[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Port 12345?

Lo, on , November 28, Willy Lee did write:

> "Robert" == Robert Waldner <Waldner@KPNQwest.at> writes:
> > On Tue, 28 Nov 2000 00:51:09 +0100, Svante Signell writes:
> >> Anyone knows what port 12345TCP is used for and which OSes are
> >> vulnerable?
> > 12345 is NetBus (according to www.snort.org), vulnerable is
> > everything where NetBus runs ;-) eg WinEverything>=95
> > <portscans>
> >> Note: I am on a dial-up connection. For you with fixed network
> >> access, how often do this happen, a few times a day?
> >10-15/week.
> > cheers, &rw
> How can I tell when I am being portscanned?  Is there an appropriate
> selection of Debian packages for this?

As someone else said, you can often see it in your system logs---IF you
have your kernel configured with IP firewalling AND if you have your
firewall definition set to log blocked packets.  For the 2.2 kernel series,
see the ipchains(8) manpage.

The only dedicated software package that I know of for this sort of thing
is PortSentry, at http://www.psionic.com/abacus/portsentry/ (or do a
FreshMeat search), but it's only distributed as a tarball, not as a Debian


Reply to: