Signature Detail

Short Name	TROJAN:NETBUS:PRO-SERVER-RES
Severity	Medium
Recommended	No
Category	TROJAN
Keywords	netbus
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: NetBus Pro Server Response

This signature detects TCP packets sent from local server port 20034 to a remote port. This can indicate the system is responding to a Netbus Pro user. NetBus Pro, a remote administration tool based on the Trojan NetBus, allows users to access data on remote Microsoft Windows systems. NOTE: NetBus Pro is a legitimate remote administration tool and all actions are visible to the server.

Extended Description

Trojan NetBus Pro enables an attacker to take complete remote control of an infected system.

References

CVE: CVE-1999-0660
URL: http://www.all-internet-security.com/netbus_trojan.html
URL: http://www.juniper.net/security/auto/vulnerabilities/vuln64.html
URL: http://www.windowsecurity.com/pages/article.asp?id=453

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

TROJAN: NetBus Pro Server Response

Extended Description

References