TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi all,
I do know that TrendMicro's OfficeScan uses port 12345 for client-server
communication. It did seemed very strange to me that an AV vendor uses this
port for one of their products, though. They should know better. But I don't
think OfficeScan runs on public-accessible servers. So Netbus might be
causing pain here...
Jean-Hugues
> -----Original Message-----
> From: Robert Zachary [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 21, 2000 10:45 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Netbus ?
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help
> with any problems!
> --------------------------------------------------------------
> --------------
>
> Keep in mind that they may be also running this as a daemon
> to lure script
> kiddies. I have done this myself. Do notify the victimsystem
> as a courtesy.
>
> Rob
>
> /------------------------------------------/
> Robert Zachary
> Analyst
> Information Security
> Tandy Information Services
> 817.415.0675
> [EMAIL PROTECTED]
>
> > -----Original Message-----
> > From: Gary McIntyre [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, January 21, 2000 2:12 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Netbus ?
> >
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> > your message to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help
> > with any problems!
> > --------------------------------------------------------------
> > --------------
> >
> >
> > It certainly looks that way. I know of no legitimate
> > applications which
> > hold port 12345 open for sessions, besides NetBus. Have you
> > informed the
> > various victims of the problem?
> >
> > Gary McIntyre
> > Network Consultant
> > LGS Group Inc.
> > [EMAIL PROTECTED]
> >
> > This user's PGP Public Keys can be
> > obtained from certserver.pgp.com
> >
> > ----- Original Message -----
> > From: "Data_surge <[EMAIL PROTECTED]>@LGS"
> > <IMCEANOTES-Data+5Fsurge+20+3CGn0+40datasurge+2Ecom+3E+40LGS@e
> > -commerce.com>
> > To: "[EMAIL PROTECTED]"
> > <[EMAIL PROTECTED]>
> > Sent: Friday, January 21, 2000 2:40 PM
> > Subject: Netbus ?
> >
> >
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> > your message
> > to
> > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for
> help with any
> > > problems!
> > >
> > --------------------------------------------------------------
> > ------------
> > --
> > >
> > > Hey there all,
> > > Lately i have been scanning a number of host for record
> > purposes, and on a
> > > number of large isp and e-commerce sites i have found a
> > port open for
> > netbus
> > > the
> > > port is 12345 i did not beleive it at first and got my
> > port listing docs
> > > out
> > > to verify that it was something elese and on both counts
> it came up
> > > unverified.
> > > I can say safley say that the largest isp in my country has
> > been ifected
> > > with
> > > netbus. Here is one of the logs.
> > > Starting nmap V. 2.3BETA13 by [EMAIL PROTECTED]
> > ( www.insecure.org/nmap/ )
> > > Interesting ports on the url ? (a ip:0)
> > > Port State Protocol Service
> > > 21 open tcp ftp
> > > 22 open tcp ssh
> > > 23 open tcp telnet
> > > 25 open tcp smtp
> > > 53 open tcp domain
> > > 80 open tcp http
> > > 110 open tcp pop-3
> > > 111 open tcp sunrpc
> > > 443 open tcp https
> > > 12345 open tcp NetBus
> > >
> > > TCP Sequence Prediction: Class=random positive increments
> > > Difficulty=34403 (Worthy challenge)
> > > Remote operating system guess: FreeBSD 2.2.1 - 3.2
> > >
> > > Nmap run completed -- 1 IP address (1 host up) scanned in
> 65 seconds
> > >
> > >
> >
> >
> >
> >
>
>
