Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 1975 rogue service

From: "Christopher E. Cramer" <chris.cramer () duke edu>
Date: Thu, 31 Oct 2002 17:00:28 -0500 (EST)

That's an FTP server running on a odd port.  Most likely the machine was 
cracked via some other mechanism (MS-SQL, poor passwords, IIS, etc) and 
had the FTP server installed in order to distribute copyrighted movies, 
music, etc.

-chris

--
Christopher E. Cramer, Ph.D.
University Information Technology Security Officer
Duke University,  Office of Information Technology
253A North Building, Box 90132, Durham, NC  27708-0291
PH: 919-660-7003  FAX: 919-660-7076  CELL: 919-210-0528
PGP Public Key: http://www.duke.edu/~cramer/cramer.pgp

On 31 Oct 2002, WIlliam Kintz wrote:




I have discovered a rogue service of some sort running
on Port 1975 on one of my Win2000 boxes. Connecting to
this port via a telnet gives me the below output.
Anyone have any idea what this is?

TIA,

William J Kintz, CISSP, CCNA

<begin screen capture>

220-A Fire_Fly_808 Production
220-
220-
220-
220-     
°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_
,°ñ&#9617;`&#9617;ñ°
220-
220-             [ server time is 15:35:37  ]
220-             [ server date is Thursday 31 October,
2002  ]
220-             [ you are connecting from: XX.XX.XX.XX  ]
220-
220-     
°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_
,°ñ&#9617;`&#9617;ñ°
220-
220-             [ server stats  ]
220-             [ pubstro uptime: 4 Days, 13 Hours, 4
Mins  ]
220-             [ leechers 0ver the last 24 hours: 1699  ]
220-             [ leechers logged in: 1783  ]
220-             [ current leechers: 2  ]
220-             [ kb leeched: 11550405 kb/s  ]
220-             [ kb filled: 4438567 kb/s  ]
220-             [ hdd freespace: 768.62 kb  ]
220-             [ Average Bandwith used: 40.719  ]
220-             [ Current Bandwith in use: 16.500  ]
220-
220      
°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;_&#9557;,°ñ&#9617;`&#9617;ñ°,&#9557;&#9557;
,°ñ&#9617;`&#9617;ñ°





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: