Date: Tue, 3 Oct 2000 16:17:04 +0200 (SAST) From: Justin Stanford <jus@security.za.net> To: Michael Williams <mgwilliams@newsouth.com> Cc: Stephen Hocking <shocking@houston.rr.com>, security@freebsd.org Subject: Re: Script kiddies and port 12345 Message-ID: <Pine.BSF.4.21.0010031616210.71067-100000@fyre.somcol.co.za> In-Reply-To: <Pine.GSO.4.21.0010031007400.15231-100000@nexus.newsouth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
More than likely they are just looking for open shares on the SMB port (139) and netbus servers on port 12345 - this is more within the reach and ability of the average kiddie and is as common and occurence as dried fruit :-) Regards, jus On Tue, 3 Oct 2000, Michael Williams wrote: > > On Tue, 3 Oct 2000, Stephen Hocking wrote: > > > After a couple of weeks of probing 139, the little darlings are now hammering > > on 12345 - anybody have an idea of what hole this is? Another backdoor? > > Well, if they're probing 139 and 12345, I would assume they're looking for > NT machines that have Server Management System installed on 'em (or an old > version of NetBus, since that's what a couple of scanners I've used have > defaulted to for a description of port 12345). SMS is a remote > administration tool for NT machines; I don't know of any specific > vulnerabilities in the current version, but I would love to be corrected > if I'm wrong. > > Regards, > Michael Williams > NewSouth Communications -- IP Security Team > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010031616210.71067-100000>