From owner-freebsd-security Tue Oct 3 7:35:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id EC4F037B503 for ; Tue, 3 Oct 2000 07:35:49 -0700 (PDT) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id RNT23334 for freebsd-security@freebsd.org; Tue, 3 Oct 2000 17:35:43 +0300 (envelope-from white@alkar.net) From: Alex Prohorenko To: freebsd-security@freebsd.org Subject: Re: Script kiddies and port 12345 Date: 3 Oct 2000 14:08:42 GMT Organization: Alkar-Teleport News server Message-ID: <8rcp9a$25rd$1@pandora.alkar.net> References: <200010031402.e93E29p53594@bloop.craftncomp.com> User-Agent: tin/1.5.6-20000803 ("Dust") (UNIX) (FreeBSD/3.5-STABLE (i386)) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? That's a default NetBus port. Also 12346 is used. NetBus is a Windows Remote Administration Tool (as author calls it), or, in simple words - Windows Trojan :> -- Alexander Prohorenko, Alkar Teleport To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message