Penetration Testing mailing list archives

Re: [PEN-TEST] port 12345

From: "Tonick, Mike" <Mike.Tonick () PS NET>
Date: Mon, 2 Oct 2000 16:49:01 -0500

Justin,

There are at latest count 11 Trojans that are native to port 12345.  For a complete list see the following URL:

http://www.simovits.com/nyheter9902.html

Regards,

Mike

-----Original Message-----
From: Justin Funke [mailto:jfunke () CENDIUM COM]
Sent: Monday, October 02, 2000 1:46 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: port 12345


Has anyone seen the Netbus trojan ported to a Novell server?

Is it possible the gateway server is forwarding the port from an
internally affected machine?

I can see the port open but filtered on a friend's network but we cannot
find why it is showing up. There is no IDS software emulating a honeypot
so something must be infected somewhere on the internal WAN. A full scan
of the internal network shows no infected machines.

Thanks,

Justin

Current thread:

[PEN-TEST] port 12345 Justin Funke (Oct 02)
- Re: [PEN-TEST] port 12345 Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] port 12345 Tonick, Mike (Oct 02)
- Re: [PEN-TEST] port 12345 Craig, Scott (Oct 03)
- Re: [PEN-TEST] port 12345 Bowman James (Oct 03)