From owner-freebsd-security Sun Oct 10 17: 6:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 698D314FE7 for ; Sun, 10 Oct 1999 17:06:51 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1587 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sun, 10 Oct 1999 19:03:37 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Sun, 10 Oct 1999 19:03:36 -0500 (CDT) From: James Wyatt To: Brooks Davis Cc: "Nicole H." , freebsd-security@FreeBSD.ORG Subject: Re: scanning of port 12345 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Shareware hacking tool, what a concept if you think about it... (Yeah, can be used for good too, but most...) If you get into someone's machine with it, you have to send the password to the authors? A copy of the user's quicken files? You sign their name to the crack? My mind is reeling, but that ain't hard nowadays... Jy@ On Sun, 10 Oct 1999, Brooks Davis wrote: > On Sun, 10 Oct 1999, Nicole H. wrote: > > Why on earth would someone be scanning port 12345? Is this a new backdoor > > port? > > > > Oct 10 02:25:26 krell portsentry[14796]: attackalert: Connect from host: > > 195.235.210.171/195.235.210.171 to TCP port: 12345 > > That's the default port for netbus, a BackOriface like tool (the only real > difference is that it's shareware instead of free). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message