TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
First off, there is no version of Netbus that has been ported to UNIX. If
Netbus servers are found "in the wild", telnet to the specified port. If
the host is truly infected, a banner of the Netbus server is displayed.(ONLY
WINDOWS!). Intruders that find a box with the Netbus server listening(or
pretending to be) will make sure of the OS to avoid potential logging of
his/her activities.
> ----------
> From: D B[SMTP:[EMAIL PROTECTED]]
> Sent: Friday, January 21, 2000 5:25 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Netbus ?
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> Is there even a unix version for Netbus. Last time I checked it was only
> for
> Winhoes...sorry windows...
>
>
> >From: Robert Zachary <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: RE: Netbus ?
> >Date: Fri, 21 Jan 2000 15:44:39 -0600
> >
> >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> >problems!
> >-------------------------------------------------------------------------
> ---
> >
> >Keep in mind that they may be also running this as a daemon to lure
> script
> >kiddies. I have done this myself. Do notify the victimsystem as a
> >courtesy.
> >
> >Rob
> >
> >/------------------------------------------/
> >Robert Zachary
> >Analyst
> >Information Security
> >Tandy Information Services
> >817.415.0675
> >[EMAIL PROTECTED]
> >
> > > -----Original Message-----
> > > From: Gary McIntyre [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, January 21, 2000 2:12 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Netbus ?
> > >
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> > > your message to
> > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help
> > > with any problems!
> > > --------------------------------------------------------------
> > > --------------
> > >
> > >
> > > It certainly looks that way. I know of no legitimate
> > > applications which
> > > hold port 12345 open for sessions, besides NetBus. Have you
> > > informed the
> > > various victims of the problem?
> > >
> > > Gary McIntyre
> > > Network Consultant
> > > LGS Group Inc.
> > > [EMAIL PROTECTED]
> > >
> > > This user's PGP Public Keys can be
> > > obtained from certserver.pgp.com
> > >
> > > ----- Original Message -----
> > > From: "Data_surge <[EMAIL PROTECTED]>@LGS"
> > > <IMCEANOTES-Data+5Fsurge+20+3CGn0+40datasurge+2Ecom+3E+40LGS@e
> > > -commerce.com>
> > > To: "[EMAIL PROTECTED]"
> > > <[EMAIL PROTECTED]>
> > > Sent: Friday, January 21, 2000 2:40 PM
> > > Subject: Netbus ?
> > >
> > >
> > > >
> > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> > > your message
> > > to
> > > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> > > > problems!
> > > >
> > > --------------------------------------------------------------
> > > ------------
> > > --
> > > >
> > > > Hey there all,
> > > > Lately i have been scanning a number of host for record
> > > purposes, and on a
> > > > number of large isp and e-commerce sites i have found a
> > > port open for
> > > netbus
> > > > the
> > > > port is 12345 i did not beleive it at first and got my
> > > port listing docs
> > > > out
> > > > to verify that it was something elese and on both counts it came up
> > > > unverified.
> > > > I can say safley say that the largest isp in my country has
> > > been ifected
> > > > with
> > > > netbus. Here is one of the logs.
> > > > Starting nmap V. 2.3BETA13 by [EMAIL PROTECTED]
> > > ( www.insecure.org/nmap/ )
> > > > Interesting ports on the url ? (a ip:0)
> > > > Port State Protocol Service
> > > > 21 open tcp ftp
> > > > 22 open tcp ssh
> > > > 23 open tcp telnet
> > > > 25 open tcp smtp
> > > > 53 open tcp domain
> > > > 80 open tcp http
> > > > 110 open tcp pop-3
> > > > 111 open tcp sunrpc
> > > > 443 open tcp https
> > > > 12345 open tcp NetBus
> > > >
> > > > TCP Sequence Prediction: Class=random positive increments
> > > > Difficulty=34403 (Worthy challenge)
> > > > Remote operating system guess: FreeBSD 2.2.1 - 3.2
> > > >
> > > > Nmap run completed -- 1 IP address (1 host up) scanned in 65 seconds
> > > >
> > > >
> > >
> > >
> > >
> > >
> >
> >
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
>
>
