Code: p11 Severity: Warning
Description: This warning may indicate a Netbus backdoor programs are running in your host. NetBus and NetBus Pro are backdoor programs that enable a remote user to gain control over the machine on which the NetBus server is installed. The program itself can be installed under various names and can be configured to listen on any TCP port for NetBus client commands. Some Netbus commands are harmless, annoying activities like opening or closing a CD-rom tray or moving the user's mouse around. Other Netbus commands can be used to redirect TCP output, shutdown Windows, change registry keys, delete files, and many other very harmful activities. Impact: Backdoor programs like Netbus are advertised as simple remote management tools, but they represent a serious threat to your environment since they are designed to subvert the normal security measures provided by the host machine. All NetBus activity should be considered hostile and should be investigated immediately. Corrective: Immediately turn on the Kill action for this decode. Note the Source and Destination addresses and have the NetBus or NetBus Pro program removed from the machine where it is running.
|
