Security Incidents mailing list archives

Re: Port 1975 rogue service

From: H C <keydet89 () yahoo com>
Date: Thu, 31 Oct 2002 13:56:48 -0800 (PST)

Willian,

...and the reason you haven't used fport.exe (from
Foundstone) to get more information on this rogue
service is....what, exactly?  

I mean, after all, you ARE a CISSP.  When I had the
cert, there wasn't anything in the
troubleshooting/investigation methodology that said,
"give it to someone else to figure out".


--- WIlliam Kintz <bkintz () smtp aed org> wrote:



I have discovered a rogue service of some sort
running
on Port 1975 on one of my Win2000 boxes. Connecting
to
this port via a telnet gives me the below output.
Anyone have any idea what this is?

TIA,

William J Kintz, CISSP, CCNA

<begin screen capture>

220-A Fire_Fly_808 Production
220-
220-
220-
220-

°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_

,°ñ?`?ñ°
220-
220-             [ server time is 15:35:37  ]
220-             [ server date is Thursday 31
October,
2002  ]
220-             [ you are connecting from:
XX.XX.XX.XX  ]
220-
220-

°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_

,°ñ?`?ñ°
220-
220-             [ server stats  ]
220-             [ pubstro uptime: 4 Days, 13 Hours,
4
Mins  ]
220-             [ leechers 0ver the last 24 hours:
1699  ]
220-             [ leechers logged in: 1783  ]
220-             [ current leechers: 2  ]
220-             [ kb leeched: 11550405 kb/s  ]
220-             [ kb filled: 4438567 kb/s  ]
220-             [ hdd freespace: 768.62 kb  ]
220-             [ Average Bandwith used: 40.719  ]
220-             [ Current Bandwith in use: 16.500 
]
220-
220

°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,?_?,°ñ?`?ñ°,??

,°ñ?`?ñ°

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management 
and tracking system please see:
http://aris.securityfocus.com



__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: Port 1975 rogue service H C (Oct 31)
- <Possible follow-ups>
- Re: Port 1975 rogue service Christopher E. Cramer (Oct 31)
- Fw: Port 1975 rogue service Dean Farrington (Nov 02)
- Re: Port 1975 rogue service Steven M. Christey (Nov 02)
  - RE: Port 1975 rogue service Stacy Olivas (Nov 04)
- Re: Port 1975 rogue service H C (Nov 05)