NetSphere FTP port
------------

CVE: 
CAN-1999-0660


Details:
A NetSphere backdoor server FTP port has been found on the target system 
running on TCP port 30101. This port will generally be found along with the 
NetSphere backdoor server itself running on TCP port 30100. The NetSphere 
backdoor server allows a remote user to take near complete control of the 
target system. The NetSphere v1.30 backdoor server is known to run on 
Windows 95, Windows 98, and Windows Millenium edition. The presence of this 
backdoor means that the system has been compromised. A restore from backups 
(make sure NetSphere does not exist in the backup copy) or a complete 
reinstall of the Operating System is in order. See the documentation for 
the NetSphere backdoor server also found on TCP port 30100 for version 
specific information.


Fix:
See the documentation for the NetSphere backdoor server also found on TCP port 
30100 for version specific fix information. 


Related URLs:
http://www.xploiter.com/security/netsphere.shtml


$Id: netsphere-ftp,v 1.3 2001/07/03 16:14:49 ccoffin Exp $

