Penetration Testing mailing list archives
Strange service on Port 5656
From: "B F" <zaphod_b71 () hotmail com>
Date: Wed, 16 Apr 2003 19:19:26 +0200
Dear PenTesters, while conducting one of those tests this list was made for, I stumbled over a TCP Service on Port 5656. If I netcat on this port the following "banner" is displayed: ",!- When I enter something at this prompt the connection is closed immediately. Nessus detects this service as time server, can anyone confirm/ deny that? If this is no time server did someone see this banner before? The host in question is a SuSE Linux System and has a vulnerable (OpenSSH 2.1.1) SSH daemon running, so maybe this service is part of a rootkit? Thanks in advance for any hints BF _________________________________________________________________Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
---------------------------------------------------------------------------Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test ----------------------------------------------------------------------------
Current thread:
- Strange service on Port 5656 B F (Apr 16)
- Re: Strange service on Port 5656 Craig Holmes (Apr 16)
- Re: Strange service on Port 5656 Neal K. Groothuis (Apr 16)
- <Possible follow-ups>
- Re: Strange service on Port 5656 H Carvey (Apr 17)