Port 12345: Hacker haven or Internet X-File?
Source: ZDNet
Increased activity on port 12345 could be due to hackers, an antivirus product or something else altogether
Increased activity on TCP port 12345 -- best known as both the NetBus Trojan's default port and the port used for a Trend Micro antivirus product -- has the security community arguing as to who is responsible. Is it Trend Micro customers who have yet to patch known vulnerabilities, script kiddies looking for an easy hit, or an Internet X-file?
A recent increase in port scanning activity on the Internet has centred around Transmission Control Protocol (TCP) port 12345.
Webopedia.com defines port scanning as the act of systematically scanning a computer's ports -- places where information enters and exits a computer. While port scanning has legitimate uses in managing networks, it can also be malicious in nature, if someone is looking for a weakened access point to break into another computer.
Port 12345 is best known as the default of NetBus, a Trojan developed years ago, that allows a hacker to access data and gain control over some functions on a remote computer system.