Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Odd identd behavior

From: k levinson <levinson_k () yahoo com>
Date: Mon, 14 Nov 2005 12:10:50 -0800 (PST)
The problem is, while [as I noted] 220 and 530
messages are valid SMTP responses on TCP 25, they are
not to the best of my knowledge valid IDENT protocol
messages.  Since we're looking at the IDENT protocol
and not SMTP here, I looked at the IDENT RFCs instead
of the one you posted.  

While it is remotely possible that one confused admin
could do something to screw up the ident service in
that manner, it seems unlikely, especially considering
the multiple email servers this is coming from and the
l33t "crew" name.  Banners with the word "crew" are
frequently seen with FTP warez.

regards,

Karl Levinson



-----Original Message-----
From: Levenglick, Jeff

[mailto:JLevenglick () fhlbatl com] 


Ok.... It's a good thing we all read his message...

He said mail server logs....

220 is a valid MAIL server response.  
see http://www.rfc-editor.org/rfc/rfc793.txt   220

<domain> Service

ready

Where did ftp come from?




        
                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: