Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] port 12345
From: Bowman James <BowmanJ () TCE COM>
Date: Tue, 3 Oct 2000 08:11:35 -0500
I believe Trend Micro's Officescan anti-virus software agent listens on this
port also.

-James-

-----Original Message-----
From: Tonick, Mike [mailto:Mike.Tonick () PS NET]
Sent: Monday, October 02, 2000 4:49 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] port 12345


Justin,

There are at latest count 11 Trojans that are native to port 12345.  For a
complete list see the following URL:

http://www.simovits.com/nyheter9902.html

Regards,

Mike

-----Original Message-----
From: Justin Funke [mailto:jfunke () CENDIUM COM]
Sent: Monday, October 02, 2000 1:46 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: port 12345


Has anyone seen the Netbus trojan ported to a Novell server?

Is it possible the gateway server is forwarding the port from an
internally affected machine?

I can see the port open but filtered on a friend's network but we cannot
find why it is showing up. There is no IDS software emulating a honeypot
so something must be infected somewhere on the internal WAN. A full scan
of the internal network shows no infected machines.

Thanks,

Justin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]