What is Port 12345?
by Colin Cohen | Published on August 21, 2024
Port 12345 has been used by a number of malicious backdoor applications, most notably NetBus, to remotely control compromised devices, but the port also has legitimate purposes.
To help you better secure your network, we'll explore what this port is, how to secure it, and how to monitor and troubleshoot it.
What is Port 12345 Used For?
Hackers have often used port 12345 for remotely controlling devices through malware such as NetBus. Other backdoor trojans may use port 12345, including Ashley, GabanBus, and Mypic
Port 12345 can have legitimate purposes, such as for port forwarding in virtual private networks (VPNs) and in internally-facing applications. The port is often used because the number is easy to remember, but the security risks mean it should be handled with care.
How Port 12345 is Used Maliciously
After an attacker has installed NetBus (or another backdoor trojan) on a device (often through some other malware), this device acts as a server. The attacker then, through using the NetBus client (or some other client), controls the compromised device over port 12345.
It should be noted that some versions of NetBus allow attackers to configure which port it uses. Malware that uses port 12345 operates in the application layer of the Open Systems Interconnection (OSI) model.
Industry Use Cases
While port 12345 has been mostly used by malicious parties for remotely controlling compromised devices, organizations can use the port for legitimate purposes. Some will use it for port forwarding in VPNs, while others will use it in internally-facing applications, as the port number is easy to remember and is not used by standard applications.
Best Practices for Securing Port 12345
As exploitation risks associated with port 12345 are high, it’s important to properly secure the port. With the port open, a hacker could run any number of backdoor applications such as NetBus that could give them full control of a device.
If you are using port 12345, such as for port forwarding in VPNs or in internally-facing applications, you should likely limit access to the port to private IP addresses within your organization. But you should probably consider completely blocking it on all your devices, through your routers, switches and firewalls.
Keep in mind that attackers can configure some malware to use a port other than 12345, so this isn't a fool-proof solution.
Disabling and Closing Port 12345
To block port 12345 in Windows, follow these steps:
Open the Firewall Control Panel by running firewall.cpl in a command prompt.
Select Advanced Settings and click Inbound Rules.
Click New Rule under Action.
Select TCP and Specific local ports, and enter 12345.
Under Action, select Block the connection and click Next.
Under Profile, select Domain and Private and click Next.
Under Name, enter a name for the rule and click Finish.
Repeat steps 2 through 7 for Outbound Rules.
Monitoring and Troubleshooting Port 12345
If your organization uses port 12345 for legitimate purposes, such as port forwarding in VPNs, you need to be able to detect whether the port is open on your devices. You also need to know how to troubleshoot conflicts on the port.
To detect whether port 12345 is open on a device, run the following command from a command prompt or terminal:
netstat -aon
Resolving Port 12345 Conflicts
Only one service can listen to port 12345 at a time. If you want to run a service on port 12345 and discover through the netstat command that another service is listening on this port, you will need to disable this other service before you can start your service.
Frequently Asked Questions
The following FAQs answer questions typically asked relating to port 12345. They provide a basic understanding of the port and its uses.
What is TCP Port 12345 Used For?
TCP port 12345 has traditionally been used by hacker tools such as NetBus to remotely control a remote device. Some organizations use the port for legitimate purposes, such as for port forwarding in VPNs and for use in internally-facing applications.
Can Port 12345 Be Exploited?
Yes, port 12345 has a high risk of exploitation, as many backdoor trojans use the port to remotely control devices. Because of this, you should secure the port, following the guidelines detailed in the Best Practices for Securing Port 12345 section.
What Port is uTorrent?
uTorrent can use any free port. This includes port 12345. However, it is recommended that you use a random port between 49160 and 65534.
Conclusion
Port 12345 is commonly associated with hacker tools such as NetBus, which allow malicious third parties to control compromised devices. However, some organizations will use the port for legitimate purposes such as port forwarding and in internally-facing applications.
Due to the high risk of exploitation, it's important for all IT professionals to understand what this port is, how it works, and how to secure it. To learn more about port security, consider taking our Cisco Certified Network Associate (200-301 CCNA) Online Training.
Sign up and try CBT Nuggets free for 7 days.