Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Fw: Port 1975 rogue service

From: "Dean Farrington" <dean () minas-anor com>
Date: Fri, 1 Nov 2002 10:05:56 -0700
Pubstro (note the term Pubstro Uptime in the readout) is a term used by the
Warez
underground. What you have is an FTP server running on a non standard port
to avoid
detection.
Here is a reference: http://www.esec.dk/pubstro.pdf

This box has most likely been compromised and is being used to distribute
pirated material. Nice that they give you counts of how many people have
logged on and the amount of downloads.

Hope this helps

Dean

-----Original Message-----
From: WIlliam Kintz [mailto:bkintz () smtp aed org]
Sent: Thursday, October 31, 2002 1:20 PM
To: incidents () securityfocus com
Subject: Port 1975 rogue service




I have discovered a rogue service of some sort running
on Port 1975 on one of my Win2000 boxes. Connecting to
this port via a telnet gives me the below output.
Anyone have any idea what this is?

TIA,

William J Kintz, CISSP, CCNA

<begin screen capture>

220-A Fire_Fly_808 Production
220-
220-
220-
220-
°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#
9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617
;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_
,°ñ&#9617;`&#9617;ñ°
220-
220-             [ server time is 15:35:37  ]
220-             [ server date is Thursday 31 October,
2002  ]
220-             [ you are connecting from: XX.XX.XX.XX  ]
220-
220-
°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#
9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617
;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_
,°ñ&#9617;`&#9617;ñ°
220-
220-             [ server stats  ]
220-             [ pubstro uptime: 4 Days, 13 Hours, 4
Mins  ]
220-             [ leechers 0ver the last 24 hours: 1699  ]
220-             [ leechers logged in: 1783  ]
220-             [ current leechers: 2  ]
220-             [ kb leeched: 11550405 kb/s  ]
220-             [ kb filled: 4438567 kb/s  ]
220-             [ hdd freespace: 768.62 kb  ]
220-             [ Average Bandwith used: 40.719  ]
220-             [ Current Bandwith in use: 16.500  ]
220-
220
°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#
9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617
;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;&#9557;
,°ñ&#9617;`&#9617;ñ°





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more
information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: