Loading...
NetBus / NetBuster
Port 12345 is strongly associated with the NetBus remote administration tool, which is widely known as a backdoor Trojan horse. It was originally designed for legitimate remote control but was quickly adopted by malicious actors for unauthorized access and control over infected machines. Additionally, this port has seen use by NetBuster, a NetBus honeypot tool, and is sometimes used by certain networked games such as Little Fighter 2..
Port 12345 historically became infamous due to its association with NetBus, a Windows-based remote administration tool released in the late 1990s. The software includes a server component, which runs on the target machine and listens by default on TCP port 12345, awaiting connections from the client's control software. The tool allows remote interaction, screen control, file system access, keystroke logging, and more, making it both a potent utility and a dangerous Trojan horse if deployed surreptitiously.
Unlike legitimate administration software like VNC or RDP, NetBus was widely abused as a backdoor, often installed unknowingly to the victim, giving attackers unfettered access without explicit permission. Because of its default port, 12345 became synonymous with suspicious or malicious remote access activity.
In response, some security researchers developed tools such as NetBuster, which acts as a honeypot by simulating a NetBus server on port 12345, to catch or log intrusion attempts. The port also has incidental, benign uses, notably by the game Little Fighter 2. However, these are far less common and the port typically raises red flags in network security contexts.