Date: Tue, 3 Oct 2000 10:12:13 -0400 (EDT) From: Michael Williams <mgwilliams@newsouth.com> To: Stephen Hocking <shocking@houston.rr.com> Cc: security@freebsd.org Subject: Re: Script kiddies and port 12345 Message-ID: <Pine.GSO.4.21.0010031007400.15231-100000@nexus.newsouth.net> In-Reply-To: <200010031402.e93E29p53594@bloop.craftncomp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 3 Oct 2000, Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? Well, if they're probing 139 and 12345, I would assume they're looking for NT machines that have Server Management System installed on 'em (or an old version of NetBus, since that's what a couple of scanners I've used have defaulted to for a description of port 12345). SMS is a remote administration tool for NT machines; I don't know of any specific vulnerabilities in the current version, but I would love to be corrected if I'm wrong. Regards, Michael Williams NewSouth Communications -- IP Security Team To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0010031007400.15231-100000>