TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Grin. That is the one thing I like about forums: quick corrections.
The many comments are quite right: I had neglected to mention the
possibility that the ISP was using a tracking daemon to watch for attempts
to connect to port 12345. It is a wise practice, and I wouldn't be too
surprised if that was the case. Even in that case, it would be prudent to
mention it to the owner. At very least, it would identify the scanner as
benevolent.
They are also correct about Netbus. It is Windows-specific and has not (to
my knowledge) been ported to Unix-based OSs. However, I have never found
the OS guessing routines to be very reliable. If the ISP has set up
portscan logging, it is just as likely that the OS type is being obscured.
Gary McIntyre
Network Consultant
LGS Group Inc.
[EMAIL PROTECTED]
This user's PGP Public Keys can be
obtained from certserver.pgp.com
----- Original Message -----
From: ""William Salusky" <[EMAIL PROTECTED]>@LGS"
<IMCEANOTES-+22William+20Salusky+22+20+3Csaluskyw+40ebalance+2Ecom+3E+40LGS@
e-commerce.com>
To: "Gary McIntyre" <[EMAIL PROTECTED]>; "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]>
Sent: Tuesday, January 25, 2000 1:32 PM
Subject: RE: Netbus ?
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
--
>
> FYI,
>
> There is one software package out there that installs deamon listeners
with
> a default of 12345(which is unfortunate). It is access control software
> called 'Power Broker' by Symark corp.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Gary McIntyre
> Sent: Friday, January 21, 2000 12:12 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Netbus ?
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
--
>
>
> It certainly looks that way. I know of no legitimate applications which
> hold port 12345 open for sessions, besides NetBus. Have you informed the
> various victims of the problem?
>
> Gary McIntyre
> Network Consultant
> LGS Group Inc.
> [EMAIL PROTECTED]
>
> This user's PGP Public Keys can be
> obtained from certserver.pgp.com
>
> ----- Original Message -----
> From: "Data_surge <[EMAIL PROTECTED]>@LGS"
>
<[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Sent: Friday, January 21, 2000 2:40 PM
> Subject: Netbus ?
>
>
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> > problems!
>
> --------------------------------------------------------------------------
> --
> >
> > Hey there all,
> > Lately i have been scanning a number of host for record purposes, and on
a
> > number of large isp and e-commerce sites i have found a port open for
> netbus
> > the
> > port is 12345 i did not beleive it at first and got my port listing
docs
> > out
> > to verify that it was something elese and on both counts it came up
> > unverified.
> > I can say safley say that the largest isp in my country has been ifected
> > with
> > netbus. Here is one of the logs.
> > Starting nmap V. 2.3BETA13 by [EMAIL PROTECTED]
> ( www.insecure.org/nmap/ )
> > Interesting ports on the url ? (a ip:0)
> > Port State Protocol Service
> > 21 open tcp ftp
> > 22 open tcp ssh
> > 23 open tcp telnet
> > 25 open tcp smtp
> > 53 open tcp domain
> > 80 open tcp http
> > 110 open tcp pop-3
> > 111 open tcp sunrpc
> > 443 open tcp https
> > 12345 open tcp NetBus
> >
> > TCP Sequence Prediction: Class=random positive increments
> > Difficulty=34403 (Worthy challenge)
> > Remote operating system guess: FreeBSD 2.2.1 - 3.2
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 65 seconds
> >
> >
>
>
>
>
>
