TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Not to resurrect a dead horse, but... In a recent discussion on this forum, it was mentioned that Netbus had not yet been ported to *nix. Well, never say never... You can now find a Linux-based Netbus client (compatible with Netbus v1.60) called lxnb by nuope. See http://ns2.crw.se/~tm or PacketStorm. Gary McIntyre Network Consultant LGS Group Inc. [EMAIL PROTECTED] This user's PGP Public Keys can be obtained from certserver.pgp.com ----- Original Message ----- From: "[EMAIL PROTECTED]@LGS" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>; "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>; "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Sent: Wednesday, January 26, 2000 10:16 AM Subject: RE: Netbus ? > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any > problems! > -------------------------------------------------------------------------- -- > > First off, there is no version of Netbus that has been ported to UNIX. If > Netbus servers are found "in the wild", telnet to the specified port. If > the host is truly infected, a banner of the Netbus server is displayed.(ONLY > WINDOWS!). Intruders that find a box with the Netbus server listening(or > pretending to be) will make sure of the OS to avoid potential logging of > his/her activities. > > > > > > ---------- > > From: D B[SMTP:[EMAIL PROTECTED]] > > Sent: Friday, January 21, 2000 5:25 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: Netbus ? > > > > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message > > to > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any > > problems! > > -------------------------------------------------------------------------- > > -- > > > > Is there even a unix version for Netbus. Last time I checked it was only > > for > > Winhoes...sorry windows... > > > > > > >From: Robert Zachary <[EMAIL PROTECTED]> > > >To: [EMAIL PROTECTED] > > >Subject: RE: Netbus ? > > >Date: Fri, 21 Jan 2000 15:44:39 -0600 > > > > > >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message > > to > > >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any > > >problems! > > >------------------------------------------------------------------------- > > --- > > > > > >Keep in mind that they may be also running this as a daemon to lure > > script > > >kiddies. I have done this myself. Do notify the victimsystem as a > > >courtesy. > > > > > >Rob > > > > > >/------------------------------------------/ > > >Robert Zachary > > >Analyst > > >Information Security > > >Tandy Information Services > > >817.415.0675 > > >[EMAIL PROTECTED] > > > > > > > -----Original Message----- > > > > From: Gary McIntyre [mailto:[EMAIL PROTECTED]] > > > > Sent: Friday, January 21, 2000 2:12 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: Netbus ? > > > > > > > > > > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of > > > > your message to > > > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help > > > > with any problems! > > > > -------------------------------------------------------------- > > > > -------------- > > > > > > > > > > > > It certainly looks that way. I know of no legitimate > > > > applications which > > > > hold port 12345 open for sessions, besides NetBus. Have you > > > > informed the > > > > various victims of the problem? > > > > > > > > Gary McIntyre > > > > Network Consultant > > > > LGS Group Inc. > > > > [EMAIL PROTECTED] > > > > > > > > This user's PGP Public Keys can be > > > > obtained from certserver.pgp.com > > > > > > > > ----- Original Message ----- > > > > From: "Data_surge <[EMAIL PROTECTED]>@LGS" > > > > <IMCEANOTES-Data+5Fsurge+20+3CGn0+40datasurge+2Ecom+3E+40LGS@e > > > > -commerce.com> > > > > To: "[EMAIL PROTECTED]" > > > > <[EMAIL PROTECTED]> > > > > Sent: Friday, January 21, 2000 2:40 PM > > > > Subject: Netbus ? > > > > > > > > > > > > > > > > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of > > > > your message > > > > to > > > > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any > > > > > problems! > > > > > > > > > -------------------------------------------------------------- > > > > ------------ > > > > -- > > > > > > > > > > Hey there all, > > > > > Lately i have been scanning a number of host for record > > > > purposes, and on a > > > > > number of large isp and e-commerce sites i have found a > > > > port open for > > > > netbus > > > > > the > > > > > port is 12345 i did not beleive it at first and got my > > > > port listing docs > > > > > out > > > > > to verify that it was something elese and on both counts it came up > > > > > unverified. > > > > > I can say safley say that the largest isp in my country has > > > > been ifected > > > > > with > > > > > netbus. Here is one of the logs. > > > > > Starting nmap V. 2.3BETA13 by [EMAIL PROTECTED] > > > > ( www.insecure.org/nmap/ ) > > > > > Interesting ports on the url ? (a ip:0) > > > > > Port State Protocol Service > > > > > 21 open tcp ftp > > > > > 22 open tcp ssh > > > > > 23 open tcp telnet > > > > > 25 open tcp smtp > > > > > 53 open tcp domain > > > > > 80 open tcp http > > > > > 110 open tcp pop-3 > > > > > 111 open tcp sunrpc > > > > > 443 open tcp https > > > > > 12345 open tcp NetBus > > > > > > > > > > TCP Sequence Prediction: Class=random positive increments > > > > > Difficulty=34403 (Worthy challenge) > > > > > Remote operating system guess: FreeBSD 2.2.1 - 3.2 > > > > > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 65 seconds > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________ > > Get Your Private, Free Email at http://www.hotmail.com > > > > > > > >
