** Reply to message from Edward Dekkers <[EMAIL PROTECTED]> on Fri, 21 Dec
2001 08:35:41 +0800
> Have been getting a lot of Active System attacks on this port lately. It is
> not listed in my /etc/services.
>
> Does anyone know what uses this port? Or point me in the direction to find
> out?
On 21-Dec-01 Edward Dekkers wrote:
> Have been getting a lot of Active System attacks on this port lately. It is
> not listed in my /etc/services.
>
> Does anyone know what uses this port? Or point me in the direction to find
> out?
>
--
I get the same thing - I use PortSentry, whi
direction to
> find out?
It's a fairly popular trojan port. According to:
http://www.simovits.com/trojans/trojans.html
It is used by (at least) the following trojan programs:
port 12345: Adore sshd, Ashley, cron / crontab, Fat Bitch trojan,
GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus
Have been getting a lot of Active System attacks on this port lately. It is
not listed in my /etc/services.
Does anyone know what uses this port? Or point me in the direction to find
out?
TIA
--
Edward Dekkers (Director)
Triple D Computer Services Pty. Ltd.
822 Rowley Road
Oakford W.A. 6121
+61
attackalert: Connect from host:
WB> 1Cust163.tnt1.anchorage.ak.da.uu.net/63.28.217.163 to TCP port: 12345
WB> Dec 22 01:08:12 home portsentry[812]: attackalert: Host 63.28.217.163
WB> has been blocked via wrappers with string: "ALL: 63.28.217.163"
WB> Dec 22 01:08:12 home portsentr
On Wed, Dec 22, 1999 at 12:41:17PM -0800, Todd A. Jacobs wrote:
| On Wed, 22 Dec 1999, WH Bouterse wrote:
| > Dec 22 01:08:12 home portsentry[812]: attackalert: Connect from host:
| > 1Cust163.tnt1.anchorage.ak.da.uu.net/63.28.217.163 to TCP port: 12345
| This is a NetBus attack. [Tell
On Wed, 22 Dec 1999, WH Bouterse wrote:
> Dec 22 01:08:12 home portsentry[812]: attackalert: Connect from host:
> 1Cust163.tnt1.anchorage.ak.da.uu.net/63.28.217.163 to TCP port: 12345
This is a NetBus attack. Send your logs and your timezone to
[EMAIL PROTECTED] to report the attack ASA
At 10:05 AM 12/22/99 -0900, WH Bouterse wrote:
>[snip]
>Dec 22 01:08:12 home portsentry[812]: attackalert: Host 63.28.217.163
>has been blocked via dropped route using command: "/sbin/route add -host
>63.28.217.163 gw 333.444.555.666"
Minor note: I think you should pick a valid IP address that
Dec 22 01:08:12 home portsentry[812]: attackalert: Connect from host:
> 1Cust163.tnt1.anchorage.ak.da.uu.net/63.28.217.163 to TCP port: 12345
> Dec 22 01:08:12 home portsentry[812]: attackalert: Host 63.28.217.163
> has been blocked via wrappers with string: "ALL: 63.28.217.163"
&g
I don't recall anything that uses port 12345. Nonetheless, someone is port
scanning your machine. I would suggest send a notification to uu.net
[EMAIL PROTECTED] and report the incident. Include the log file entries and tell
them your time zones.
Sorry to say I have never been satisfied
I had been warned on this list some months back
to pay attenttion to attempted TCP connections
from "unknown individuals"
This morning I had:
Dec 22 01:08:12 home portsentry[812]: attackalert: Connect from host:
1Cust163.tnt1.anchorage.ak.da.uu.net/63.28.217.163 to TCP port: 12345
De
11 matches
Mail list logo
