Security Incidents mailing list archives
Re: Ports 12345, 5742 and 20034
From: Stan.Woods () US GASES BOC COM (Woods,Stan)
Date: Tue, 11 Jan 2000 13:58:25 -0500
Symark's Power Builder daemon uses that port as well. Stan Woods mailto:stan.woods () us gases boc com -----Original Message----- From: Andy David [mailto:genex69 () HOTMAIL COM] Sent: Tuesday, January 11, 2000 12:02 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Ports 12345, 5742 and 20034 12345 is a Netbus scan. 5742 is a scan for WinCrash. and finally..... 20034 is a NetBus 2 Pro scan.... Hope this helps... Andrew David genex () k--rad com
From: Artur Nowak <Artur.Nowak-incidents () WODIP OPOLE PL> Reply-To: Artur Nowak <Artur.Nowak-incidents () WODIP OPOLE PL> To: INCIDENTS () SECURITYFOCUS COM Subject: Ports 12345, 5742 and 20034 Date: Sat, 8 Jan 2000 22:58:53 +0100 MIME-Version: 1.0 Received: from [207.126.127.68] by hotmail.com (3.2) with ESMTP id MHotMailBA43F7820087D82197AECF7E7F44A8E60; Mon Jan 10 20:07:31 2000 Received: from lists.securityfocus.com (lists.securityfocus.com [207.126.127.68])by lists.securityfocus.com (Postfix) with ESMTPid 933121F01D; Mon, 10 Jan 2000 20:00:25 -0800 (PST) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 2190807 for INCIDENTS () LISTS SECURITYFOCUS COM; Mon, 10 Jan 2000 20:00:20 -0800 Received: from securityfocus.com (securityfocus.com [207.126.127.66]) by lists.securityfocus.com (Postfix) with SMTP id 9D10A1EE97 for <incidents () lists securityfocus com>; Sun, 9 Jan 2000 04:20:14 -0800 (PST) Received: (qmail 7453 invoked by alias); 9 Jan 2000 12:20:14 -0000 Received: (qmail 7450 invoked from network); 9 Jan 2000 12:20:13 -0000 Received: from piast.wodip.opole.pl (HELO wodip.opole.pl) (212.244.78.65) by securityfocus.com with SMTP; 9 Jan 2000 12:20:13 -0000 Received: (qmail 29077 invoked from network); 8 Jan 2000 22:53:16 -0000 Received: from pc2.dialin.wodip.opole.pl (HELO anowak.priv.pl) (192.168.250.2) by piast.wodip.opole.pl with SMTP; 8 Jan 2000 22:53:16 -0000 Received: (qmail 1992 invoked by uid 500); 8 Jan 2000 21:58:53 -0000 From owner-incidents () SECURITYFOCUS COM Mon Jan 10 20:11:49 2000 Approved-By: aleph1 () SECURITYFOCUS COM Delivered-To: incidents () lists securityfocus com Delivered-To: INCIDENTS () SECURITYFOCUS COM Message-ID: <Pine.LNX.4.21.0001082254210.1978-100000 () firewall anowak priv pl> Sender: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM> X-To: INCIDENTS () SECURITYFOCUS COM Hi for all! Today I saw many probes of connections to three ports. I know that on the port 12345 usually is a trojan, but what someone try to find on the other ports? Thanks for any help. Jan 8 10:44:02 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:02 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:02 last message repeated 3 times Jan 8 10:44:04 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:05 TCP: socks connection attempt from mb-u03ip006.mbnet.fi:4603 Jan 8 10:44:05 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:05 TCP: port 20034 connection attempt from mb-u03ip006.mbnet.fi:4604 Jan 8 10:44:08 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:08 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:08 TCP: port 20034 connection attempt from mb-u03ip006.mbnet.fi:4604 Jan 8 10:44:11 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:11 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:11 TCP: port 20034 connection attempt from mb-u03ip006.mbnet.fi:4604 Jan 8 10:44:21 TCP: socks connection attempt from mb-u03ip006.mbnet.fi:4603 -- Artur Nowak ==> mail anowak-pgp () wodip opole pl for PGP pub_key e-mail : anowak () wodip opole pl || anowak () polo po opole pl www : www.wodip.opole.pl/~anowak/ || polo.po.opole.pl/~anowak/ PGP: 0x7BCE3064 | CF14 7AF4 2A1B 485E B0B5 1261 F7A1 26D5 7BCE 3064
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com ********************************************************************* This footnote confirms that this e-mail message has been scanned for the presence of known computer viruses by the Star Labs virus scanning service. However, it is still recommended that you use local virus scanning software to monitor for the presence of viruses. *********************************************************************
Current thread:
- Re: Ports 12345, 5742 and 20034 Andy David (Jan 10)
- <Possible follow-ups>
- Re: Ports 12345, 5742 and 20034 Woods,Stan (Jan 11)