12346 open port

Doug
Doug Member Posts: 3
Name Dropper First Comment
edited January 11, 2020 in Devices & Security #1
I bought Tenda branded powerline adapters to get a wired connection to a new PC. Running a Fing scan I've found that there is an open port, 12346 Netbus backdoor trojan. This sounds worrying - is it?
Tagged:

Best Answers

Answers

  • Marc
    Marc Moderator, Beta Tester Posts: 3,159
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    edited January 11, 2020 #4
    @Doug on the surface this is worrying.  I can't find any relationship between the port and tenda as a default configuration.  And as far as that port is concerned, lots of Trojans using it etc..  You could try to reset the power line adapter to factory defaults and refresh it or you could just return it if it's not too late.  Another avenue to pursue is to call the adapters support line and see what they say.  Regardless, I would avoid using it till this is cleared up.  The rest of the folks on Fing, care to chime in?  @rooted , @kltaylor thoughts?

    Thats Daphnee, she's a good dog...
  • rooted
    rooted Gulf Coast, USModerator Posts: 898
    250 Likes 500 Comments 50 Answers Third Anniversary
    ✭✭✭✭✭
    #5

    I would contact Tenda and ask them about the open port and what it's for.

    https://www.tendacn.com/us/service/page/technicalsupport.html

    Have you scanned your network externally?

    [Deleted User]
  • Doug
    Doug Member Posts: 3
    Name Dropper First Comment
    #6
    Thanks for quick responses. I've removed the powerline adapters and still have the same open port - rooky error of spotting the port on the same day I installed the adapters (sorry Tenda).
    I'm now progressively powering down other connected devices but have not got to the bottom of it yet. It's showing up as Node-9EBFE9 on my router manager and Fing identifies the manufacturer as Espressif. My router manager won't let me delete it but I have stopped it from connecting to the internet until I figure out what is going on.
    rooted
  • Doug
    Doug Member Posts: 3
    Name Dropper First Comment
    #7
    Thanks @rooted. It is a Cololight Pro-Smart LED panel light that is the source. I've unplugged it and now need to figure out if it is a risk before doing anything else.
  • rooted
    rooted Gulf Coast, USModerator Posts: 898
    250 Likes 500 Comments 50 Answers Third Anniversary
    ✭✭✭✭✭
    #8

    You're welcome, if my post answered your question you can select the option underneath the post.

    [Deleted User]
  • rooted
    rooted Gulf Coast, USModerator Posts: 898
    250 Likes 500 Comments 50 Answers Third Anniversary
    ✭✭✭✭✭
    #9

    Your duckduckgo-fu is better than mine.

  • Marc
    Marc Moderator, Beta Tester Posts: 3,159
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #10
    rooted said:

    Your duckduckgo-fu is better than mine.

       ;)
    Thats Daphnee, she's a good dog...
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #11
    I honestly think @Doug, that you're moving in the right direction.  Shut down anything that's connecting to your network until you find the culprit. If this were me, even with this being a possible false-positive, I would still eliminate it from my network and open a dialog with the manufacturer of said device.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain

Categories