From owner-freebsd-security  Sun Oct 10 15:40: 8 1999
Delivered-To: freebsd-security@freebsd.org
Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20])
	by hub.freebsd.org (Postfix) with ESMTP id 8446814E72
	for <freebsd-security@FreeBSD.ORG>; Sun, 10 Oct 1999 15:39:44 -0700 (PDT)
	(envelope-from brooks@one-eyed-alien.net)
Received: from localhost (brdavis@localhost)
	by orion.ac.hmc.edu (8.8.8/8.8.8) with ESMTP id PAA08864;
	Sun, 10 Oct 1999 15:39:38 -0700 (PDT)
X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs
Date: Sun, 10 Oct 1999 15:39:37 -0700 (PDT)
From: Brooks Davis <brooks@one-eyed-alien.net>
X-Sender: brdavis@orion.ac.hmc.edu
To: "Nicole H." <nicole@unixgirl.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: scanning of port 12345
In-Reply-To: <XFMail.991010142341.nicole@unixgirl.com>
Message-ID: <Pine.GSO.4.10.9910101538390.28009-100000@orion.ac.hmc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 10 Oct 1999, Nicole H. wrote:

>  Why on earth would someone be scanning port 12345?  Is this a new backdoor
> port?
>    
> Oct 10 02:25:26 krell portsentry[14796]: attackalert: Connect from host:
> 195.235.210.171/195.235.210.171 to TCP port: 12345

That's the default port for netbus, a BackOriface like tool (the only real
difference is that it's shareware instead of free).

--Brooks



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message