Security Incidents mailing list archives

RE: Port 1975 rogue service

From: "John R. Hillman" <john () ridewide com>
Date: Thu, 31 Oct 2002 16:40:48 -0500

I have discovered a rogue service of some sort running
on Port 1975 on one of my Win2000 boxes. Connecting to
this port via a telnet gives me the below output.
Anyone have any idea what this is?


Go!zilla used to run on port 1975, IIRC.

<snipped>

220-             [ leechers 0ver the last 24 hours: 1699  ]
220-             [ leechers logged in: 1783  ]
220-             [ current leechers: 2  ]
220-             [ kb leeched: 11550405 kb/s  ]
220-             [ kb filled: 4438567 kb/s  ]
220-             [ hdd freespace: 768.62 kb  ]
220-             [ Average Bandwith used: 40.719  ]
220-             [ Current Bandwith in use: 16.500  ]


Leechers, eh?  You're not serving an anonymous warez FTP there are you?  At
least, that was the first thing that sprang to mind.

J


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Port 1975 rogue service WIlliam Kintz (Oct 31)
- RE: Port 1975 rogue service John R. Hillman (Oct 31)
- <Possible follow-ups>
- RE: Port 1975 rogue service Ashcraft, Brian S (Contractor) (Oct 31)