Re: Port 12345?

To: debian-user@lists.debian.org
Subject: Re: Port 12345?
From: Richard Cobbe <cobbe@directlink.net>
Date: Tue, 28 Nov 2000 17:27:45 -0600 (CST)
Message-id: <[🔎] 14884.16241.108479.253591@minbar.directlink.net>
In-reply-to: <[🔎] 87y9y4o1ko.fsf@jps.net>
References: <[🔎] 87y9y4o1ko.fsf@jps.net>

Lo, on , November 28, Willy Lee did write:

> "Robert" == Robert Waldner <Waldner@KPNQwest.at> writes:
> 
> > On Tue, 28 Nov 2000 00:51:09 +0100, Svante Signell writes:
> >> Anyone knows what port 12345TCP is used for and which OSes are
> >> vulnerable?
> 
> > 12345 is NetBus (according to www.snort.org), vulnerable is
> > everything where NetBus runs ;-) eg WinEverything>=95
> 
> > <portscans>
> >> Note: I am on a dial-up connection. For you with fixed network
> >> access, how often do this happen, a few times a day?
> 
> >10-15/week.
> 
> > cheers, &rw
> 
> How can I tell when I am being portscanned?  Is there an appropriate
> selection of Debian packages for this?

As someone else said, you can often see it in your system logs---IF you
have your kernel configured with IP firewalling AND if you have your
firewall definition set to log blocked packets.  For the 2.2 kernel series,
see the ipchains(8) manpage.

The only dedicated software package that I know of for this sort of thing
is PortSentry, at http://www.psionic.com/abacus/portsentry/ (or do a
FreshMeat search), but it's only distributed as a tarball, not as a Debian
package.

Richard

Reply to:

Follow-Ups:
- Re: Port 12345?
  - From: Bill Goudie <bgoudie@mail.com>

References:
- Re: Port 12345?
  - From: Willy Lee <willy2@jps.net>

Prev by Date: Re: OT: port scan
Next by Date: Re: Harddisk controller
Previous by thread: Re: Port 12345?
Next by thread: Re: Port 12345?
Index(es):
- Date
- Thread