Skip site navigation (1)Skip section navigation (2)
Date:      3 Oct 2000 14:08:42 GMT
From:      Alex Prohorenko <white@alkar.net>
To:        freebsd-security@freebsd.org
Subject:   Re: Script kiddies and port 12345
Message-ID:  <8rcp9a$25rd$1@pandora.alkar.net>
References:  <200010031402.e93E29p53594@bloop.craftncomp.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Hocking <shocking@houston.rr.com> wrote:
> After a couple of weeks of probing 139, the little darlings are now hammering 
> on 12345 - anybody have an idea of what hole this is? Another backdoor?

That's a default NetBus port.  Also 12346 is used.  NetBus is a Windows
Remote Administration Tool (as author calls it), or, in simple words -
Windows Trojan :>

-- 
Alexander Prohorenko,
Alkar Teleport



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8rcp9a$25rd$1>