Penetration Testing mailing list archives
Re: [PEN-TEST] port 12345
From: Erik Tayler <erik () digitaloffense net>
Date: Mon, 2 Oct 2000 16:56:18 -0500
Hi Justin, I have never seen any Novell machines with NetBus, and to the best of my knowledge it has not been ported [however I don't keep up to date with the porting of NetBus]. I have experienced this before, and in many instances it just ended up to be a non-listening port that was filtered for no particular reason. Even stranger, the port will show up every other scan. But don't rule out NetBus. Instead of just scanning for infected machines, why not just attempt to connect with the NetBus client? Erik Tayler http://www.14x.net http://www.digitaloffense.net -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Justin Funke Sent: Monday, October 02, 2000 1:46 PM To: PEN-TEST () SECURITYFOCUS COM Subject: port 12345 Has anyone seen the Netbus trojan ported to a Novell server? Is it possible the gateway server is forwarding the port from an internally affected machine? I can see the port open but filtered on a friend's network but we cannot find why it is showing up. There is no IDS software emulating a honeypot so something must be infected somewhere on the internal WAN. A full scan of the internal network shows no infected machines. Thanks, Justin
Current thread:
- [PEN-TEST] port 12345 Justin Funke (Oct 02)
- Re: [PEN-TEST] port 12345 Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] port 12345 Tonick, Mike (Oct 02)
- Re: [PEN-TEST] port 12345 Craig, Scott (Oct 03)
- Re: [PEN-TEST] port 12345 Bowman James (Oct 03)