Results 1 to 6 of 6

Thread: netbus

  1. #1
    Join Date
    Sep 2002


    I recently installed and configured a netgear router for my computers.I went to a site called PC Flank and had a scan done. The report said everything was stealth except for 12345 which was a popular trojan vulnerability .This was closed but "visible" and therfore presented a risk. I am not sure what I should do about this. I have Zone alarm pro version 3. I went to Google and Zone's technical support but still was confused as what to do? Should I change firewalls?Could someone advise me?. Thanks, Auntie
    For hundreds of years the brain was physically capable of the thoughts of a Galelio or an Aristotle among people who had not yet learned to count to ten. Much of that equipment is still unused and waiting.

  2. #2
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    If I remember correctly, and I'm open to corrections, some AV companies removed Netbus from their definitions because it can be "considered" a remote administraton tool. You can try going to www.agnitum.com and getting TauScan, which will scan your computer for Trojans and remove them
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    If i remember right, closed usually means that the connection was refused (not accepted); however, it was still something that was noticed and you need to identify what caused that to be noticed. First thing you should do is look at your Zone Alarm applications list and see if you can't find what is using that port (if anything), also bring up a dos prompt and type 'netstat -an' and see if port 12345 is listening. You might wanna try FPORT (www.foundstone.com), that will tell you if any programs are listening on that port. The other possible source would be if the linksys you have has a firewall capability, if so, that port is something that is commonly blocked and could cause you to see those results.

    hope that helps,

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Senior Member
    Join Date
    Nov 2001
    if its being read as open but filtered, its usually some firewalling device. If your running norton, it does pick up NetBus.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Aug 2002
    If you have a honey pot program running, such at NukeNabber or TambuUDP Scrambler, they might be listening on port 12345 to 'fool' hackers into thinking its a legit trojan. Make sure its not one of those. Secondly, why not trying another third-party scan, such as Sygate Online Scan?
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  6. #6
    Senior Member
    Join Date
    Dec 2001
    I don't have anything else to say to instead of giving positive AP i'll just say good answer to all !

    Another you might want to try is to telnet to you own computer on port 12345 and it offers you a loggin then you are in infected .
    You could also use a port listenners on that port to see wich application is trying to make use of it.
    assembly.... digital dna ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts