The Broadband Guide
SG
search advanced

Port 12345 Details


known port assignments and vulnerabilities
threat/application/port search:
 search
Port(s) Protocol Service Details Source
12345 tcp NetBus Because of the common sequence of numbers "1 2 3 4 5" this port is commonly chosen when configuring programs, or as default port number.

Cubeworld Server uses port 12345 (TCP/UDP)

opendkim default port (may also use ports 8891,54321)

Tailscale (WireGuard-based open source app for secure private networks) uses port 12345


Some trojan horses/backdoors use this port: Ashley, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus Trojan, Pie Bill Gates, Whack Job, X-bill, ValvNet, TMListen, cron/crontab, Adoresshd.


Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551.

The Trend Micro OfficeScan uses port 12345. Client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References: [CVE-2000-0204] [BID-1013]

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
References: [CVE-2017-7730]

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
References: [CVE-2018-16224]

The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957]
SG
12345 tcp,udp NetBus - remote administration tool (often Trojan horse). Also used by NetBuster. Little Fighter 2 (TCP). (unofficial) Wikipedia
12345 tcp trojan Ashley, BlueIce 2000, Mypic , NetBus , Pie Bill Gates, Q-taz , Sensive, Snape, Vagr Nocker, ValvNet , Whack Job Trojans
12345 udp trojan BlueIce 2000 Trojans
12345 tcp NetBus [trojan] NetBus SANS
12345 tcp NetBus [trojan] NetBus backdoor trojan SANS
12345 tcp netbus NetBus backdoor trojan or Trend Micro Office Scan Nmap
12345 tcp Adoresshd [trojan] Adore sshd Neophasis
12345 tcp Ashley [trojan] Ashley Neophasis
12345 tcp cron/crontab [trojan] cron / crontab Neophasis
12345 tcp FatBitchtrojan [trojan] Fat Bitch trojan Neophasis
12345 tcp GabanBus [trojan] GabanBus Neophasis
12345 tcp icmp_client.c [trojan] icmp_client.c Neophasis
12345 tcp icmp_pipe.c [trojan] icmp_pipe.c Neophasis
12345 tcp Mypic [trojan] Mypic Neophasis
12345 tcp NetBusToy [trojan] NetBus Toy Neophasis
12345 tcp NetBusworm [trojan] NetBus worm Neophasis
12345 tcp PieBillGates [trojan] Pie Bill Gates Neophasis
12345 tcp TMListen TrendMicro OfficeScan TMListen Neophasis
12345 tcp ValvNet [trojan] ValvNet Neophasis
12345 tcp WhackJob [trojan] Whack Job Neophasis
12345 tcp X-bill [trojan] X-bill Neophasis
12345 tcp,udp threat Amitis Bekkoame
12345 tcp,udp threat Ashley Bekkoame
12345 tcp,udp threat cron / crontab Bekkoame
12345 tcp,udp threat Fat Bitch trojan Bekkoame
12345 tcp,udp threat GabanBus Bekkoame
12345 tcp,udp threat icmp_client.c Bekkoame
12345 tcp,udp threat icmp_pipe.c Bekkoame
12345 tcp,udp threat Mypic Bekkoame
12345 tcp,udp threat NetBus Bekkoame
12345 tcp,udp threat NetBus Toy Bekkoame
12345 tcp,udp threat NetBus worm Bekkoame
12345 tcp,udp threat Notice how this port is the sequence of numbers "1 2 3 4 5". This is common chosen whenever somebody is asked to configure a port number. It is likewise chosen by programmers when creating default port numbers for their products. One very famous such uses is with NetBus. Trend Micro's OfficeScan products use this port. Bekkoame
12345 tcp,udp threat Pie Bill Gates Bekkoame
12345 tcp,udp threat Whack Job Bekkoame
12345 tcp,udp threat X-bill Bekkoame
12345 tcp,udp italk Italk Chat System IANA
38 records found
jump to:
 go
previous next

Related ports: 27  551  2547  7823  8891  12346  20034  22306  54321  56789  

« back to SG Ports


External Resources
SANS ISC: port 12345

Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

Please use the "Add Comment" button below to provide additional information or comments about port 12345.
  User Reviews/Comments:
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About