[omniORB] security compromise or sniffer in my computer?

James Riden jamesr@harlequin.co.uk
Tue, 03 Aug 1999 09:13:40 +0100


Teemu,

I think 12345 is the default port of NetBus - in which case whoever
tried connecting is out of luck anyway. (NetBus is a trojan and only
runs on Windows 95/98/NT systems).

This obviously has nothing to do with the omniORB installation.
See http://www.commodon.com/threat/threat-nb.htm for NetBus info and
http://rlz.ne.mediaone.net/linux/ for more general Linux security
issues.

cheers,
 James

At 09:46 AM 8/3/99 +0300, Teemu Vesala wrote:
>
>I installed omniOrb couple days ago, and played around with it for less
>than 3 hours. About day later following message appeared to my logs:
>
>Aug  2 22:47:14 computer kernel: IP fw-in deny ppp0 TCP 195.80.1.171:1156
>XXX.YYY.ZZZ.AAA:12345 L=48 S=0x00 I=56392 F=0x0040 T=113
>
>I began omniNames in 12345 and it's sure that I didn't tell about my Corba
>tests for anyone (but my wife, but she was sleeping;). So is it possible,
>that omniOrb is logging its running somewhere? Outgoing traffic is not
>limited at all, only incoming.
>
>Oh, and my omniOrb installation is 2.7.1 and OS is Linux. 
>
>Sincerly,
>Teemu Vesala
>tv@iwn.fi
>
>
>