OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Script kiddies and port 12345
From: Justin Stanford (jussecurity.za.net)
Date: Tue Oct 03 2000 - 09:17:04 CDT

More than likely they are just looking for open shares on the SMB port
(139) and netbus servers on port 12345 - this is more within the reach and
ability of the average kiddie and is as common and occurence as dried
fruit :-)

Regards,
jus

On Tue, 3 Oct 2000, Michael Williams wrote:

>
> On Tue, 3 Oct 2000, Stephen Hocking wrote:
>
> > After a couple of weeks of probing 139, the little darlings are now hammering
> > on 12345 - anybody have an idea of what hole this is? Another backdoor?
>
> Well, if they're probing 139 and 12345, I would assume they're looking for
> NT machines that have Server Management System installed on 'em (or an old
> version of NetBus, since that's what a couple of scanners I've used have
> defaulted to for a description of port 12345). SMS is a remote
> administration tool for NT machines; I don't know of any specific
> vulnerabilities in the current version, but I would love to be corrected
> if I'm wrong.
>
> Regards,
> Michael Williams
> NewSouth Communications -- IP Security Team
>
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message