RE: port 12345

["Sean T. Ballard" <stballard () 4glschools com>]

Netbus is a well known and widely used windows trojan horse. That
traffic is probably someone scanning for hosts running default netbus
servers with null passwords. You should only worry if that traffics is
originating from your network or connecting to servers on your DMZ.

-Sean

-----Original Message-----
From: Blake Frantz [mailto:blake () mc net]
Sent: Wednesday, March 27, 2002 3:20 PM
To: Craig Woods
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] port 12345




try http://www.google.com/search?q=netbus



On Mon, 25 Mar 2002, Craig Woods wrote:

> I have done some checking, and will do some more but, in the
meanwhile, I was
> wondering if anyone has seen increased activity with regards to port
12345. The
> assigned service is something called NetBus. Does anyone have some
info on this 
> service and/or port or can they point me in the right direction? I am
seeing an
> increasing number of probes for port 12345.
>
> Thanks,
> Dr John,
> the night tripper
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users