-
June 16th, 2002, 05:42 PM
#1
Member
Smtp
I am testing a friends gateway. He has a Cisco 3640 VPN/Firewall and behind that a mail server. The Cisco device looks like this with an nmap scan:
Port State Service
23/tcp open telnet
79/tcp open finger
12345/tcp filtered NetBus
12346/tcp filtered NetBus
Any clues as to where to start??
Thanks
-
June 16th, 2002, 06:22 PM
#2
Member
Im not quite sure but he has probally got the netbus trojen installed. Any one with the client can getinto it so it is very dangerous because there are alot of scanners that scan for that trojen, Iv it really is your friends computer you should tell him to use a virus or trojen scanner to get rid of it.
If its not broken it can still be inproved.
-
June 16th, 2002, 07:13 PM
#3
Junior Member
trials seems like he's got it but if u connected to this port then he'll most likly need to sort that wall out
to stop ppl doing that in the first place. one other thing is nmap likes to guess what mite be running on ports like 12345 this could be sub7 netbus or one of 100's more ppl like to set this port it's easy to remember.
-
June 16th, 2002, 09:13 PM
#4
get a trojan cleaner
turn off finger
turn off telnet
unplug all the computers
find somebody that likes bullshiters
and learn to dive a tractor-trailer
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 16th, 2002, 11:22 PM
#5
Your friend must have one hell of a private network to have a $3,000 router. Personally, I think you are an idiot to ask us to help you hack into a site that you full and well know isn't your friends. If it is, then provide some proof.
Also, to clarify the other responses that other people made, just because Netbus ports are open on the router doesn't mean that the system behind the firewall has Netbus. And I would venture to say there is an application they are running that is set to listen on port 12345 and that is why they opened up that port on their router. No network admin would be stupid enough to open up a port on a router without a secured service to go along with that open port.
So in conclusion, don't try to hack computers that don't belong to you, and don't ask stupid questions like, "Can you help me hack this?" Also, this is not a case of Netbus infection, just to let you other posters know, cause the Nmap was done on the network's gateway, not the computer itself, therefore it only shows ports that the administrator has decided to open and forward to internal computers.
Regards,
Wizeman
\"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me
-
June 16th, 2002, 11:40 PM
#6
Senior Member
I'm sorry, but this thread sounds a little suspicous if you know what I mean. I seriously doubt someone would have a $4000 router just lying around. And no serious computer users with a Cisco 3640 CPN/Firewall would have the netbus trojan installed.
-
June 19th, 2002, 12:59 AM
#7
exacty, spends big bucks on security then has plain old telnet running then to help everyone find out more about the users on the network includes a finger service. about as believable as a chain letter.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 19th, 2002, 04:10 AM
#8
I agree with both of you. And why would a friend want you to test it? Why would he buy such an expensive router and not know at least how to scan for trojans? I've seen more realistic Fairy Talls...
Silentstalker
-{[ Joe ]}- (Joe@nitesecurity.com)
http://www.nitesecurity.com
[shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|