
> out
> to verify that it was something elese and on both counts it came up
> unverified.
> I can say safley say that the largest isp in my country has been ifected
> with
> netbus. Here is one of the logs.
> Starting nmap V. 2.3BETA13 by [EMAIL PROTECTED]
( www.insecure.org/nmap/ )
> Interesting ports on the url ? (a ip:0)
> Port State Protocol Service
> 21 open tcp ftp
> 22 open tcp ssh
> 23 open tcp telnet
> 25 open tcp smtp
> 53 open tcp domain
> 80 open tcp http
> 110 open tcp pop-3
> 111 open tcp sunrpc
> 443 open tcp https
> 12345 open tcp NetBus
>
> TCP Sequence Prediction: Class=random positive increments
> Difficulty=34403 (Worthy challenge)
> Remote operating system guess: FreeBSD 2.2.1 - 3.2
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 65 seconds
>
>
