[PEN-TEST] port 12345

[Justin Funke <jfunke () CENDIUM COM>]

Has anyone seen the Netbus trojan ported to a Novell server?

Is it possible the gateway server is forwarding the port from an
internally affected machine?

I can see the port open but filtered on a friend's network but we cannot
find why it is showing up. There is no IDS software emulating a honeypot
so something must be infected somewhere on the internal WAN. A full scan
of the internal network shows no infected machines.

Thanks,

Justin