Mystery service on tcp/205

[Andrew Simmons <andrew.simmons () mis-cds com>]

Hi all,

pen-testing a slightly unusual IIS 5 box. Along with
FTP, HTTP, NNTP (slightly odd... this is a corporate
webserver for the Greek branch of a large transnational
corporation), it's listening on TCP port 205. This is
listed as an unused Appletalk port.

Telnetting to it is most intriguing..:


[andrews@asdfgh andrews]# telnet
foo.bar.123-123-123-123.gr 205
Trying 123.123.123.123...
Connected to foo.bar.123-123-123-123.gr (123.123.123.123).
Escape character is '^]'.
HELP
2,0,Login required
quit
closeogin required
2,0,Login required


It sits there responding "2,0,Login required" to any
input. I've tried all the obvious strings with no
avail. My Linux telnet is seeing only a carriage return
rather than cr/nl pair, presumably because the target's
a Windows machine.

Does anyone have any idea what this could be? I've
Googled, searched the sec-focus archives etc to no avail.


----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html