Security Incidents mailing list archives
Re: Ports 12345, 5742 and 20034
From: genex69 () HOTMAIL COM (Andy David)
Date: Mon, 10 Jan 2000 23:01:31 CST
12345 is a Netbus scan. 5742 is a scan for WinCrash. and finally..... 20034 is a NetBus 2 Pro scan.... Hope this helps... Andrew David genex () k--rad com
From: Artur Nowak <Artur.Nowak-incidents () WODIP OPOLE PL> Reply-To: Artur Nowak <Artur.Nowak-incidents () WODIP OPOLE PL> To: INCIDENTS () SECURITYFOCUS COM Subject: Ports 12345, 5742 and 20034 Date: Sat, 8 Jan 2000 22:58:53 +0100 MIME-Version: 1.0 Received: from [207.126.127.68] by hotmail.com (3.2) with ESMTP id MHotMailBA43F7820087D82197AECF7E7F44A8E60; Mon Jan 10 20:07:31 2000 Received: from lists.securityfocus.com (lists.securityfocus.com [207.126.127.68])by lists.securityfocus.com (Postfix) with ESMTPid 933121F01D; Mon, 10 Jan 2000 20:00:25 -0800 (PST) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 2190807 for INCIDENTS () LISTS SECURITYFOCUS COM; Mon, 10 Jan 2000 20:00:20 -0800 Received: from securityfocus.com (securityfocus.com [207.126.127.66]) by lists.securityfocus.com (Postfix) with SMTP id 9D10A1EE97 for <incidents () lists securityfocus com>; Sun, 9 Jan 2000 04:20:14 -0800 (PST) Received: (qmail 7453 invoked by alias); 9 Jan 2000 12:20:14 -0000 Received: (qmail 7450 invoked from network); 9 Jan 2000 12:20:13 -0000 Received: from piast.wodip.opole.pl (HELO wodip.opole.pl) (212.244.78.65) by securityfocus.com with SMTP; 9 Jan 2000 12:20:13 -0000 Received: (qmail 29077 invoked from network); 8 Jan 2000 22:53:16 -0000 Received: from pc2.dialin.wodip.opole.pl (HELO anowak.priv.pl) (192.168.250.2) by piast.wodip.opole.pl with SMTP; 8 Jan 2000 22:53:16 -0000 Received: (qmail 1992 invoked by uid 500); 8 Jan 2000 21:58:53 -0000 From owner-incidents () SECURITYFOCUS COM Mon Jan 10 20:11:49 2000 Approved-By: aleph1 () SECURITYFOCUS COM Delivered-To: incidents () lists securityfocus com Delivered-To: INCIDENTS () SECURITYFOCUS COM Message-ID: <Pine.LNX.4.21.0001082254210.1978-100000 () firewall anowak priv pl> Sender: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM> X-To: INCIDENTS () SECURITYFOCUS COM Hi for all! Today I saw many probes of connections to three ports. I know that on the port 12345 usually is a trojan, but what someone try to find on the other ports? Thanks for any help. Jan 8 10:44:02 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:02 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:02 last message repeated 3 times Jan 8 10:44:04 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:05 TCP: socks connection attempt from mb-u03ip006.mbnet.fi:4603 Jan 8 10:44:05 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:05 TCP: port 20034 connection attempt from mb-u03ip006.mbnet.fi:4604 Jan 8 10:44:08 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:08 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:08 TCP: port 20034 connection attempt from mb-u03ip006.mbnet.fi:4604 Jan 8 10:44:11 TCP: port 12345 connection attempt from mb-u03ip006.mbnet.fi:4602 Jan 8 10:44:11 TCP: port 5742 connection attempt from mb-u03ip006.mbnet.fi:4605 Jan 8 10:44:11 TCP: port 20034 connection attempt from mb-u03ip006.mbnet.fi:4604 Jan 8 10:44:21 TCP: socks connection attempt from mb-u03ip006.mbnet.fi:4603 -- Artur Nowak ==> mail anowak-pgp () wodip opole pl for PGP pub_key e-mail : anowak () wodip opole pl || anowak () polo po opole pl www : www.wodip.opole.pl/~anowak/ || polo.po.opole.pl/~anowak/ PGP: 0x7BCE3064 | CF14 7AF4 2A1B 485E B0B5 1261 F7A1 26D5 7BCE 3064
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Ports 12345, 5742 and 20034 Andy David (Jan 10)
- <Possible follow-ups>
- Re: Ports 12345, 5742 and 20034 Woods,Stan (Jan 11)