|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Odd identd behavior
From: Mike Owen (kyphros
gmail.com)
Date: Mon Nov 14 2005 - 12:40:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 11/14/05, Christopher E. Cramer <chris.cramerduke.edu> wrote:
>
> Mike,
>
> This looks like the output from an FTP server. If I had to guess, I would
> say that this looks like someone compromised a machine and installed a
> warez ftp server on the identd port.
>
> -c
>
> --
> Christopher E. Cramer, Ph.D.
> University Information Technology Security Officer
> Duke University, Office of Information Technology
> 334 Blackwell St., Suite 2106, Durham, NC 27701
> PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528
>
You're right, it does look like that. I didn't even think that it
might be a standard service running on a different port.
I don't own these machines, so I don't really want to connect to these
servers to find out if it really is ftp. It does seem likely that they
are warez servers.
Thanks,
Mike
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]