Netbus, what would you do.
Hi Guys,
thought i'd post this i would like to get an over view of what you people here at AO would do.
I'm running a fire wall which has recently recorded a couple of inbound tcp connection attemps.
Using tds3 i did an interigation of the recorded ip address and found that netbus was running on port 12345. Within tds3 you have a tcp connect utility, so i made a connection to port 12345 on the remote machine this showed me netbus 1.7x password protected. Now within tds3 you have the ability to disinfect the remote machine. However that would require nowing the password.
The question i would like to ask is what people here would do with this information, crack the password and disinfect, report to the network abuse department ? whatever?
Re: Netbus, what would you do.
Quote:
Originally posted here by jinxy
I'm running a fire wall which has recently recorded a couple of inbound tcp connection attemps.
Using tds3 i did an interigation of the recorded ip address and found that netbus was running on port 12345.
And you also said you were scanned for a netbus server? So his connection tried to hit you on port 12345?
NetBus is not a virus it is a trojan. There are actually 2 programs associated with netbus a client and a server.
Unless somehow NetBus has been incorporated into a new virus which I doubt since every antivirus program has 1.7 in its sigs for quite a few years.
You have no right to disinfect as you say but I do not think you can even do this. It would be the same as brute forcing a remote password so I hope you have several super computers and a few years. Not only that but I know people who use netbus as there remote administration. This was a few years ago. Netbus was actually one of the pioneers of remote administration. So the guy may be using it on purpose.
Or the guy could be infected and the 'evil' user is scanning for other netbus servers from the clinet to hide his true ip. Either way you cant go into someones computer without there consent.