Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd identd behavior

from [k levinson] Network Security [Permanent Link]
Subject: RE: Odd identd behavior
Date: Mon, 14 Nov 2005 12:10:50 -0800 (PST) 
The problem is, while [as I noted] 220 and 530
messages are valid SMTP responses on TCP 25, they are
not to the best of my knowledge valid IDENT protocol
messages.  Since we're looking at the IDENT protocol
and not SMTP here, I looked at the IDENT RFCs instead
of the one you posted.  

While it is remotely possible that one confused admin
could do something to screw up the ident service in
that manner, it seems unlikely, especially considering
the multiple email servers this is coming from and the
l33t "crew" name.  Banners with the word "crew" are
frequently seen with FTP warez.

regards,

Karl Levinson



-----Original Message-----
From: Levenglick, Jeff

[mailto:JLevenglick@fhlbatl.com] 


Ok.... It's a good thing we all read his message...

He said mail server logs....

220 is a valid MAIL server response.  
see http://www.rfc-editor.org/rfc/rfc793.txt   220

<domain> Service

ready

Where did ftp come from?




        
                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Odd identd behavior, Levenglick, Jeff
Next by Date:  Re: Odd identd behavior, Brian Smith-Sweeney
Previous by Thread:  Re: Odd identd behavior, Brian Smith-Sweeney
Next by Thread:  RE: Odd identd behavior, Andrew Simmons
Indexes:  [Date] [Thread] [Top] [All Lists]