Educause Security Discussion mailing list archives

Port 65531 Remote Command Prompt

From: David Taylor <ltr () ISC UPENN EDU>
Date: Tue, 31 Aug 2004 15:42:18 -0400

Hi All,

We have been seeing some of the systems on our campus listening on port
65531 which returns a Windows Command Prompt banner:

Grabbing the banner from the port below returns:
TCP ports: 65531


TCP 65531:
[Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000
Microsoft Corp. C:\WINNT\system
32> C:\WINNT\system32> C:\WINNT\system32>]

Has anyone else been finding this on their networks?

======================================================
David Taylor    // Sr. Information Security Specialist
Information Systems & Computing //Information Security
University of Pennsylvania      // Philadelphia PA USA
LTR () ISC UPENN EDU                       (215) 898-1236
http://www.upenn.edu/computing/security
======================================================

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Port 65531 Remote Command Prompt David Taylor (Aug 31)
- <Possible follow-ups>
- Re: Port 65531 Remote Command Prompt Cam Beasley, ISO (Aug 31)
- Re: Port 65531 Remote Command Prompt Michael Mills (Aug 31)