From owner-freebsd-security Tue Oct 3 7: 5:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id AEE6E37B66C for ; Tue, 3 Oct 2000 07:05:38 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id QAA73764; Tue, 3 Oct 2000 16:05:23 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Tue, 3 Oct 2000 16:05:22 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Stephen Hocking Cc: security@freebsd.org Subject: Re: Script kiddies and port 12345 In-Reply-To: <200010031402.e93E29p53594@bloop.craftncomp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Heh.. that's netbus.. a Windows Trojan - they are probably scanning for open netbus servers. 12346 is also common. On Tue, 3 Oct 2000, Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? > > > > Stephen > -- > The views expressed above are not those of PGS Tensor. > > "We've heard that a million monkeys at a million keyboards could produce > the Complete Works of Shakespeare; now, thanks to the Internet, we know > this is not true." Robert Wilensky, University of California > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message