Strange service on Port 5656

["B F" <zaphod_b71 () hotmail com>]

Dear PenTesters,

while conducting one of those tests this list was made
for, I stumbled over a TCP Service on Port 5656. If I
netcat on this port the following "banner" is displayed:
",!-

When I enter something at this prompt the
connection is closed immediately. Nessus detects this
service as time server, can anyone confirm/ deny that?
If this is no time server did someone see this banner
before? The host in question is a SuSE Linux System and
has a vulnerable (OpenSSH 2.1.1) SSH daemon running,
so maybe this service is part of a rootkit?

Thanks in advance for any hints
BF





_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-pen-test 
----------------------------------------------------------------------------