TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Probably,...the same reason that when I informed a major US ISP that they
were vulnerable to the RDS (Rain Forest Puppy) hack they had no clue what a
RDS hack was an politely told me to mind my own business. This was over a
month ago, and they are still vulnerable. They either don't have the
knowledge or manpower to deal with security and irate customers who want to
know why their 56k modem is only pushing 28k.
Timothy R Singletary
Sr. Computer Analyst
MCSE/MCP-I
PRC/Rome Labs
-----Original Message-----
From: Bill Fox [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 22, 2000 9:22 PM
To: [EMAIL PROTECTED]
Cc: Robert Zachary
Subject: Re: Netbus ?
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Juz curious... :). Why would a major ISP even WANT to 'lure' script kiddies
(except maybe to a 'honeypot' or such..)? Seems to me they have enough
problems with 'em as it is...? BTW, I've also noticed open ports on Netbus
12345 & 12346 on major ISP's SMTP servers. I notified their NOC's a month
or so ago, but haven't heard a thing back, and the ports are still active.
Interesting... I know some sysadmins run BackOrifice as a remote admin
tool, but I haven't heard of Netbus for this purpose.
--Bill
----- Original Message -----
From: "Robert Zachary" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 21, 2000 1:44 PM
Subject: RE: Netbus ?
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Keep in mind that they may be also running this as a daemon to lure script
kiddies. I have done this myself. Do notify the victimsystem as a courtesy.
Rob
/------------------------------------------/
Robert Zachary
Analyst
Information Security
Tandy Information Services
817.415.0675
[EMAIL PROTECTED]
> -----Original Message-----
> From: Gary McIntyre [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 21, 2000 2:12 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Netbus ?
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help
> with any problems!
> --------------------------------------------------------------
> --------------
>
>
> It certainly looks that way. I know of no legitimate
> applications which
> hold port 12345 open for sessions, besides NetBus. Have you
> informed the
> various victims of the problem?
>
> Gary McIntyre
> Network Consultant
> LGS Group Inc.
> [EMAIL PROTECTED]
>
> This user's PGP Public Keys can be
> obtained from certserver.pgp.com
>
> ----- Original Message -----
> From: "Data_surge <[EMAIL PROTECTED]>@LGS"
> <IMCEANOTES-Data+5Fsurge+20+3CGn0+40datasurge+2Ecom+3E+40LGS@e
> -commerce.com>
> To: "[EMAIL PROTECTED]"
> <[EMAIL PROTECTED]>
> Sent: Friday, January 21, 2000 2:40 PM
> Subject: Netbus ?
>
>
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message
> to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> > problems!
> >
> --------------------------------------------------------------
> ------------
> --
> >
> > Hey there all,
> > Lately i have been scanning a number of host for record
> purposes, and on a
> > number of large isp and e-commerce sites i have found a
> port open for
> netbus
> > the
> > port is 12345 i did not beleive it at first and got my
> port listing docs
> > out
> > to verify that it was something elese and on both counts it came up
> > unverified.
> > I can say safley say that the largest isp in my country has
> been ifected
> > with
> > netbus. Here is one of the logs.
> > Starting nmap V. 2.3BETA13 by [EMAIL PROTECTED]
> ( www.insecure.org/nmap/ )
> > Interesting ports on the url ? (a ip:0)
> > Port State Protocol Service
> > 21 open tcp ftp
> > 22 open tcp ssh
> > 23 open tcp telnet
> > 25 open tcp smtp
> > 53 open tcp domain
> > 80 open tcp http
> > 110 open tcp pop-3
> > 111 open tcp sunrpc
> > 443 open tcp https
> > 12345 open tcp NetBus
> >
> > TCP Sequence Prediction: Class=random positive increments
> > Difficulty=34403 (Worthy challenge)
> > Remote operating system guess: FreeBSD 2.2.1 - 3.2
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 65 seconds
> >
> >
>
>
>
>
