Security Incidents mailing list archives
Re: Odd identd behavior
From: Mike Owen <kyphros () gmail com>
Date: Mon, 14 Nov 2005 10:40:00 -0800
On 11/14/05, Christopher E. Cramer <chris.cramer () duke edu> wrote:
Mike, This looks like the output from an FTP server. If I had to guess, I would say that this looks like someone compromised a machine and installed a warez ftp server on the identd port. -c -- Christopher E. Cramer, Ph.D. University Information Technology Security Officer Duke University, Office of Information Technology 334 Blackwell St., Suite 2106, Durham, NC 27701 PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528
You're right, it does look like that. I didn't even think that it might be a standard service running on a different port. I don't own these machines, so I don't really want to connect to these servers to find out if it really is ftp. It does seem likely that they are warez servers. Thanks, Mike
Current thread:
- Odd identd behavior Mike Owen (Nov 14)
- Re: Odd identd behavior Christopher E. Cramer (Nov 14)
- Re: Odd identd behavior kgp (Nov 14)
- Re: Odd identd behavior Mike Owen (Nov 14)
- <Possible follow-ups>
- Re: Odd identd behavior k levinson (Nov 14)
- Re: Odd identd behavior Steve.Cummings (Nov 14)
- RE: Odd identd behavior Levenglick, Jeff (Nov 14)
- Re: Odd identd behavior Brian Smith-Sweeney (Nov 14)
- RE: Odd identd behavior k levinson (Nov 14)
- RE: Odd identd behavior Andrew Simmons (Nov 14)
- RE: Odd identd behavior Levenglick, Jeff (Nov 15)
- Re: Odd identd behavior Mike Owen (Nov 15)
- Re: Odd identd behavior kgp (Nov 15)
- Re: Odd identd behavior Ansgar -59cobalt- Wiechers (Nov 16)
- Re: Odd identd behavior Mike Owen (Nov 15)
- Re: Odd identd behavior Christopher E. Cramer (Nov 14)