Snort mailing list archives

Re: port 12345

From: "J. Craig Woods" <drjung () sprynet com>
Date: Wed, 27 Mar 2002 16:31:57 -0600

"Sean T. Ballard" wrote:


Netbus is a well known and widely used windows trojan horse. That
traffic is probably someone scanning for hosts running default netbus
servers with null passwords. You should only worry if that traffics is
originating from your network or connecting to servers on your DMZ.

-Sean


Thanks to everyone for the great responses. Being more familiar with
UNIX/Linux, I guess this windows' trojan got by me (info that is, not
the actual bad boy itself). Must be great to pay so much to be so
vulnerable :-)

-- 
J. Craig Woods
UNIX/NT Network/System Administration

-Art is the illusion of spontaneity-

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

port 12345 Craig Woods (Mar 27)
- Re: port 12345 SAHUT Christophe (Mar 27)
- Re: port 12345 Blake Frantz (Mar 27)
- <Possible follow-ups>
- RE: port 12345 Fallon, Benjamin (Mar 27)
- RE: port 12345 Sean T. Ballard (Mar 27)
  - Re: port 12345 J. Craig Woods (Mar 27)
- RE: port 12345 Semerjian, Ohanes (Mar 27)