From owner-freebsd-security Tue Oct 3 7:12:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from nexus.newsouth.net (nexus.newsouth.net [64.90.1.66]) by hub.freebsd.org (Postfix) with ESMTP id 55BD537B503 for ; Tue, 3 Oct 2000 07:12:24 -0700 (PDT) Received: from localhost (michael@localhost) by nexus.newsouth.net (8.10.1/8.10.1) with ESMTP id e93ECDO17318; Tue, 3 Oct 2000 10:12:13 -0400 (EDT) Date: Tue, 3 Oct 2000 10:12:13 -0400 (EDT) From: Michael Williams X-Sender: michael@nexus.newsouth.net To: Stephen Hocking Cc: security@freebsd.org Subject: Re: Script kiddies and port 12345 In-Reply-To: <200010031402.e93E29p53594@bloop.craftncomp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? Well, if they're probing 139 and 12345, I would assume they're looking for NT machines that have Server Management System installed on 'em (or an old version of NetBus, since that's what a couple of scanners I've used have defaulted to for a description of port 12345). SMS is a remote administration tool for NT machines; I don't know of any specific vulnerabilities in the current version, but I would love to be corrected if I'm wrong. Regards, Michael Williams NewSouth Communications -- IP Security Team To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message