|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Port 27374
From: Ken Pfeil (kpfeil
MIRADIANT.COM)Date: Fri Dec 22 2000 - 07:05:41 CST
- Next message: Mads Krog-Jensen: "IIS/NT logging"
- Previous message: Welsh, Armand: "Re: tcp wrappers"
- Maybe in reply to: bb: "Port 27374"
- Maybe reply: Ken Pfeil: "Re: Port 27374"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Also 12346, 12361 (WhackJob 1.7) and 20043 (Whackjob 2.0). Netbus 1.7 can be
disabled by a text file on the affected computer. Call it Access.txt and
enter an invalid IP address in it (256.x.x.x or any other characters alpha
or numeric for that matter..). This will at least buy you some additional
time to investigate the rest of the computer.
Best Regards,
Ken
Ken Pfeil
Chief Information Security Officer
Miradiant Global Network, Inc
kpfeil at miradiant.com
http://www.miradiant.com
15 Broad Street, 17th Fl.
New York, NY 10005
PGP Lookup:
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x3011C88A
"Of course my password is the same as my pet's name.
My dog's name was Q47pY!3$H9x, but I change it every 90 days."
-----Original Message-----
From: Talisker [mailto:TaliskerNETWORKINTRUSION.CO.UK]
Sent: Thursday, December 21, 2000 7:44 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: Port 27374
> Trojan server. NetBus, in particular.
> I seem to remember the first versions of NetBus had this as a default,
> unchangeable port.
> Also, this is considered to be a hackers "magic number", so maybe there
are
> other nifties out there that make use of this port.
Sorry to sound like someone who needs to get a life but isn't the default
port for Netbus 12345 ??
Andy
http://www.networkintrusion.co.uk
Talisker's Network Security Tools List
'''
(0 0)
----oOO----(_)----------
| The geek shall |
| Inherit the earth |
-----------------oOO----
|__|__|
|| ||
ooO Ooo
taliskernetworkintrusion.co.uk
The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.
----- Original Message -----
From: "Tal Hornstein" <TalhDISKAL.CO.IL>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Wednesday, December 20, 2000 2:07 PM
Subject: Re: Port 27374
> Trojan server. NetBus, in particular.
> I seem to remember the first versions of NetBus had this as a default,
> unchangeable port.
> Also, this is considered to be a hackers "magic number", so maybe there
are
> other nifties out there that make use of this port.
>
> T.
>
> ---> Tal Hornstein
> ----> IT Security Group Manager
> -----> Diskal Systems
>
>
> -----Original Message-----
> From: bb [mailto:bigbroGMX.CO.UK]
> Sent: Friday, December 15, 2000 10:46 PM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Port 27374
>
>
> Hi,
>
> Seems that a bunch of kids have learned that TCP port 27374 means
something
> and about 36 of them have scanned my machines in the last couple hours.
> Would anyone know what they're looking for? Is there some vulnerability
> with an app that normally sits there? Or are they looking for a trojan
> server?
>
> Tia.
>
> /bb
>
- Next message: Mads Krog-Jensen: "IIS/NT logging"
- Previous message: Welsh, Armand: "Re: tcp wrappers"
- Maybe in reply to: bb: "Port 27374"
- Maybe reply: Ken Pfeil: "Re: Port 27374"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]