Penetration Testing mailing list archives
Re: [PEN-TEST] port 12345
From: "Craig, Scott" <SCraig () KMART COM>
Date: Tue, 3 Oct 2000 07:45:15 -0400
Check to see if the Novell server is running an antivirus package such as TrendMicro Officescan. http://www.antivirus.com/products/osce/ They have a listener on port 12345 for receiving virus signature updates on each anti-virus client. Supported server platforms for this is: Servers: Windows NT (minimum required: 4.0 w/SP3), NetWare (minimum required: 3.12, 4.10, 4.11) -----Original Message----- From: Tonick, Mike [mailto:Mike.Tonick () PS NET] Sent: Monday, October 02, 2000 5:49 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] port 12345 Justin, There are at latest count 11 Trojans that are native to port 12345. For a complete list see the following URL: http://www.simovits.com/nyheter9902.html Regards, Mike -----Original Message----- From: Justin Funke [mailto:jfunke () CENDIUM COM] Sent: Monday, October 02, 2000 1:46 PM To: PEN-TEST () SECURITYFOCUS COM Subject: port 12345 Has anyone seen the Netbus trojan ported to a Novell server? Is it possible the gateway server is forwarding the port from an internally affected machine? I can see the port open but filtered on a friend's network but we cannot find why it is showing up. There is no IDS software emulating a honeypot so something must be infected somewhere on the internal WAN. A full scan of the internal network shows no infected machines. Thanks, Justin
Current thread:
- [PEN-TEST] port 12345 Justin Funke (Oct 02)
- Re: [PEN-TEST] port 12345 Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] port 12345 Tonick, Mike (Oct 02)
- Re: [PEN-TEST] port 12345 Craig, Scott (Oct 03)
- Re: [PEN-TEST] port 12345 Bowman James (Oct 03)