TCP port 12345 is one of two ports (the other is TCP port 12346) used by
NetBus.
NetBus is a hackers utility that offers the ability to remotely control
Windows 95, 98 and NT PC's, and it would appear that your subnet was
"scanned" by a remote user (hacker) to see if any PC's had the server
portion of this trojan installed. If any PC's had, then the remote user
would use the client portion of NetBus to attach to the server portion. If a
connection were to be established, then it could provide equal control of
that PC...
If interested in learning more about how to detect and remove NetBus, Back
Orifice, Master's Paradise, Sokets de' Troie, etc. Please consider visiting
"Threats to your security on the Internet", which can be found at
http://www.commodon.com/threat
Best Regards, Donald Kelloway
http://www.commodon.com
----- Original Message -----
From: Evan Brastow <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 08, 1999 8:22 AM
Subject: Yikes... was this an attack of some sort?
> Looking at my firewall logs from last night, I noticed something I hadn't
> seen before. An address (ri-1tnt105.efortress.com) essentially tried to
get
> through to my entire IP range (sequentially) - every computer on it. The
> service was listed as 12345 and the port as 11111. Protocol was TCP. My
> firewall dropped all of these packets, but nonetheless, that's scary. Was
> this some kind of probe?
>
> Thanks muchly,
>
> Evan
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
