Re: weird bug found

[drgenius () WORLDONLINE NL (drgenius)]

Mark Collins wrote:

> It could also be a reassigned port...
>
> some sysadmins (like me) change the port numbers of anything which could be
> used for exploits (telnet, ftp, ssh) which the standard users don't need to
> use (so having an http daemon on port 6667 would be a bad idea).
>
> DALnet also uses Port 7000 as the default port, but I don't know of any
> other IRC networks which recommend this as the default port.
>
> Easiest way to find out what it is is to telnet to it and try a few random
> commands.
>
> ====
> Mark Collins (aka Nurgle)
> WWW: http://www.thisisnurgle.org.uk
> email: me () thisisnurgle org uk
> Phone: +44 (0)7720 703 073
>
> -----Original Message-----
> From: Jonathan <jonathan () WOAF NET>
> To: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM>
> Date: 13 June 2000 14:28
> Subject: Re: weird bug found
>
> > "Robert G. Ferrell" wrote:
> > > > I was playing a bit on the internet and i found a open port 7001
> > >
> > > My ports database says 7001/tcp and 7001/udp are used by the
> 'afs3-callback'
> > > service, described as "callbacks to cache managers."
> >
> > It's also used as an IRC port by some IRC networks.
> >
> > --
> > Jonathan Oddy
> > Woaf Tech
> > jonathan () woaf net

it seems to be a cybase port or something.......

it doesn't look like a backdoor to me, it should be better than this crappy
one (if so one).
its not an irc service either, that one will not give me a prompt with
"pwsars>" ;)

it says "PWS registration system", i noticed that some studentdatabases use
registrations systems to update passwords and all...

the first thing i tried was select * from blabla....
thats why i found the "*" to gimme dirlistings.

untill now i can still not use it btw..., i notified the company which uses
this WEIRD-buggy-registration system.
i'll keep on searching for the true intensions of this port 7001 ;))

grtz,
Marco
------------------
Marco van Berkum
m.v.berkum () obit nl
------------------