OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: "port 12345"
From: David Carrick (fuzzyLOD.COM)
Date: Tue Aug 08 2000 - 21:14:19 CDT

port 12345 is the netbust port , its Win9x backdoor much like back orifice.

vamp wrote:

> I am getting the same thing. I have been able to resolve most of the
> ip's, but my question is: Why port 12345?
>
> On Tue, 8 Aug 2000, Omar Armas Aleman wrote:
>
> > Since last week I've received a lot of crack attacks, I have tons of logs
> > like this:
> >
> > Aug 6 00:58:10 linux portsentry[840]: attackalert: Connect from host:
> > 210.114.140.177/210.114.140.177 to TCP port: 12345
> > A
> >
> >
> > from different ip's. Right know I'm blocking it with portsentry, and I'm
> > about to install snort.
> > I have two questions:
> >
> > 1.- How can I find who wants to hack me? I did "host", "nslookup" and
> > "traceroute", but can't reach source ip's. How can I find who's
> > responsable of the network from which the attack originated?
> >
> > 2.- I have locked all inet ports(except http, ftp and ssh), installed
> > logsentry, hostsentry and logcheck and I'm about to install snort, what
> > more do you recommend to have a secure machine? (I refer to monitoring
> > tools)
> >
> > --
> >
> > Omar
> >
>
> --
>
> ^o^ Vampire ^o^
> ^o^
>
> Censorship rests on the child's delusion that
> "If I shut my eyes so I can't see it, it isn't there".
>
> ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^
> ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^
>
> email: allgoodphysics.ucsc.edu Tele: (1) 831-251-0667
> web: http://physics.ucsc.edu/~allgood/
>
> snail mail: UCSC, Physics Dept.
> Santa Cruz, CA 95064
> USA
>
> ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^ ^o^