thought i'd post this i would like to get an over view of what you people here at AO would do.
I'm running a fire wall which has recently recorded a couple of inbound tcp connection attemps.
Using tds3 i did an interigation of the recorded ip address and found that netbus was running on port 12345. Within tds3 you have a tcp connect utility, so i made a connection to port 12345 on the remote machine this showed me netbus 1.7x password protected. Now within tds3 you have the ability to disinfect the remote machine. However that would require nowing the password.
The question i would like to ask is what people here would do with this information, crack the password and disinfect, report to the network abuse department ? whatever?