|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Can anyone identify this possible backdoor?
From: Greg Owen (gowen-incidents
swynwyr.com)
Date: Fri Aug 22 2003 - 10:18:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Investigating a machine which is spewing SoBig.F and may be compromised,
I'm seeing the following response on port 2001/tcp:
% nc 192.168.5.89 2001
<
> Unrecognized command or Invalid argument received
% nc 192.168.5.89 2001
helo
<helo> Unrecognized command or Invalid argument received
%
Google doesn't uncover anything with that error string, and there are more
possible uses for port 2001 than a dog has fleas. Does anyone recognize
what this listener might be?
I don't have physical access to the box, unfortunately, as that would make
this much easier to ID.
--
gowen -- Greg Owen -- gowen-incidentsswynwyr.com
79A7 4063 96B6 9974 86CA 3BEF 521C 860F 5A93 D66D
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]