Firewall Wizards mailing list archives

Re: BO, netbus and so on...

From: "S. Jonah Pressman" <jonah () istar ca>
Date: Sat, 01 May 1999 22:34:37 -0400

Marcelo:

From my statistics and work in the area, it seems that BO is the

favourite of North American kids whereas NetBus is still the favourite
of the Europeans - and, yes, the numbers and inferred ratios is very
much in line with my research.

Remember, Marcelo, with the newest vesion of NetBus, the perpetrator the
port is not necesarily limited to tcp/12345 but is user defineable. 
Stay atop the underground literature and adjust your security tactics
accordingly.

Best Regards,
Jonah

Marcelo M. Sosa Lugones wrote:


Hello,

These are some statics of NetBus/BO attacks from one of my border routers:

Extended IP access list incoming-1
    deny tcp any any eq 12345 (38540 matches)
    deny udp any any eq 31337 (125587 matches)
    deny ip 10.0.0.0 0.255.255.255 any (3849 matches)
    deny ip 172.16.0.0 0.15.255.255 any (2567 matches)
    deny ip 192.168.0.0 0.0.255.255 any (10138 matches)
    permit ip any any (93917505 matches)

isn't it so much BO out there? is it normal?

regards,

-=marcelo=-
Marcelo M. Sosa Lugones


-- 
        __                  __  
       / /___  ____  ____ _/ /_      S. Jonah Pressman
  __  / / __ \/ __ \/ __ `/ __ \     Project Manager, TD TCDFM
 / /_/ / /_/ / / / / /_/ / / / /     BCE Emergis Inc.
 \____/\____/_/ /_/\__,_/_/ /_/      Financial Services
_______________________________      Markham, Ontario, Canada

---------------- Home is where you hang your @ ---------------

Current thread:

Re: BO, netbus and so on... S. Jonah Pressman (May 03)
- <Possible follow-ups>
- Re: BO, netbus and so on... Robert Graham (May 04)
  - Re: BO, netbus and so on... Marcus J. Ranum (May 05)