Smtp

Printable View

June 16th, 2002, 05:42 PM
Surreal

Smtp

I am testing a friends gateway. He has a Cisco 3640 VPN/Firewall and behind that a mail server. The Cisco device looks like this with an nmap scan:

Port State Service
23/tcp open telnet
79/tcp open finger
12345/tcp filtered NetBus
12346/tcp filtered NetBus

Any clues as to where to start??
Thanks
June 16th, 2002, 06:22 PM
trials

Im not quite sure but he has probally got the netbus trojen installed. Any one with the client can getinto it so it is very dangerous because there are alot of scanners that scan for that trojen, Iv it really is your friends computer you should tell him to use a virus or trojen scanner to get rid of it.
June 16th, 2002, 07:13 PM
THE RETRO

trials seems like he's got it but if u connected to this port then he'll most likly need to sort that wall out
to stop ppl doing that in the first place. one other thing is nmap likes to guess what mite be running on ports like 12345 this could be sub7 netbus or one of 100's more ppl like to set this port it's easy to remember.
June 16th, 2002, 09:13 PM
Tedob1

get a trojan cleaner

turn off finger

turn off telnet

unplug all the computers

find somebody that likes bullshiters

and learn to dive a tractor-trailer
June 16th, 2002, 11:22 PM
Wizeman

Your friend must have one hell of a private network to have a $3,000 router. Personally, I think you are an idiot to ask us to help you hack into a site that you full and well know isn't your friends. If it is, then provide some proof.

Also, to clarify the other responses that other people made, just because Netbus ports are open on the router doesn't mean that the system behind the firewall has Netbus. And I would venture to say there is an application they are running that is set to listen on port 12345 and that is why they opened up that port on their router. No network admin would be stupid enough to open up a port on a router without a secured service to go along with that open port.

So in conclusion, don't try to hack computers that don't belong to you, and don't ask stupid questions like, "Can you help me hack this?" Also, this is not a case of Netbus infection, just to let you other posters know, cause the Nmap was done on the network's gateway, not the computer itself, therefore it only shows ports that the administrator has decided to open and forward to internal computers.

Regards,
Wizeman
June 16th, 2002, 11:40 PM
gamemaster6502

I'm sorry, but this thread sounds a little suspicous if you know what I mean. I seriously doubt someone would have a $4000 router just lying around. And no serious computer users with a Cisco 3640 CPN/Firewall would have the netbus trojan installed.
June 19th, 2002, 12:59 AM
Tedob1

exacty, spends big bucks on security then has plain old telnet running then to help everyone find out more about the users on the network includes a finger service. about as believable as a chain letter.
June 19th, 2002, 04:10 AM
silentstalker

I agree with both of you. And why would a friend want you to test it? Why would he buy such an expensive router and not know at least how to scan for trojans? I've seen more realistic Fairy Talls...

Silentstalker